Windows Analysis Report
SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Analysis ID:	1417615
MD5:	dbb69ee00786bed3e12a04518e0f469a
SHA1:	40a82d88b06e6be8ba82fab34b4a29305466202a
SHA256:	dbc32537a29f5eba5406aa3f2ae409eb52ea904e76c19a74bfb480a8c8c63d69
Tags:	exe
Infos:

Detection

Score:	34
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Compliance

Score:	35
Range:	0 - 100

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to register a low level keyboard hook

Found direct / indirect Syscall (likely to bypass EDR)

Installs a global event hook (focus changed)

Tries to harvest and steal browser information (history, passwords, etc)

Writes many files with high entropy

Adds / modifies Windows certificates

Binary contains a suspicious time stamp

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a process as a different user

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

EXE planting / hijacking vulnerabilities found

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches the installation path of Mozilla Firefox

Stores large binary data to the registry

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	ReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Virustotal: Detection: 43%			Perma Link

Cryptography

Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_e4d5cbb3-8

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191858040.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191858956.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329191920.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191955376.log	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\license.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\aria.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\background_worker.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\command_line.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\prompt.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\webpage_content_reporter.js.LICENSE.txt

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000002.2287318786.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2287730492.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D95000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000D.00000000.2625467719.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000D.00000002.2912907901.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628685156.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2927392639.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &NoreCommonProxyStub.pdb` source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000131000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000131000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000971000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000131000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000014.00000002.2851904218.00007FF7F8645000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000014.00000000.2730619162.00007FF7F8645000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: .exe.pdb source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: oreCommonProxyStub.pdb source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .dll.pdbbC:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization.pdb` source: opera.exe, 00000015.00000002.2788927719.000060840027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: oreCommonProxyStub.pdb8 source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: elbase.pdb` source: opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: `ser.dll.pdbREG_SZ source: opera.exe, 00000015.00000002.2788927719.000060840027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: 4D0E03503C68E569FAA6DC931.pdb source: opera.exe, 00000015.00000002.2787828487.0000608400258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000002.2287318786.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2287730492.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D95000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000015.00000000.2733582758.00007FF69A9C0000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000015.00000002.2798211012.00007FF69A9C0000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000131000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: a_browser.dll.pdb` source: opera.exe, 00000015.00000002.2787828487.0000608400258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp

Spreading

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	9_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	9_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C69120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	10_2_00C69120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CF9AE2 FindFirstFileExW,	10_2_00CF9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C69120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	11_2_00C69120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CF9AE2 FindFirstFileExW,	11_2_00CF9AE2

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Software Vulnerabilities

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 4x nop then movd mm0, dword ptr [edx]		10_2_00CA9970
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 4x nop then movd mm0, dword ptr [edx]		11_2_00CA9970

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 204.79.197.200 204.79.197.200
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40

Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "favicon_url": "https://www.rambler.ru/favicon.ico", equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "favicon_url": "https://www.yahoo.co.jp/favicon.ico", equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %t www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %\|0www.yahoo.co.jp/favicon.ico equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: -5FD9-449D-BC75-77CA217403AEMT%t www.rambler.ru/favicon.icoMT%tP-6733-479C-9086-7B21A2292DDAMT%t equals www.rambler.ru (Rambler)
Source: OperaGXSetup.exe	String found in binary or memory: hatsapp.com/legal; and c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/l equals www.facebook.com (Facebook)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: search.yahoo.com/favicon.icoMT%\|-8BF3-11E2-9E96-0800200C9A66MT%\|0www.yahoo.co.jp/favicon.icoMT%\| equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.rambler.ru/favicon.icoMT%t equals www.rambler.ru (Rambler)

Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8291
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8297
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8417
Source: OperaGXSetup.exe	String found in binary or memory: http://autoupdate-staging.services.ams.osa/
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2254727628.00000000041F9000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: OperaGXSetup.exe, 00000003.00000002.2876049672.00000000041ED000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.00000000041EE000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedR
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2068606370.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2070277997.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: explorer.exe, 00000011.00000000.2700552070.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.v
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2254727628.00000000041F9000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.dig-
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: OperaGXSetup.exe, 00000003.00000002.2876049672.00000000041ED000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.00000000041EE000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329653768.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000002.2868631396.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2254727628.00000000041F9000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000011.00000000.2707241317.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2068606370.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2070277997.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: explorer.exe, 00000011.00000000.2706420448.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000000.2706461577.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000000.2705925353.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2068606370.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2070277997.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: explorer.exe, 00000011.00000000.2719335016.000000000C8B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.org
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgAbout
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgAcerca
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com0
Source: opera.exe, 00000015.00000002.2773390727.00000243C5AB7000.00000002.00000001.00040000.00000024.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/?q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.spotify.com/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.youtube.com
Source: explorer.exe, 00000011.00000000.2711336676.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/0f0e5f62d66c60ed333aca63dd12b74d89b1197f/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/175c553e1afe06b6eba448d5d51821f3b3200c23/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/1eccff548be9e5afea58974ea48f09611bb0971f/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/2f7d465d32db944b1a50d34569ecc10aa71d7b1b/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/47495671858c844787b75a7b65d83bf0f4daa0b7/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/47ac1e141dfbb826480ad739f82202f33942e3a9/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/5a244c9761df69fd3c6925ff8f639d24e28b1169/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/626b4fd1d224c0f6344647a9049bdade45c11e10/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635441252.000001D885A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7090985e32fa004ea7f01e519549d5bb07e36e57/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7537081f498da9b83d5905e8a6aa77283f222bc3/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7ce8277c35ac7d51701decad652c060741bd7e48/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7d5c2a2d6136fbf166211d5183bf66214a247f31/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/80c7dd8db07f193d40005f1a4c59dbc922d41bbc/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/9972667e4a17fabc1af14d8a388078a2069c5be3/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635441252.000001D885A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/aaa83eac6890a9a6e2273ea51d6f2f2915b1a019/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/cf1b58b29b4efc97d4cd45328f0ab79f541469d4/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d31e12a38bccc4ce61b2fe8e6fd3160ec5191274/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635441252.000001D885A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d62bc2d4349d61e94daa48a5c49b897f6bfcd166/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d7966d331216ef6a7affdecb3ee81600ba5c34d3/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635441252.000001D885A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/e3f47f1911ec0c9b987871ea7bc7da7525594997/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/fd1ad64e991dece2a0e4b2c8d5b45d22d513bd8b/
Source: explorer.exe, 00000011.00000000.2704927087.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/8300
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/8417
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.browser.yandex.ua/suggest/get?part=
Source: explorer.exe, 00000011.00000000.2707241317.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000011.00000000.2704927087.0000000007637000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://appleid.apple.com
Source: explorer.exe, 00000011.00000000.2702026651.00000000035FA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.coml
Source: assistant_installer.exe, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000032A8000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/.opera.comOpera
Source: OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera
Source: OperaGXSetup.exe, 00000003.00000002.2876049672.00000000041ED000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329653768.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2868631396.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79
Source: OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79Y
Source: installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/developernightlyStableinstaller_prefs.jsonNightlyDeveloperNextStabl
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/5e
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071672649.0000000000C54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://browser-notifications.opera.com/api/v1/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://browser-notifications.opera.com/api/v1/333333
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/D
Source: OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/a
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/l
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://config.gx.games/v0/config
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/v0/config?utm_campaign=PWN_US_PB4_3742&utm_medium=pa&utm_source=PWNgames&pro
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://config.gx.games/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&chann
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://consent.youtube.com
Source: assistant_installer.exe, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: assistant_installer.exe, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000032A8000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: installer.exe, 0000000E.00000002.2921864598.000001D74CF70000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2919717296.00004A5000238000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000015.00000003.2747900384.00006084002E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: OperaGXSetup.exe, 00000004.00000002.2888087861.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000003.2885355182.000000002C02C000.00000004.00001000.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2288172997.0000000005148000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2921864598.000001D74CF79000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2919717296.00004A5000238000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit--annotation=channel=Stable--annotation=plat=
Source: assistant_installer.exe, 0000000B.00000002.2288172997.0000000005148000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit/
Source: OperaGXSetup.exe, 00000004.00000002.2888935161.000000002C024000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x2e4
Source: assistant_installer.exe, 0000000B.00000002.2288172997.0000000005140000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit1
Source: installer.exe, 0000000E.00000002.2926616195.00004A50002C4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitJP
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000032A8000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitOperaDesktopGX
Source: assistant_installer.exe, 0000000B.00000002.2288172997.0000000005140000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2288172997.0000000005148000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitll$
Source: assistant_installer.exe, 0000000B.00000002.2288172997.0000000005148000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitr
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/SysWOW64
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/Xw
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/appxBundleSipPutSignedDataMsgniuid=Dll-f522-46c3
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/etUrlCache
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/N
Source: OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071672649.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary$
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071672649.0000000000C54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary&
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary(
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary)
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary0
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary8
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarye
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software
Source: OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software3
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwareV
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwarep
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryey.netLMEMP
Source: OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryfU
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryh
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryiW
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryj
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryp
Source: OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarypn
Source: OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryyV
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/4
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/R
Source: OperaGXSetup.exe, 00000003.00000002.2868119126.0000000000C72000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843688988.0000000000C72000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849151827.000000003622A000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: OperaGXSetup.exe, 00000003.00000003.2843688988.0000000000C62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=65442&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/
Source: OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-1/1698947853-custom_partner_cont
Source: OperaGXSetup.exe, 00000003.00000003.2087266746.00000000041FC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/
Source: OperaGXSetup.exe, 00000003.00000003.2322618930.00000000041EE000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant_gx/73.0.3856.382/Opera_GX_assistant_73.0.3856.382_
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087414766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087266746.00000000041EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/107.0.5045.79/win/Opera_GX_107.0.5045.79_Autoupdate_
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2708034650.00004D5400360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/
Source: installer.exe, 0000000D.00000003.2708034650.00004D5400360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/MT6L
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071654247.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/
Source: OperaGXSetup.exe, 00000003.00000003.2071654247.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/C
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/Q
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=a818e77b-17e4-452c-91
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=a818e77b-i
Source: OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/cy
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gaana.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io)
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io/en/education.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io/en/get.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000012.00000002.2766223989.000060EC00288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/
Source: launcher.exe, 00000012.00000002.2766223989.000060EC00288000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/
Source: opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/org.chromium.trace_e
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/288119108
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/292282210
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/292285899
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/309028728
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1959021067.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lamertang.com/4-peali-c1d-eny0-f8i
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/eula/computers
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/privacy
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/privacy.
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009CA000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/terms
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/terms.
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://listen.tidal.com/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://listen.tidal.com/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.tidal.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/at/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/au/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/be/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/bg/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/br/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/by/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ca/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ch/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/cn/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/cz/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/de/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/dk/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/eg/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/es/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/fi/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/fr/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/gb/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/hu/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/id/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/in/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/it/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/jp/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ke/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/kr/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/kz/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ma/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/mx/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/my/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ng/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/nl/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/no/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ph/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/pl/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ro/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/rs/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ru/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/se/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/sg/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/sk/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/th/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/tr/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ua/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/us/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/vn/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/za/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.youtube.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nova.rambler.ru/suggest?v=3&query=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://oauth.play.pl/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://offer.tidal.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://open.spotify.com
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://opera.com/privacy
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/geo?sourceID=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/stpstat?
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009CA000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://policies.google.com/terms;
Source: explorer.exe, 00000011.00000000.2711336676.000000000C460000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/amazon/?q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/search/rambler/?q=
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: OperaGXSetup.exe, 00000003.00000002.2883636587.00000000362D0000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2846781095.0000000036360000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2847065121.00000000362E0000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849151827.000000003622A000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2910949110.00004D54002EC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB4_3742&utm_content=3742_set
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.seznam.cz/?q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.co.jp/search?ei=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/search?ei=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://smolecular.icu/tfg/?src=setupIO
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://soundcloud.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://sourcecode.opera.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://suggest.yandex.com.tr/suggest-opera?part=
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009CA000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://telegram.org/tos/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://translate.yandex.fr/?text=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://translate.yandex.net/main/v2.92.1465389915/i/favicon.ico
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR8R7/KLRL579/?sub1=se
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR8R7/KLRL579/?sub1=setupio&s
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR8R7/KLRL579/?sub1=setupio&sub2=31120
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://twitter.com/en/tos;
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/oauth
Source: explorer.exe, 00000011.00000000.2707241317.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/)s
Source: explorer.exe, 00000011.00000000.2707241317.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.comon
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/baidu?wd=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/bg/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/br/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/cz/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/de/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/en/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/es/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/fi/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/fr/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/hu/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/id/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/it/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/mx/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/nl/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/no/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/pl/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/ro/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/ru/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/se/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/sk/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/sr/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/th/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/tr/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/us/login
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2068606370.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2070277997.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=opera&q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=opera-gx&q=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1960705178.0000000002680000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1961058453.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1962311586.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com..
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/eula/comQnu
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/eula/computers
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000012.00000002.2766223989.000060EC00288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/gx/
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com/privacy
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rambler.ru/favicon.ico
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1960705178.0000000002680000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1961058453.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1962311586.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.seznam.cz/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.so.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.so.com/s?src=lm&ls=sm2561755&lm_extend=ctype:31&q=
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009CA000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.whatsapp.com/legal;
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.yahoo.co.jp/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com.tr/search/?clid=1669559&text=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.fr/search/?clid=2358536&text=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.ua/search/?clid=2358536&text=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/home-static/_/92/929b10d17990e806734f68758ec917ec.png
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/home-static/_/f4/f47b1b3d8194c36ce660324ab55a04fe.png

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_00408643 SetWindowsHookExW 00000002,Function_00008615,00000000,00000000

9_2_00408643

Installs a global event hook (focus changed)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe entropy: 7.99999542145	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\opera_package entropy: 7.99999542145	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package entropy: 7.99594864967	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\default_dark_theme.zip entropy: 7.99758785849	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-dark.zip entropy: 7.99068917764	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-light.zip entropy: 7.99103298049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-dark.zip entropy: 7.99869813049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-light.zip entropy: 7.99851425914	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\img\portfolio_background.e09645c2.webp entropy: 7.99762050423	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\img\welcome_page_coin_logos.0d4e909e.webp entropy: 7.99152249428	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\f650f111a3b890d116f1.woff2 entropy: 7.99099116763	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\default_dark_theme.zip entropy: 7.99758785849	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\browser.js entropy: 7.99201652294	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-dark.zip entropy: 7.99068917764	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\siteprefs.json entropy: 7.99072559961	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-light.zip entropy: 7.99103298049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-dark.zip entropy: 7.99869813049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-light.zip entropy: 7.99851425914	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\img\crypto_wallet_background.34d522e0.webp entropy: 7.99397847277	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\73ea273a72f4aca30ca5.woff2 entropy: 7.99266429164	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\assets\twitch-placeholder@x1.png entropy: 7.99139191957	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\39890742bc957b368704.woff2 entropy: 7.99294636507	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_4152286\classic.png entropy: 7.99067960013	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_812821631\GX_Wallpaper_classic.png entropy: 7.99798626337	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1282861814\GX_Wallpaper_Light_classic.png entropy: 7.99720505853	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1587385142\classic.png entropy: 7.99067960013	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1254482314\GX_Wallpaper_classic.png entropy: 7.99798626337	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_106807459\GX_Wallpaper_Light_classic.png entropy: 7.99720505853	Jump to dropped file

System Summary

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C22770: CreateFileW,DeviceIoControl,GetLastError,

10_2_00C22770

Contains functionality to launch a process as a different user

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C64EE0 SetHandleInformation,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,GetEnvironmentStringsW,FreeEnvironmentStringsW,CreateProcessW,AssignProcessToJobObject,AllowSetForegroundWindow,WaitForSingleObject,

10_2_00C64EE0

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00405750	9_2_00405750
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_0041304B	9_2_0041304B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_0040AD40	9_2_0040AD40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00412910	9_2_00412910
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_004132E3	9_2_004132E3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00412F71	9_2_00412F71
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C50EE0	10_2_00C50EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7B18D	10_2_00C7B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7F1B4	10_2_00C7F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7F782	10_2_00C7F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D3FBCF	10_2_00D3FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CC206C	10_2_00CC206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C0A170	10_2_00C0A170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C722C0	10_2_00C722C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C10290	10_2_00C10290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA8257	10_2_00CA8257
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C76390	10_2_00C76390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C38480	10_2_00C38480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6C460	10_2_00C6C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C54410	10_2_00C54410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D4243A	10_2_00D4243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CDE6D0	10_2_00CDE6D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C107C0	10_2_00C107C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C20746	10_2_00C20746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCC718	10_2_00CCC718
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C54730	10_2_00C54730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C548E0	10_2_00C548E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D5C89C	10_2_00D5C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CB8860	10_2_00CB8860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D40864	10_2_00D40864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C8A9F0	10_2_00C8A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D5C954	10_2_00D5C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA6940	10_2_00CA6940
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C58AC0	10_2_00C58AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D42ACB	10_2_00D42ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAAA50	10_2_00CAAA50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C72B10	10_2_00C72B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA6CB0	10_2_00CA6CB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C16C76	10_2_00C16C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7EDD0	10_2_00C7EDD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA6DE0	10_2_00CA6DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CF6D0E	10_2_00CF6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C58EC0	10_2_00C58EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAAE80	10_2_00CAAE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D64EB6	10_2_00D64EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCAE18	10_2_00CCAE18
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA6F90	10_2_00CA6F90
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C96F50	10_2_00C96F50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA5055	10_2_00CA5055
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCD014	10_2_00CCD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C29180	10_2_00C29180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D41189	10_2_00D41189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CC11A6	10_2_00CC11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D43130	10_2_00D43130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CB7280	10_2_00CB7280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C913D4	10_2_00C913D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C57370	10_2_00C57370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA7330	10_2_00CA7330
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C194D2	10_2_00C194D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C654D0	10_2_00C654D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C894F0	10_2_00C894F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CC9494	10_2_00CC9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCB436	10_2_00CCB436
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CF35F4	10_2_00CF35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAB54D	10_2_00CAB54D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA5540	10_2_00CA5540
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C0F504	10_2_00C0F504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C87520	10_2_00C87520
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAB66D	10_2_00CAB66D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C4D7D0	10_2_00C4D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAB749	10_2_00CAB749
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6D72F	10_2_00C6D72F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA78C0	10_2_00CA78C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6F8B0	10_2_00C6F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCD98E	10_2_00CCD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCB934	10_2_00CCB934
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CABAD5	10_2_00CABAD5
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D43A9D	10_2_00D43A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CADA7D	10_2_00CADA7D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C0DA78	10_2_00C0DA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CB7B40	10_2_00CB7B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D61B41	10_2_00D61B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6FB00	10_2_00C6FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CABCDD	10_2_00CABCDD
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C1BC70	10_2_00C1BC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C95DD0	10_2_00C95DD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C93DE0	10_2_00C93DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CE5D00	10_2_00CE5D00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C65D10	10_2_00C65D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6FD10	10_2_00C6FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA9E80	10_2_00CA9E80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA7EB0	10_2_00CA7EB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C9FE30	10_2_00C9FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C0FFC0	10_2_00C0FFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D3BFB0	10_2_00D3BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C95FB0	10_2_00C95FB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C1DF40	10_2_00C1DF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C77F3A	10_2_00C77F3A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CC206C	11_2_00CC206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CF6D0E	11_2_00CF6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C0A170	11_2_00C0A170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C722C0	11_2_00C722C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C10290	11_2_00C10290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA8257	11_2_00CA8257
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C76390	11_2_00C76390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C38480	11_2_00C38480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6C460	11_2_00C6C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C54410	11_2_00C54410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D4243A	11_2_00D4243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CDE6D0	11_2_00CDE6D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C107C0	11_2_00C107C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C20746	11_2_00C20746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCC718	11_2_00CCC718
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C54730	11_2_00C54730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C548E0	11_2_00C548E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D5C89C	11_2_00D5C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CB8860	11_2_00CB8860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D40864	11_2_00D40864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C8A9F0	11_2_00C8A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D5C954	11_2_00D5C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA6940	11_2_00CA6940
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C58AC0	11_2_00C58AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D42ACB	11_2_00D42ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAAA50	11_2_00CAAA50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C72B10	11_2_00C72B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA6CB0	11_2_00CA6CB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C16C76	11_2_00C16C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7EDD0	11_2_00C7EDD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA6DE0	11_2_00CA6DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C58EC0	11_2_00C58EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C50EE0	11_2_00C50EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAAE80	11_2_00CAAE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D64EB6	11_2_00D64EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCAE18	11_2_00CCAE18
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA6F90	11_2_00CA6F90
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C96F50	11_2_00C96F50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA5055	11_2_00CA5055
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCD014	11_2_00CCD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C29180	11_2_00C29180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7B18D	11_2_00C7B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D41189	11_2_00D41189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CC11A6	11_2_00CC11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7F1B4	11_2_00C7F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D43130	11_2_00D43130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CB7280	11_2_00CB7280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C913D4	11_2_00C913D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C57370	11_2_00C57370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA7330	11_2_00CA7330
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C194D2	11_2_00C194D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C654D0	11_2_00C654D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C894F0	11_2_00C894F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CC9494	11_2_00CC9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCB436	11_2_00CCB436
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CF35F4	11_2_00CF35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAB54D	11_2_00CAB54D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA5540	11_2_00CA5540
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C0F504	11_2_00C0F504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C87520	11_2_00C87520
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAB66D	11_2_00CAB66D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C4D7D0	11_2_00C4D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7F782	11_2_00C7F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAB749	11_2_00CAB749
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6D72F	11_2_00C6D72F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA78C0	11_2_00CA78C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6F8B0	11_2_00C6F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCD98E	11_2_00CCD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCB934	11_2_00CCB934
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CABAD5	11_2_00CABAD5
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D43A9D	11_2_00D43A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CADA7D	11_2_00CADA7D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C0DA78	11_2_00C0DA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D3FBCF	11_2_00D3FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CB7B40	11_2_00CB7B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D61B41	11_2_00D61B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6FB00	11_2_00C6FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CABCDD	11_2_00CABCDD
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C1BC70	11_2_00C1BC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C95DD0	11_2_00C95DD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C93DE0	11_2_00C93DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CE5D00	11_2_00CE5D00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C65D10	11_2_00C65D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6FD10	11_2_00C6FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA9E80	11_2_00CA9E80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA7EB0	11_2_00CA7EB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C9FE30	11_2_00C9FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C0FFC0	11_2_00C0FFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D3BFB0	11_2_00D3BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C95FB0	11_2_00C95FB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C1DF40	11_2_00C1DF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C77F3A	11_2_00C77F3A

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: String function: 004026DC appears 38 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C4B9C0 appears 168 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C01741 appears 414 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C58590 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C41BBC appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C03696 appears 128 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00D57CF8 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C40C44 appears 56 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C4BEC0 appears 281 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C40AA2 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00D542D0 appears 118 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C4BE50 appears 80 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C4C9E0 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00D3A840 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C48B80 appears 56 times

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: installer.exe.6.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: installer.exe.19.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows

PE file contains more sections than normal

Source: opera_crashreporter.exe.6.dr	Static PE information: Number of sections : 13 > 10
Source: libEGL.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: installer.exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: mojo_core.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: opera_autoupdate.exe.6.dr	Static PE information: Number of sections : 14 > 10
Source: opera_elf.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: installer.exe.19.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: win10_share_handler.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: opera.exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: launcher.exe.13.dr	Static PE information: Number of sections : 13 > 10
Source: opera_browser.dll.6.dr	Static PE information: Number of sections : 15 > 10
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: Number of sections : 15 > 10
Source: notification_helper.exe.6.dr	Static PE information: Number of sections : 12 > 10
Source: opera.exe.13.dr	Static PE information: Number of sections : 11 > 10
Source: launcher.exe.6.dr	Static PE information: Number of sections : 13 > 10
Source: dxcompiler.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: opera_gx_splash.exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: installer_helper_64.exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: Number of sections : 15 > 10
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: Number of sections : 15 > 10

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1961058453.000000007FE35000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1959121556.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1960705178.0000000002778000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Searches the installation path of Mozilla Firefox

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Registry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uiamanager.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iertutil.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: twext.dll
Source: C:\Windows\explorer.exe	Section loaded: zipfldr.dll
Source: C:\Windows\explorer.exe	Section loaded: sendmail.dll
Source: C:\Windows\explorer.exe	Section loaded: mydocs.dll
Source: C:\Windows\explorer.exe	Section loaded: acppage.dll
Source: C:\Windows\explorer.exe	Section loaded: sfc.dll
Source: C:\Windows\explorer.exe	Section loaded: msi.dll
Source: C:\Windows\explorer.exe	Section loaded: drprov.dll
Source: C:\Windows\explorer.exe	Section loaded: ntlanman.dll
Source: C:\Windows\explorer.exe	Section loaded: davclnt.dll
Source: C:\Windows\explorer.exe	Section loaded: davhlpr.dll
Source: C:\Windows\explorer.exe	Section loaded: dlnashext.dll
Source: C:\Windows\explorer.exe	Section loaded: playtodevice.dll
Source: C:\Windows\explorer.exe	Section loaded: wpdshext.dll
Source: C:\Windows\explorer.exe	Section loaded: ehstorapi.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: ksuser.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfmp4srcsnk.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: audioses.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: evr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: avrt.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: comppkgsup.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windows.media.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windows.applicationmodel.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: msauddecmft.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: colorcnv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: msdmo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dsreg.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wpnapps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: rmclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: usermgrcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.media.dll

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: sus34.rans.spyw.evad.winEXE@118/1236@0/49

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_00408DD2 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,

9_2_00408DD2

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C2051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		10_2_00C2051B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C2051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		11_2_00C2051B

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_004011FD GetDiskFreeSpaceExW,SendMessageW,

9_2_004011FD

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_0040388A _wtol,_wtol,SHGetSpecialFolderPathW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,CoCreateInstance,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,

9_2_0040388A

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_00401DF5 GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,

9_2_00401DF5

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\mfx_d3d_mutex
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\opera_splash_lock_a7abe095bcfd6dc868442c2e858a30d1
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\oauc_registry_mutex
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

File created: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	ReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Virustotal: Detection: 43%

Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe	String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe	String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process created: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$1043A,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6bb4623c,0x6bb46248,0x6bb46254
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1396 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329191858" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7005000000000000
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x308,0x30c,0x310,0x2d8,0x314,0x6aeb623c,0x6aeb6248,0x6aeb6254
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0xdb4f48,0xdb4f58,0xdb4f64
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=1396 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=a7abe095bcfd6dc868442c2e858a30d1
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe" --version
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --pipeid=oauc_task_piped42b87436846297e467003cba27fe2f4 --version=107.0.5045.79 --producttype --requesttype=automatic --downloaddir="C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B" --installationdatadir="C:\Users\user\AppData\Local\Programs\Opera GX" --operadir="C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79" --installdir="C:\Users\user\AppData\Local\Programs\Opera GX" --user-data-dir="C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" --nometrics --scheduledtask
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=1972 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=2776 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3216 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6e85938fc,0x7ff6e8593908,0x7ff6e8593918
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3356 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4364 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4764 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process created: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$1043A,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6bb4623c,0x6bb46248,0x6bb46254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1396 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329191858" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7005000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x308,0x30c,0x310,0x2d8,0x314,0x6aeb623c,0x6aeb6248,0x6aeb6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=1396 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0xdb4f48,0xdb4f58,0xdb4f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=a7abe095bcfd6dc868442c2e858a30d1
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe" --version
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --pipeid=oauc_task_piped42b87436846297e467003cba27fe2f4 --version=107.0.5045.79 --producttype --requesttype=automatic --downloaddir="C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B" --installationdatadir="C:\Users\user\AppData\Local\Programs\Opera GX" --operadir="C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79" --installdir="C:\Users\user\AppData\Local\Programs\Opera GX" --user-data-dir="C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" --nometrics --scheduledtask
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=1972 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=2776 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3216 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3356 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4364 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4764 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6e85938fc,0x7ff6e8593908,0x7ff6e8593918
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: Opera GX Browser .lnk.13.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk0.13.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk1.13.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk2.13.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File written: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1605735293\persona.ini

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static file information: File size 2182176 > 1048576

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000002.2287318786.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2287730492.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D95000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000D.00000000.2625467719.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000D.00000002.2912907901.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628685156.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2927392639.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &NoreCommonProxyStub.pdb` source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000131000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000131000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000971000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000131000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000014.00000002.2851904218.00007FF7F8645000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000014.00000000.2730619162.00007FF7F8645000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: .exe.pdb source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: oreCommonProxyStub.pdb source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .dll.pdbbC:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization.pdb` source: opera.exe, 00000015.00000002.2788927719.000060840027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: oreCommonProxyStub.pdb8 source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: elbase.pdb` source: opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: `ser.dll.pdbREG_SZ source: opera.exe, 00000015.00000002.2788927719.000060840027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: 4D0E03503C68E569FAA6DC931.pdb source: opera.exe, 00000015.00000002.2787828487.0000608400258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000002.2287318786.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2287730492.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D95000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000015.00000000.2733582758.00007FF69A9C0000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000015.00000002.2798211012.00007FF69A9C0000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000131000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: a_browser.dll.pdb` source: opera.exe, 00000015.00000002.2787828487.0000608400258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: dxil.dll.6.dr

Static PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

9_2_0040239B

PE file contains an invalid checksum

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0x311faa
Source: OperaGXSetup.exe.3.dr	Static PE information: real checksum: 0x36e0d3 should be: 0x36f94c
Source: OperaLib.dll.1.dr	Static PE information: real checksum: 0x0 should be: 0x7f775
Source: is-T2PA3.tmp.1.dr	Static PE information: real checksum: 0x36e0d3 should be: 0x36f94c

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Static PE information: section name: .didata
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: section name: .didata
Source: Opera_installer_2403291818577271396.dll.3.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291818577271396.dll.3.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291818577271396.dll.3.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291818577271396.dll.3.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291818579403276.dll.4.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291818579403276.dll.4.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291818579403276.dll.4.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291818579403276.dll.4.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291818582525068.dll.5.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291818582525068.dll.5.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291818582525068.dll.5.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291818582525068.dll.5.dr	Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.6.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.6.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.6.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.6.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.6.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.6.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.6.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.6.dr	Static PE information: section name: _RDATA
Source: win10_share_handler.dll.6.dr	Static PE information: section name: .00cfg
Source: win10_share_handler.dll.6.dr	Static PE information: section name: .gxfg
Source: win10_share_handler.dll.6.dr	Static PE information: section name: .retplne
Source: win10_share_handler.dll.6.dr	Static PE information: section name: _RDATA
Source: win8_importing.dll.6.dr	Static PE information: section name: .00cfg
Source: win8_importing.dll.6.dr	Static PE information: section name: .gxfg
Source: win8_importing.dll.6.dr	Static PE information: section name: .retplne
Source: win8_importing.dll.6.dr	Static PE information: section name: _RDATA
Source: Opera_installer_240329181858612652.dll.6.dr	Static PE information: section name: .00cfg
Source: Opera_installer_240329181858612652.dll.6.dr	Static PE information: section name: .rodata
Source: Opera_installer_240329181858612652.dll.6.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_240329181858612652.dll.6.dr	Static PE information: section name: malloc_h
Source: mojo_core.dll.6.dr	Static PE information: section name: .00cfg
Source: mojo_core.dll.6.dr	Static PE information: section name: .gxfg
Source: mojo_core.dll.6.dr	Static PE information: section name: .retplne
Source: mojo_core.dll.6.dr	Static PE information: section name: _RDATA
Source: notification_helper.exe.6.dr	Static PE information: section name: .00cfg
Source: notification_helper.exe.6.dr	Static PE information: section name: .gxfg
Source: notification_helper.exe.6.dr	Static PE information: section name: .retplne
Source: notification_helper.exe.6.dr	Static PE information: section name: CPADinfo
Source: notification_helper.exe.6.dr	Static PE information: section name: _RDATA
Source: opera.exe.6.dr	Static PE information: section name: .00cfg
Source: opera.exe.6.dr	Static PE information: section name: .gxfg
Source: opera.exe.6.dr	Static PE information: section name: .retplne
Source: opera.exe.6.dr	Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: .00cfg
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: .gxfg
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: .retplne
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: CPADinfo
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: LZMADEC
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: malloc_h
Source: opera_browser.dll.6.dr	Static PE information: section name: .00cfg
Source: opera_browser.dll.6.dr	Static PE information: section name: .gxfg
Source: opera_browser.dll.6.dr	Static PE information: section name: .retplne
Source: opera_browser.dll.6.dr	Static PE information: section name: .rodata
Source: opera_browser.dll.6.dr	Static PE information: section name: CPADinfo
Source: opera_browser.dll.6.dr	Static PE information: section name: LZMADEC
Source: opera_browser.dll.6.dr	Static PE information: section name: _RDATA
Source: opera_browser.dll.6.dr	Static PE information: section name: malloc_h
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: .00cfg
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: .gxfg
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: .retplne
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: CPADinfo
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: _RDATA
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: malloc_h
Source: opera_elf.dll.6.dr	Static PE information: section name: .00cfg
Source: opera_elf.dll.6.dr	Static PE information: section name: .gxfg
Source: opera_elf.dll.6.dr	Static PE information: section name: .retplne
Source: opera_elf.dll.6.dr	Static PE information: section name: _RDATA
Source: opera_gx_splash.exe.6.dr	Static PE information: section name: .00cfg
Source: opera_gx_splash.exe.6.dr	Static PE information: section name: .gxfg
Source: opera_gx_splash.exe.6.dr	Static PE information: section name: .retplne
Source: opera_gx_splash.exe.6.dr	Static PE information: section name: _RDATA
Source: CUESDK.x64_2017.dll.6.dr	Static PE information: section name: .00cfg
Source: dxcompiler.dll.6.dr	Static PE information: section name: .00cfg
Source: dxcompiler.dll.6.dr	Static PE information: section name: .gxfg
Source: dxcompiler.dll.6.dr	Static PE information: section name: .retplne
Source: dxcompiler.dll.6.dr	Static PE information: section name: _RDATA
Source: dxil.dll.6.dr	Static PE information: section name: _RDATA
Source: installer.exe.6.dr	Static PE information: section name: .00cfg
Source: installer.exe.6.dr	Static PE information: section name: .gxfg
Source: installer.exe.6.dr	Static PE information: section name: .retplne
Source: installer.exe.6.dr	Static PE information: section name: _RDATA
Source: installer_helper_64.exe.6.dr	Static PE information: section name: .00cfg
Source: installer_helper_64.exe.6.dr	Static PE information: section name: .gxfg
Source: installer_helper_64.exe.6.dr	Static PE information: section name: .retplne
Source: installer_helper_64.exe.6.dr	Static PE information: section name: _RDATA
Source: launcher.exe.6.dr	Static PE information: section name: .00cfg
Source: launcher.exe.6.dr	Static PE information: section name: .gxfg
Source: launcher.exe.6.dr	Static PE information: section name: .retplne
Source: launcher.exe.6.dr	Static PE information: section name: LZMADEC
Source: launcher.exe.6.dr	Static PE information: section name: _RDATA
Source: launcher.exe.6.dr	Static PE information: section name: malloc_h
Source: libEGL.dll.6.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.6.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.6.dr	Static PE information: section name: .retplne
Source: libEGL.dll.6.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.6.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.6.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.6.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.6.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291818588244612.dll.7.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291818588244612.dll.7.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291818588244612.dll.7.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291818588244612.dll.7.dr	Static PE information: section name: malloc_h
Source: assistant_installer.exe.9.dr	Static PE information: section name: .00cfg
Source: assistant_installer.exe.9.dr	Static PE information: section name: .voltbl
Source: assistant_installer.exe.9.dr	Static PE information: section name: CPADinfo
Source: browser_assistant.exe.9.dr	Static PE information: section name: .00cfg
Source: browser_assistant.exe.9.dr	Static PE information: section name: .rodata
Source: browser_assistant.exe.9.dr	Static PE information: section name: .voltbl
Source: browser_assistant.exe.9.dr	Static PE information: section name: CPADinfo
Source: mojo_core.dll.9.dr	Static PE information: section name: .00cfg
Source: mojo_core.dll.9.dr	Static PE information: section name: .voltbl
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: malloc_h
Source: opera.exe.13.dr	Static PE information: section name: .00cfg
Source: opera.exe.13.dr	Static PE information: section name: .gxfg
Source: opera.exe.13.dr	Static PE information: section name: .retplne
Source: opera.exe.13.dr	Static PE information: section name: _RDATA
Source: launcher.exe.13.dr	Static PE information: section name: .00cfg
Source: launcher.exe.13.dr	Static PE information: section name: .gxfg
Source: launcher.exe.13.dr	Static PE information: section name: .retplne
Source: launcher.exe.13.dr	Static PE information: section name: LZMADEC
Source: launcher.exe.13.dr	Static PE information: section name: _RDATA
Source: launcher.exe.13.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: malloc_h
Source: installer.exe.19.dr	Static PE information: section name: .00cfg
Source: installer.exe.19.dr	Static PE information: section name: .gxfg
Source: installer.exe.19.dr	Static PE information: section name: .retplne
Source: installer.exe.19.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: malloc_h

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00412C00 push eax; ret	9_2_00412C2E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CACE90 push 89084589h; iretd	10_2_00CACE95
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D3B10C push ecx; ret	10_2_00D3B11F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CACE90 push 89084589h; iretd	11_2_00CACE95
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D3B10C push ecx; ret	11_2_00D3B11F

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291820085812316.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818579403276.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\additional_file0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711736396.old (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818588244612.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_240329181858612652.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Opera_GX_assistant_73.0.3856.382_Setup[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291819551826188.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\is-T2PA3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818582525068.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291819548603504.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	File created: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818577271396.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\opera_package			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191858040.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191858956.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329191920.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191955376.log	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\license.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\aria.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\background_worker.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\command_line.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\prompt.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\webpage_content_reporter.js.LICENSE.txt

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Stores large binary data to the registry

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C6A6D0 rdtsc

10_2_00C6A6D0

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Thread delayed: delay time: 922337203685477

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291819551826188.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291820085812316.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818582525068.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291819548603504.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818579403276.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818577271396.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818588244612.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_240329181858612652.dll	Jump to dropped file

Found evaded block containing many API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Evaded block: after key decision

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	API coverage: 5.8 %
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	API coverage: 5.2 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 5784	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 5784	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe TID: 6628	Thread sleep time: -922337203685477s >= -30000s

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\blob_storage\1e19d893-ff31-4664-bfc4-34501f4bb978 FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Local\Opera Software\Opera GX Stable\System Cache\Cache_Data FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Local\Opera Software\Opera GX Stable\Cache\Cache_Data FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	9_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	9_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C69120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	10_2_00C69120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CF9AE2 FindFirstFileExW,	10_2_00CF9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C69120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	11_2_00C69120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CF9AE2 FindFirstFileExW,	11_2_00CF9AE2

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: explorer.exe, 00000011.00000000.2704927087.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
Source: explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0r
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTcaVMWare
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
Source: explorer.exe, 00000011.00000000.2702026651.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000011.00000000.2702026651.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000011.00000000.2700552070.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
Source: explorer.exe, 00000011.00000000.2704927087.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
Source: explorer.exe, 00000011.00000000.2719335016.000000000C908000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_SATAW
Source: OperaGXSetup.exe, 00000003.00000002.2868119126.0000000000C62000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071672649.0000000000C62000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843688988.0000000000C62000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000011.00000000.2702026651.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000011.00000000.2702026651.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware,p
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Prod_VMware_SATAa
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
Source: explorer.exe, 00000011.00000000.2700552070.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000011.00000000.2704927087.000000000769A000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe

Process information queried: ProcessInformation

Anti Debugging

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C6A6D0 rdtsc

10_2_00C6A6D0

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C66AE0 GetCurrentThread,IsDebuggerPresent,GetCurrentThreadId,__Init_thread_header,GetModuleHandleW,GetProcAddress,

10_2_00C66AE0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

9_2_0040239B

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D597FB mov eax, dword ptr fs:[00000030h]	10_2_00D597FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D47C65 mov eax, dword ptr fs:[00000030h]	10_2_00D47C65
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D597FB mov eax, dword ptr fs:[00000030h]	11_2_00D597FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D47C65 mov eax, dword ptr fs:[00000030h]	11_2_00D47C65

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	10_2_00C7AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CC206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,_strlen,	10_2_00CC206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,	10_2_00C7C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D3A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00D3A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7ACEE GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	10_2_00C7ACEE
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C11C00 SetUnhandledExceptionFilter,	10_2_00C11C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D4BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00D4BE76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CC206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,_strlen,	11_2_00CC206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,	11_2_00C7C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D3A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00D3A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	11_2_00C7AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C11C00 SetUnhandledExceptionFilter,	11_2_00C11C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D4BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00D4BE76

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtQueryAttributesFile: Direct from: 0x76EF2E6C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtCreateMutant: Direct from: 0x76EF35CC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtQueryVolumeInformationFile: Direct from: 0x76EF2F2C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtMapViewOfSection: Direct from: 0x76EF2D1C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtOpenSection: Direct from: 0x76EF2E0C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtDeviceIoControlFile: Direct from: 0x76EF2AEC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtAllocateVirtualMemory: Direct from: 0x76EF2BFC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtAddAtomEx: Direct from: 0x76EF312C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtQueryValueKey: Direct from: 0x76EF2BEC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtSetInformationThread: Direct from: 0x76EF2ECC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtCreateFile: Direct from: 0x76EF2FEC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtOpenFile: Direct from: 0x76EF2DCC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtQueryInformationProcess: Direct from: 0x76EF2C26
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtOpenKeyEx: Direct from: 0x76EF3C9C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtOpenKeyEx: Direct from: 0x76EF2B9C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtClose: Direct from: 0x76EF2B6C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtSetInformationProcess: Direct from: 0x76EF2C5C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtReadVirtualMemory: Direct from: 0x76EF2E8C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtProtectVirtualMemory: Direct from: 0x76EF2F9C

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6bb4623c,0x6bb46248,0x6bb46254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1396 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329191858" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7005000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x308,0x30c,0x310,0x2d8,0x314,0x6aeb623c,0x6aeb6248,0x6aeb6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0xdb4f48,0xdb4f58,0xdb4f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=1972 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=2776 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3216 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3356 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4364 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4764 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6e85938fc,0x7ff6e8593908,0x7ff6e8593918

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_0040247A AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

9_2_0040247A

Source: installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: Cannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd=
Source: installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000D.00000002.2906158946.000001D8874C6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000000.2704546993.0000000004B00000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: OperaGXSetup.exe, installer.exe, 0000000D.00000002.2908402486.000001D88844A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: installer.exe, 0000000D.00000002.2905358133.000001D887438000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager_1
Source: explorer.exe, 00000011.00000000.2700552070.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PProgman
Source: installer.exe, 0000000D.00000002.2903459350.000001D885A78000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Progmant
Source: explorer.exe, 00000011.00000000.2707007143.000000000946C000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndes

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C71220 cpuid

10_2_00C71220

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,	9_2_004021B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: GetLocaleInfoW,	10_2_00D5769C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: GetLocaleInfoW,	11_2_00D5769C

Queries the product ID of Windows

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\installer_prefs_include.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\root_files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\pref_default_overrides VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\installer_prefs_include.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\ab_tests.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\video_conference_popout.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\browser.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\partner_speeddials.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\siteprefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1605735293\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1605735293\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_808861689\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_808861689\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Web\Wallpaper\Windows\img0.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_850653473\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_850653473\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_4152286\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_4152286\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_812821631\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_812821631\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1282861814\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1282861814\GX_Wallpaper_Light_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1458538868\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1458538868\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1587385142\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1587385142\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1254482314\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1254482314\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_106807459\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_106807459\GX_Wallpaper_Light_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\cfb3ebf5-c309-4af9-9fd1-ff20a23468ef.tmp VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\ScriptCache\4cb013792b196a35_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_597946959\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_597946959\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\es\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\es_419\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\history-tags.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\main.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\startpage_test_function.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\targeted_sd_section.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\be\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es_419\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\avatar-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\checkbox.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\close.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\cover-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-arrow.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-logo.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\list-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\no-avatar.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\notification.mp3 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\search.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\settings.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\tile-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x1.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x2.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\common.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\input_styles.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\dummy_steamer_data.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch128.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\template.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\colors.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\preferences.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\sounds.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\stats.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\twitch_api.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\utils.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\volume.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0108e89c9003e8c14ea3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\017c29dbc4d9f1f201e9.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\01ac8450057de556853b.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\02271ec5cb9f5b4588ac.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0246e88ab3b60542f582.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0264fb02c65c7cc33355.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\046461fc1a778fe43d99.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\073b3402d036714b4370.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0c3b8929d377c0e9b2f3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0eebbdfb27d542c486ce.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\13a27524bd914f383b14.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\169.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\172d3529b26f8cedef6b.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1b3b83dac50be6b9c503.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e1c0e29b79b49a6ff4d.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e649c8a03d6232a688c.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\20f389c4120be058d80a.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\211.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\212532323374ae2448ec.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2179f0be6a7943d619de.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2573fae744f00a3822ff.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2960900c4f271311eb36.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2b1d5bea6b59d7df7543.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2d0dbf42750207f78ffa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2e7fc7bc27f14936d460.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2f7bc363fc5424ebda59.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\354501bac435c3264834.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\36c7b8b5ca8e5fb1c18c.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3732873d6bcc644421fa.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\395.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\39890742bc957b368704.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3a99e70aee4076660d38.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3be6ad1b3df0e5831c59.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3d0614224103268f2be7.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3dcbef40ef1b04e21951.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3f07ed67f06c720120ce.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\428978dc7837d46de091.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\44d85d37ca16b0b3a224.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4ad7c7e8bb8d10a34bb7.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c6b94fd1d07f8beff7c.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c761b3711973ab04edf.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4f35fbcc9ee8614c2bcc.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\53d29add4f51cb58cf68.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5571ad00c83ed7c02dfe.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\57f5c1837853986ea1db.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\591.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5adac599c899f8c8e7a5.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b49f4993ae22d7975b4.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b7f1191e76219e1b1a6.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5d1a909f3c0b18e897f0.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5e577791088fdf698fe4.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\60b4a28215d22a7d41a3.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\637f22f6137db0081579.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\651.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\65882ad114b64cb3e4c4.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6912698b643838d06158.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\692d5af8b740a53ced1a.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6d3d25f4820d0da8f01f.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6de7d4b539221a49e9e2.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6e912113b807d9defcf7.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6eec866c69313624be60.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6fdf0ac577be0ba82a4c.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\70eba12308e7984fd14b.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7120b68615ebe4b28075.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\727f6e5002062e656358.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\73ea273a72f4aca30ca5.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7489a2fbfb9bfe704420.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\75bd363a076f7029be1d.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\763c3b026deaf11f0f62.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7947224e8a9914fa332b.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7bce35126a6372258d77.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7be90d1afea9e1266308.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7d393d382f3e7fb1c637.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7e873d3833eb108a0758.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\8169508bf58f8bd92ad8.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\823d989847c2950d3b26.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\828abcb200061cffbaae.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\8303dd9ea54e07b2677d.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\853be92419a6c3766b9a.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\8723f9d7e62d3b67094f.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\doh_providers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00CBCB18 GetVersion,CreateNamedPipeW,

10_2_00CBCB18

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_00401841 ??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLocalTime,SystemTimeToFileTime,??2@YAPAXI@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,

9_2_00401841

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C20746 GetUserNameW,GetNamedSecurityInfoW,GetNamedSecurityInfoW,GetExplicitEntriesFromAclW,CheckTokenMembership,BuildExplicitAccessWithNameW,SetEntriesInAclW,SetEntriesInAclW,LocalFree,LocalFree,LocalFree,LocalFree,SetNamedSecurityInfoW,SetNamedSecurityInfoW,LocalFree,LocalFree,

10_2_00C20746

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00D4F7E2 GetTimeZoneInformation,

10_2_00D4F7E2

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_00405750 ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z,GetVersionExW,GetCommandLineW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetModuleFileNameW,_wtol,??2@YAPAXI@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfW,_wtol,GetCommandLineW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetCurrentProcess,SetProcessWorkingSetSize,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CoInitialize,_wtol,??3@YAXPAX@Z,GetKeyState,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetFileAttributesW,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetCurrentDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,MessageBoxA,

9_2_00405750

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Adds / modifies Windows certificates

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
204.79.197.200	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
54.225.130.57	unknown	United States	14618	AMAZON-AESUS	false
23.61.11.143	unknown	United States	20940	AKAMAI-ASN1EU	false
142.251.163.188	unknown	United States	15169	GOOGLEUS	false
37.228.108.132	unknown	Norway	39832	NO-OPERANO	false
142.251.111.104	unknown	United States	15169	GOOGLEUS	false
82.145.216.15	unknown	United Kingdom	39832	NO-OPERANO	false
172.253.115.147	unknown	United States	15169	GOOGLEUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
107.167.96.30	unknown	United States	53755	IOFLOODUS	false
107.167.96.31	unknown	United States	53755	IOFLOODUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.31.138	unknown	United States	15169	GOOGLEUS	false
142.251.163.119	unknown	United States	15169	GOOGLEUS	false
172.253.63.95	unknown	United States	15169	GOOGLEUS	false
37.228.108.144	unknown	Norway	39832	NO-OPERANO	false
104.45.184.134	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.253.63.102	unknown	United States	15169	GOOGLEUS	false
172.253.122.94	unknown	United States	15169	GOOGLEUS	false
88.208.5.115	unknown	Netherlands	39572	ADVANCEDHOSTERS-ASNL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
107.167.110.218	unknown	United States	21837	OPERASOFTWAREUS	false
107.167.110.216	unknown	United States	21837	OPERASOFTWAREUS	false
23.48.104.107	unknown	United States	20940	AKAMAI-ASN1EU	false
107.167.110.211	unknown	United States	21837	OPERASOFTWAREUS	false
23.61.11.162	unknown	United States	20940	AKAMAI-ASN1EU	false
104.18.7.134	unknown	United States	13335	CLOUDFLARENETUS	false
13.107.21.200	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.16.156	unknown	United States	15169	GOOGLEUS	false
96.6.42.17	unknown	United States	20940	AKAMAI-ASN1EU	false
104.18.8.172	unknown	United States	13335	CLOUDFLARENETUS	false
142.251.167.95	unknown	United States	15169	GOOGLEUS	false
185.26.182.111	unknown	Norway	39832	NO-OPERANO	false
104.18.10.89	unknown	United States	13335	CLOUDFLARENETUS	false
18.160.41.53	unknown	United States	3	MIT-GATEWAYSUS	false
185.26.182.112	unknown	Norway	39832	NO-OPERANO	false
172.64.162.29	unknown	United States	13335	CLOUDFLARENETUS	false
142.251.167.156	unknown	United States	15169	GOOGLEUS	false
104.18.6.134	unknown	United States	13335	CLOUDFLARENETUS	false
192.229.211.108	unknown	United States	15133	EDGECASTUS	false
3.21.115.179	unknown	United States	16509	AMAZON-02US	false
142.251.16.97	unknown	United States	15169	GOOGLEUS	false
104.78.188.21	unknown	United States	16625	AKAMAI-ASUS	false
107.167.125.189	unknown	United States	21837	OPERASOFTWAREUS	false
99.84.191.43	unknown	United States	16509	AMAZON-02US	false
23.222.79.195	unknown	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.5
127.0.0.1

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	ReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Virustotal: Detection: 43%			Perma Link

Cryptography

Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_e4d5cbb3-8

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191858040.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191858956.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329191920.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191955376.log	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\license.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\aria.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\background_worker.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\command_line.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\prompt.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\webpage_content_reporter.js.LICENSE.txt

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000002.2287318786.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2287730492.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D95000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000D.00000000.2625467719.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000D.00000002.2912907901.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628685156.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2927392639.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &NoreCommonProxyStub.pdb` source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000131000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000131000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000971000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000131000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000014.00000002.2851904218.00007FF7F8645000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000014.00000000.2730619162.00007FF7F8645000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: .exe.pdb source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: oreCommonProxyStub.pdb source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .dll.pdbbC:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization.pdb` source: opera.exe, 00000015.00000002.2788927719.000060840027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: oreCommonProxyStub.pdb8 source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: elbase.pdb` source: opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: `ser.dll.pdbREG_SZ source: opera.exe, 00000015.00000002.2788927719.000060840027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: 4D0E03503C68E569FAA6DC931.pdb source: opera.exe, 00000015.00000002.2787828487.0000608400258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000002.2287318786.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2287730492.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D95000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000015.00000000.2733582758.00007FF69A9C0000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000015.00000002.2798211012.00007FF69A9C0000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000131000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: a_browser.dll.pdb` source: opera.exe, 00000015.00000002.2787828487.0000608400258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp

Spreading

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	9_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	9_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C69120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	10_2_00C69120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CF9AE2 FindFirstFileExW,	10_2_00CF9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C69120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	11_2_00C69120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CF9AE2 FindFirstFileExW,	11_2_00CF9AE2

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Software Vulnerabilities

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 4x nop then movd mm0, dword ptr [edx]		10_2_00CA9970
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 4x nop then movd mm0, dword ptr [edx]		11_2_00CA9970

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 204.79.197.200 204.79.197.200
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40

Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "favicon_url": "https://www.rambler.ru/favicon.ico", equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "favicon_url": "https://www.yahoo.co.jp/favicon.ico", equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %t www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %\|0www.yahoo.co.jp/favicon.ico equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: -5FD9-449D-BC75-77CA217403AEMT%t www.rambler.ru/favicon.icoMT%tP-6733-479C-9086-7B21A2292DDAMT%t equals www.rambler.ru (Rambler)
Source: OperaGXSetup.exe	String found in binary or memory: hatsapp.com/legal; and c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/l equals www.facebook.com (Facebook)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: search.yahoo.com/favicon.icoMT%\|-8BF3-11E2-9E96-0800200C9A66MT%\|0www.yahoo.co.jp/favicon.icoMT%\| equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000D.00000002.2909496035.00004D5400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.rambler.ru/favicon.icoMT%t equals www.rambler.ru (Rambler)

Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8291
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8297
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8417
Source: OperaGXSetup.exe	String found in binary or memory: http://autoupdate-staging.services.ams.osa/
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2254727628.00000000041F9000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: OperaGXSetup.exe, 00000003.00000002.2876049672.00000000041ED000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.00000000041EE000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedR
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2068606370.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2070277997.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: explorer.exe, 00000011.00000000.2700552070.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.v
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2254727628.00000000041F9000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.dig-
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: OperaGXSetup.exe, 00000003.00000002.2876049672.00000000041ED000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.00000000041EE000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329653768.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000002.2868631396.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2254727628.00000000041F9000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258206440.0000000036468000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000011.00000000.2707241317.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2068606370.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2070277997.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: explorer.exe, 00000011.00000000.2706420448.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000000.2706461577.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000000.2705925353.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2068606370.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2070277997.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: explorer.exe, 00000011.00000000.2719335016.000000000C8B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2254642691.00000000041F0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2876553319.000000000420E000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000003.00000003.2322618930.000000000420A000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2842408108.000000000420D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.org
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgAbout
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgAcerca
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258300885.000000003634C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2058322710.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000574000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000DB4000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000574000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635989187.000001D885A43000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2913720158.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F9CE000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000013.00000003.2737224538.0000020C10421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com0
Source: opera.exe, 00000015.00000002.2773390727.00000243C5AB7000.00000002.00000001.00040000.00000024.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/?q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.spotify.com/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.youtube.com
Source: explorer.exe, 00000011.00000000.2711336676.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/0f0e5f62d66c60ed333aca63dd12b74d89b1197f/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/175c553e1afe06b6eba448d5d51821f3b3200c23/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/1eccff548be9e5afea58974ea48f09611bb0971f/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/2f7d465d32db944b1a50d34569ecc10aa71d7b1b/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/47495671858c844787b75a7b65d83bf0f4daa0b7/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/47ac1e141dfbb826480ad739f82202f33942e3a9/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/5a244c9761df69fd3c6925ff8f639d24e28b1169/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/626b4fd1d224c0f6344647a9049bdade45c11e10/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635441252.000001D885A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7090985e32fa004ea7f01e519549d5bb07e36e57/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7537081f498da9b83d5905e8a6aa77283f222bc3/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7ce8277c35ac7d51701decad652c060741bd7e48/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7d5c2a2d6136fbf166211d5183bf66214a247f31/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/80c7dd8db07f193d40005f1a4c59dbc922d41bbc/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/9972667e4a17fabc1af14d8a388078a2069c5be3/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635441252.000001D885A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/aaa83eac6890a9a6e2273ea51d6f2f2915b1a019/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/cf1b58b29b4efc97d4cd45328f0ab79f541469d4/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d31e12a38bccc4ce61b2fe8e6fd3160ec5191274/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635441252.000001D885A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d62bc2d4349d61e94daa48a5c49b897f6bfcd166/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d7966d331216ef6a7affdecb3ee81600ba5c34d3/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2635441252.000001D885A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/e3f47f1911ec0c9b987871ea7bc7da7525594997/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/fd1ad64e991dece2a0e4b2c8d5b45d22d513bd8b/
Source: explorer.exe, 00000011.00000000.2704927087.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/8300
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/8417
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.browser.yandex.ua/suggest/get?part=
Source: explorer.exe, 00000011.00000000.2707241317.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000011.00000000.2704927087.0000000007637000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://appleid.apple.com
Source: explorer.exe, 00000011.00000000.2702026651.00000000035FA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.coml
Source: assistant_installer.exe, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000032A8000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/.opera.comOpera
Source: OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera
Source: OperaGXSetup.exe, 00000003.00000002.2876049672.00000000041ED000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329653768.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2868631396.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79
Source: OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79Y
Source: installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/developernightlyStableinstaller_prefs.jsonNightlyDeveloperNextStabl
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/5e
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071672649.0000000000C54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://browser-notifications.opera.com/api/v1/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://browser-notifications.opera.com/api/v1/333333
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/D
Source: OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/a
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/l
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://config.gx.games/v0/config
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/v0/config?utm_campaign=PWN_US_PB4_3742&utm_medium=pa&utm_source=PWNgames&pro
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://config.gx.games/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&chann
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://consent.youtube.com
Source: assistant_installer.exe, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: assistant_installer.exe, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000032A8000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: installer.exe, 0000000E.00000002.2921864598.000001D74CF70000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2919717296.00004A5000238000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000015.00000003.2747900384.00006084002E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: OperaGXSetup.exe, 00000004.00000002.2888087861.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000004.00000003.2885355182.000000002C02C000.00000004.00001000.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2288172997.0000000005148000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2921864598.000001D74CF79000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2919717296.00004A5000238000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit--annotation=channel=Stable--annotation=plat=
Source: assistant_installer.exe, 0000000B.00000002.2288172997.0000000005148000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit/
Source: OperaGXSetup.exe, 00000004.00000002.2888935161.000000002C024000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x2e4
Source: assistant_installer.exe, 0000000B.00000002.2288172997.0000000005140000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit1
Source: installer.exe, 0000000E.00000002.2926616195.00004A50002C4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitJP
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000032A8000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D67000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D67000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitOperaDesktopGX
Source: assistant_installer.exe, 0000000B.00000002.2288172997.0000000005140000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2288172997.0000000005148000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitll$
Source: assistant_installer.exe, 0000000B.00000002.2288172997.0000000005148000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitr
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/SysWOW64
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/Xw
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/appxBundleSipPutSignedDataMsgniuid=Dll-f522-46c3
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/etUrlCache
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/N
Source: OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071672649.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary$
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071672649.0000000000C54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary&
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary(
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary)
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary0
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary8
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarye
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software
Source: OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software3
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwareV
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwarep
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryey.netLMEMP
Source: OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryfU
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryh
Source: OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryiW
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryj
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryp
Source: OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarypn
Source: OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryyV
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/4
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/R
Source: OperaGXSetup.exe, 00000003.00000002.2868119126.0000000000C72000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843688988.0000000000C72000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849151827.000000003622A000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: OperaGXSetup.exe, 00000003.00000003.2843688988.0000000000C62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=65442&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/
Source: OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-1/1698947853-custom_partner_cont
Source: OperaGXSetup.exe, 00000003.00000003.2087266746.00000000041FC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/
Source: OperaGXSetup.exe, 00000003.00000003.2322618930.00000000041EE000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329765016.00000000041EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant_gx/73.0.3856.382/Opera_GX_assistant_73.0.3856.382_
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C51000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087414766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087266746.00000000041EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/107.0.5045.79/win/Opera_GX_107.0.5045.79_Autoupdate_
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000003.2708034650.00004D5400360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/
Source: installer.exe, 0000000D.00000003.2708034650.00004D5400360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/MT6L
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071654247.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/
Source: OperaGXSetup.exe, 00000003.00000003.2071654247.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/C
Source: OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/Q
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=a818e77b-17e4-452c-91
Source: OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=a818e77b-i
Source: OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/cy
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gaana.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io)
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io/en/education.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io/en/get.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000012.00000002.2766223989.000060EC00288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/
Source: launcher.exe, 00000012.00000002.2766223989.000060EC00288000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/
Source: opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/org.chromium.trace_e
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/288119108
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/292282210
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/292285899
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/309028728
Source: opera.exe, 0000001C.00000003.2793241123.00006E54023AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1959021067.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lamertang.com/4-peali-c1d-eny0-f8i
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/eula/computers
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/privacy
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/privacy.
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2850171237.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009CA000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/terms
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/terms.
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://listen.tidal.com/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://listen.tidal.com/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.tidal.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/at/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/au/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/be/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/bg/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/br/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/by/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ca/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ch/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/cn/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/cz/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/de/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/dk/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/eg/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/es/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/fi/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/fr/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/gb/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/hu/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/id/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/in/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/it/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/jp/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ke/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/kr/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/kz/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ma/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/mx/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/my/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ng/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/nl/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/no/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ph/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/pl/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ro/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/rs/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ru/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/se/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/sg/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/sk/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/th/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/tr/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ua/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/us/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/vn/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/za/browse
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.youtube.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nova.rambler.ru/suggest?v=3&query=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://oauth.play.pl/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://offer.tidal.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://open.spotify.com
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://opera.com/privacy
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/geo?sourceID=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1959440394.0000000002540000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1964992515.00000000035E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/stpstat?
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009CA000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://policies.google.com/terms;
Source: explorer.exe, 00000011.00000000.2711336676.000000000C460000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/amazon/?q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/search/rambler/?q=
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: OperaGXSetup.exe, 00000003.00000002.2883636587.00000000362D0000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2846781095.0000000036360000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2847065121.00000000362E0000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849151827.000000003622A000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000D.00000002.2910949110.00004D54002EC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB4_3742&utm_content=3742_set
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.seznam.cz/?q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.co.jp/search?ei=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/search?ei=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://smolecular.icu/tfg/?src=setupIO
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://soundcloud.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://sourcecode.opera.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://suggest.yandex.com.tr/suggest-opera?part=
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009CA000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://telegram.org/tos/
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://translate.yandex.fr/?text=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://translate.yandex.net/main/v2.92.1465389915/i/favicon.ico
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR8R7/KLRL579/?sub1=se
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR8R7/KLRL579/?sub1=setupio&s
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR8R7/KLRL579/?sub1=setupio&sub2=31120
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://twitter.com/en/tos;
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/oauth
Source: explorer.exe, 00000011.00000000.2707241317.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/)s
Source: explorer.exe, 00000011.00000000.2707241317.00000000099B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.comon
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/baidu?wd=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/bg/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/br/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/cz/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/de/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/en/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/es/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/fi/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/fr/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/hu/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/id/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/it/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/mx/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/nl/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/no/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/pl/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/ro/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/ru/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/se/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/sk/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/sr/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/th/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/tr/login
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/us/login
Source: OperaGXSetup.exe, 00000003.00000003.2845554919.0000000036474000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2870614189.0000000001068000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2849481285.000000003620C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278541806.0000000000700000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: OperaGXSetup.exe, 00000003.00000003.2182012704.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322528834.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2329742679.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2090712500.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2869606187.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2068606370.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2070277997.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2841379432.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2087362255.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2078168773.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843461930.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071466547.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2258071768.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2322594580.0000000000C93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=opera&q=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=opera-gx&q=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1960705178.0000000002680000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1961058453.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1962311586.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com..
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/eula/comQnu
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2008449429.0000000000993000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/eula/computers
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 00000012.00000002.2766223989.000060EC00288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/gx/
Source: installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com/privacy
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rambler.ru/favicon.ico
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1960705178.0000000002680000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1961058453.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1962311586.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.seznam.cz/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.so.com/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.so.com/s?src=lm&ls=sm2561755&lm_extend=ctype:31&q=
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.000000000018A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009CA000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.000000000018A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.whatsapp.com/legal;
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.yahoo.co.jp/favicon.ico
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com.tr/search/?clid=1669559&text=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.fr/search/?clid=2358536&text=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.ua/search/?clid=2358536&text=
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/home-static/_/92/929b10d17990e806734f68758ec917ec.png
Source: installer.exe, 0000000D.00000003.2707774182.00004D5400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/home-static/_/f4/f47b1b3d8194c36ce660324ab55a04fe.png

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_00408643 SetWindowsHookExW 00000002,Function_00008615,00000000,00000000

9_2_00408643

Installs a global event hook (focus changed)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe entropy: 7.99999542145	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\opera_package entropy: 7.99999542145	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package entropy: 7.99594864967	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\default_dark_theme.zip entropy: 7.99758785849	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-dark.zip entropy: 7.99068917764	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-light.zip entropy: 7.99103298049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-dark.zip entropy: 7.99869813049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-light.zip entropy: 7.99851425914	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\img\portfolio_background.e09645c2.webp entropy: 7.99762050423	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\img\welcome_page_coin_logos.0d4e909e.webp entropy: 7.99152249428	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\f650f111a3b890d116f1.woff2 entropy: 7.99099116763	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\default_dark_theme.zip entropy: 7.99758785849	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\browser.js entropy: 7.99201652294	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-dark.zip entropy: 7.99068917764	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\siteprefs.json entropy: 7.99072559961	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-light.zip entropy: 7.99103298049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-dark.zip entropy: 7.99869813049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-light.zip entropy: 7.99851425914	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\img\crypto_wallet_background.34d522e0.webp entropy: 7.99397847277	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\73ea273a72f4aca30ca5.woff2 entropy: 7.99266429164	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\assets\twitch-placeholder@x1.png entropy: 7.99139191957	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\39890742bc957b368704.woff2 entropy: 7.99294636507	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_4152286\classic.png entropy: 7.99067960013	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_812821631\GX_Wallpaper_classic.png entropy: 7.99798626337	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1282861814\GX_Wallpaper_Light_classic.png entropy: 7.99720505853	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1587385142\classic.png entropy: 7.99067960013	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1254482314\GX_Wallpaper_classic.png entropy: 7.99798626337	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_106807459\GX_Wallpaper_Light_classic.png entropy: 7.99720505853	Jump to dropped file

System Summary

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C22770: CreateFileW,DeviceIoControl,GetLastError,

10_2_00C22770

Contains functionality to launch a process as a different user

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

10_2_00C64EE0

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00405750	9_2_00405750
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_0041304B	9_2_0041304B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_0040AD40	9_2_0040AD40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00412910	9_2_00412910
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_004132E3	9_2_004132E3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00412F71	9_2_00412F71
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C50EE0	10_2_00C50EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7B18D	10_2_00C7B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7F1B4	10_2_00C7F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7F782	10_2_00C7F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D3FBCF	10_2_00D3FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CC206C	10_2_00CC206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C0A170	10_2_00C0A170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C722C0	10_2_00C722C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C10290	10_2_00C10290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA8257	10_2_00CA8257
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C76390	10_2_00C76390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C38480	10_2_00C38480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6C460	10_2_00C6C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C54410	10_2_00C54410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D4243A	10_2_00D4243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CDE6D0	10_2_00CDE6D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C107C0	10_2_00C107C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C20746	10_2_00C20746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCC718	10_2_00CCC718
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C54730	10_2_00C54730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C548E0	10_2_00C548E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D5C89C	10_2_00D5C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CB8860	10_2_00CB8860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D40864	10_2_00D40864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C8A9F0	10_2_00C8A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D5C954	10_2_00D5C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA6940	10_2_00CA6940
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C58AC0	10_2_00C58AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D42ACB	10_2_00D42ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAAA50	10_2_00CAAA50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C72B10	10_2_00C72B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA6CB0	10_2_00CA6CB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C16C76	10_2_00C16C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7EDD0	10_2_00C7EDD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA6DE0	10_2_00CA6DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CF6D0E	10_2_00CF6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C58EC0	10_2_00C58EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAAE80	10_2_00CAAE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D64EB6	10_2_00D64EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCAE18	10_2_00CCAE18
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA6F90	10_2_00CA6F90
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C96F50	10_2_00C96F50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA5055	10_2_00CA5055
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCD014	10_2_00CCD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C29180	10_2_00C29180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D41189	10_2_00D41189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CC11A6	10_2_00CC11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D43130	10_2_00D43130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CB7280	10_2_00CB7280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C913D4	10_2_00C913D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C57370	10_2_00C57370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA7330	10_2_00CA7330
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C194D2	10_2_00C194D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C654D0	10_2_00C654D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C894F0	10_2_00C894F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CC9494	10_2_00CC9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCB436	10_2_00CCB436
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CF35F4	10_2_00CF35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAB54D	10_2_00CAB54D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA5540	10_2_00CA5540
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C0F504	10_2_00C0F504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C87520	10_2_00C87520
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAB66D	10_2_00CAB66D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C4D7D0	10_2_00C4D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CAB749	10_2_00CAB749
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6D72F	10_2_00C6D72F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA78C0	10_2_00CA78C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6F8B0	10_2_00C6F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCD98E	10_2_00CCD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CCB934	10_2_00CCB934
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CABAD5	10_2_00CABAD5
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D43A9D	10_2_00D43A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CADA7D	10_2_00CADA7D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C0DA78	10_2_00C0DA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CB7B40	10_2_00CB7B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D61B41	10_2_00D61B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6FB00	10_2_00C6FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CABCDD	10_2_00CABCDD
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C1BC70	10_2_00C1BC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C95DD0	10_2_00C95DD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C93DE0	10_2_00C93DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CE5D00	10_2_00CE5D00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C65D10	10_2_00C65D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C6FD10	10_2_00C6FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA9E80	10_2_00CA9E80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CA7EB0	10_2_00CA7EB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C9FE30	10_2_00C9FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C0FFC0	10_2_00C0FFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D3BFB0	10_2_00D3BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C95FB0	10_2_00C95FB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C1DF40	10_2_00C1DF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C77F3A	10_2_00C77F3A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CC206C	11_2_00CC206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CF6D0E	11_2_00CF6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C0A170	11_2_00C0A170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C722C0	11_2_00C722C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C10290	11_2_00C10290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA8257	11_2_00CA8257
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C76390	11_2_00C76390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C38480	11_2_00C38480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6C460	11_2_00C6C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C54410	11_2_00C54410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D4243A	11_2_00D4243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CDE6D0	11_2_00CDE6D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C107C0	11_2_00C107C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C20746	11_2_00C20746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCC718	11_2_00CCC718
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C54730	11_2_00C54730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C548E0	11_2_00C548E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D5C89C	11_2_00D5C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CB8860	11_2_00CB8860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D40864	11_2_00D40864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C8A9F0	11_2_00C8A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D5C954	11_2_00D5C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA6940	11_2_00CA6940
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C58AC0	11_2_00C58AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D42ACB	11_2_00D42ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAAA50	11_2_00CAAA50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C72B10	11_2_00C72B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA6CB0	11_2_00CA6CB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C16C76	11_2_00C16C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7EDD0	11_2_00C7EDD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA6DE0	11_2_00CA6DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C58EC0	11_2_00C58EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C50EE0	11_2_00C50EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAAE80	11_2_00CAAE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D64EB6	11_2_00D64EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCAE18	11_2_00CCAE18
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA6F90	11_2_00CA6F90
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C96F50	11_2_00C96F50
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA5055	11_2_00CA5055
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCD014	11_2_00CCD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C29180	11_2_00C29180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7B18D	11_2_00C7B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D41189	11_2_00D41189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CC11A6	11_2_00CC11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7F1B4	11_2_00C7F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D43130	11_2_00D43130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CB7280	11_2_00CB7280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C913D4	11_2_00C913D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C57370	11_2_00C57370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA7330	11_2_00CA7330
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C194D2	11_2_00C194D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C654D0	11_2_00C654D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C894F0	11_2_00C894F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CC9494	11_2_00CC9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCB436	11_2_00CCB436
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CF35F4	11_2_00CF35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAB54D	11_2_00CAB54D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA5540	11_2_00CA5540
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C0F504	11_2_00C0F504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C87520	11_2_00C87520
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAB66D	11_2_00CAB66D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C4D7D0	11_2_00C4D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7F782	11_2_00C7F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CAB749	11_2_00CAB749
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6D72F	11_2_00C6D72F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA78C0	11_2_00CA78C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6F8B0	11_2_00C6F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCD98E	11_2_00CCD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CCB934	11_2_00CCB934
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CABAD5	11_2_00CABAD5
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D43A9D	11_2_00D43A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CADA7D	11_2_00CADA7D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C0DA78	11_2_00C0DA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D3FBCF	11_2_00D3FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CB7B40	11_2_00CB7B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D61B41	11_2_00D61B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6FB00	11_2_00C6FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CABCDD	11_2_00CABCDD
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C1BC70	11_2_00C1BC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C95DD0	11_2_00C95DD0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C93DE0	11_2_00C93DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CE5D00	11_2_00CE5D00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C65D10	11_2_00C65D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C6FD10	11_2_00C6FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA9E80	11_2_00CA9E80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CA7EB0	11_2_00CA7EB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C9FE30	11_2_00C9FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C0FFC0	11_2_00C0FFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D3BFB0	11_2_00D3BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C95FB0	11_2_00C95FB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C1DF40	11_2_00C1DF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C77F3A	11_2_00C77F3A

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: String function: 004026DC appears 38 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C4B9C0 appears 168 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C01741 appears 414 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C58590 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C41BBC appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C03696 appears 128 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00D57CF8 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C40C44 appears 56 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C4BEC0 appears 281 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C40AA2 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00D542D0 appears 118 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C4BE50 appears 80 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C4C9E0 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00D3A840 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: String function: 00C48B80 appears 56 times

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: installer.exe.6.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: installer.exe.19.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows

PE file contains more sections than normal

Source: opera_crashreporter.exe.6.dr	Static PE information: Number of sections : 13 > 10
Source: libEGL.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: installer.exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: mojo_core.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: opera_autoupdate.exe.6.dr	Static PE information: Number of sections : 14 > 10
Source: opera_elf.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: installer.exe.19.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: win10_share_handler.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: opera.exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: launcher.exe.13.dr	Static PE information: Number of sections : 13 > 10
Source: opera_browser.dll.6.dr	Static PE information: Number of sections : 15 > 10
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: Number of sections : 15 > 10
Source: notification_helper.exe.6.dr	Static PE information: Number of sections : 12 > 10
Source: opera.exe.13.dr	Static PE information: Number of sections : 11 > 10
Source: launcher.exe.6.dr	Static PE information: Number of sections : 13 > 10
Source: dxcompiler.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.6.dr	Static PE information: Number of sections : 11 > 10
Source: opera_gx_splash.exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: installer_helper_64.exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: Number of sections : 15 > 10
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: Number of sections : 15 > 10

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1961058453.000000007FE35000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1959121556.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1960705178.0000000002778000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Searches the installation path of Mozilla Firefox

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Registry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uiamanager.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iertutil.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: twext.dll
Source: C:\Windows\explorer.exe	Section loaded: zipfldr.dll
Source: C:\Windows\explorer.exe	Section loaded: sendmail.dll
Source: C:\Windows\explorer.exe	Section loaded: mydocs.dll
Source: C:\Windows\explorer.exe	Section loaded: acppage.dll
Source: C:\Windows\explorer.exe	Section loaded: sfc.dll
Source: C:\Windows\explorer.exe	Section loaded: msi.dll
Source: C:\Windows\explorer.exe	Section loaded: drprov.dll
Source: C:\Windows\explorer.exe	Section loaded: ntlanman.dll
Source: C:\Windows\explorer.exe	Section loaded: davclnt.dll
Source: C:\Windows\explorer.exe	Section loaded: davhlpr.dll
Source: C:\Windows\explorer.exe	Section loaded: dlnashext.dll
Source: C:\Windows\explorer.exe	Section loaded: playtodevice.dll
Source: C:\Windows\explorer.exe	Section loaded: wpdshext.dll
Source: C:\Windows\explorer.exe	Section loaded: ehstorapi.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: ksuser.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfmp4srcsnk.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: audioses.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: evr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: avrt.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: comppkgsup.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windows.media.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windows.applicationmodel.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: msauddecmft.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: colorcnv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: msdmo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dsreg.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wpnapps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: rmclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: usermgrcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.media.dll

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: sus34.rans.spyw.evad.winEXE@118/1236@0/49

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_00408DD2 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,

9_2_00408DD2

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C2051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		10_2_00C2051B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C2051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		11_2_00C2051B

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_004011FD GetDiskFreeSpaceExW,SendMessageW,

9_2_004011FD

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

9_2_0040388A

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

9_2_00401DF5

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\mfx_d3d_mutex
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\opera_splash_lock_a7abe095bcfd6dc868442c2e858a30d1
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\oauc_registry_mutex
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

File created: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	ReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Virustotal: Detection: 43%

Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe	String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe	String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process created: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$1043A,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6bb4623c,0x6bb46248,0x6bb46254
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1396 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329191858" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7005000000000000
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x308,0x30c,0x310,0x2d8,0x314,0x6aeb623c,0x6aeb6248,0x6aeb6254
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0xdb4f48,0xdb4f58,0xdb4f64
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=1396 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=a7abe095bcfd6dc868442c2e858a30d1
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe" --version
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --pipeid=oauc_task_piped42b87436846297e467003cba27fe2f4 --version=107.0.5045.79 --producttype --requesttype=automatic --downloaddir="C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B" --installationdatadir="C:\Users\user\AppData\Local\Programs\Opera GX" --operadir="C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79" --installdir="C:\Users\user\AppData\Local\Programs\Opera GX" --user-data-dir="C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" --nometrics --scheduledtask
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=1972 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=2776 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3216 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6e85938fc,0x7ff6e8593908,0x7ff6e8593918
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3356 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4364 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4764 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process created: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$1043A,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6bb4623c,0x6bb46248,0x6bb46254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1396 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329191858" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7005000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x308,0x30c,0x310,0x2d8,0x314,0x6aeb623c,0x6aeb6248,0x6aeb6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=1396 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0xdb4f48,0xdb4f58,0xdb4f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=a7abe095bcfd6dc868442c2e858a30d1
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe" --version
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --pipeid=oauc_task_piped42b87436846297e467003cba27fe2f4 --version=107.0.5045.79 --producttype --requesttype=automatic --downloaddir="C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B" --installationdatadir="C:\Users\user\AppData\Local\Programs\Opera GX" --operadir="C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79" --installdir="C:\Users\user\AppData\Local\Programs\Opera GX" --user-data-dir="C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" --nometrics --scheduledtask
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=1972 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=2776 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3216 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3356 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4364 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4764 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6e85938fc,0x7ff6e8593908,0x7ff6e8593918
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: Opera GX Browser .lnk.13.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk0.13.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk1.13.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk2.13.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File written: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1605735293\persona.ini

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static file information: File size 2182176 > 1048576

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000002.2287318786.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2287730492.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D95000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000D.00000000.2625467719.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000D.00000002.2912907901.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628685156.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2927392639.00007FF65F4F1000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: &NoreCommonProxyStub.pdb` source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000003.00000002.2850171237.0000000000131000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.0000000000131000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.0000000000971000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000131000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000014.00000002.2851904218.00007FF7F8645000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000014.00000000.2730619162.00007FF7F8645000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: .exe.pdb source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: oreCommonProxyStub.pdb source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: .dll.pdbbC:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization.pdb` source: opera.exe, 00000015.00000002.2788927719.000060840027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: oreCommonProxyStub.pdb8 source: opera.exe, 00000015.00000002.2788182722.0000608400264000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: elbase.pdb` source: opera.exe, 00000015.00000002.2787646170.0000608400254000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: `ser.dll.pdbREG_SZ source: opera.exe, 00000015.00000002.2788927719.000060840027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000002.2922787938.00000000001B0000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: 4D0E03503C68E569FAA6DC931.pdb source: opera.exe, 00000015.00000002.2787828487.0000608400258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.0000000003415000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000A.00000002.2287318786.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000A.00000000.2279825246.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2287730492.0000000000D95000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000000.2284793354.0000000000D95000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000015.00000000.2733582758.00007FF69A9C0000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000015.00000002.2798211012.00007FF69A9C0000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000003.00000000.2054100396.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000000.2056341913.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000000.2059162821.0000000000BC7000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000006.00000000.2062343834.0000000000387000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2065156473.0000000000387000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278137134.00000000036E9000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 00000009.00000003.2278658254.0000000003D80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000006.00000002.2922787938.0000000000131000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000013.00000000.2728056334.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: a_browser.dll.pdb` source: opera.exe, 00000015.00000002.2787828487.0000608400258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: opera.exe, 00000015.00000002.2790381999.00006084002B8000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: dxil.dll.6.dr

Static PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

9_2_0040239B

PE file contains an invalid checksum

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0x311faa
Source: OperaGXSetup.exe.3.dr	Static PE information: real checksum: 0x36e0d3 should be: 0x36f94c
Source: OperaLib.dll.1.dr	Static PE information: real checksum: 0x0 should be: 0x7f775
Source: is-T2PA3.tmp.1.dr	Static PE information: real checksum: 0x36e0d3 should be: 0x36f94c

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Static PE information: section name: .didata
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: section name: .didata
Source: Opera_installer_2403291818577271396.dll.3.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291818577271396.dll.3.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291818577271396.dll.3.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291818577271396.dll.3.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291818579403276.dll.4.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291818579403276.dll.4.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291818579403276.dll.4.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291818579403276.dll.4.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291818582525068.dll.5.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291818582525068.dll.5.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291818582525068.dll.5.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291818582525068.dll.5.dr	Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.6.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.6.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.6.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.6.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.6.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.6.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.6.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.6.dr	Static PE information: section name: _RDATA
Source: win10_share_handler.dll.6.dr	Static PE information: section name: .00cfg
Source: win10_share_handler.dll.6.dr	Static PE information: section name: .gxfg
Source: win10_share_handler.dll.6.dr	Static PE information: section name: .retplne
Source: win10_share_handler.dll.6.dr	Static PE information: section name: _RDATA
Source: win8_importing.dll.6.dr	Static PE information: section name: .00cfg
Source: win8_importing.dll.6.dr	Static PE information: section name: .gxfg
Source: win8_importing.dll.6.dr	Static PE information: section name: .retplne
Source: win8_importing.dll.6.dr	Static PE information: section name: _RDATA
Source: Opera_installer_240329181858612652.dll.6.dr	Static PE information: section name: .00cfg
Source: Opera_installer_240329181858612652.dll.6.dr	Static PE information: section name: .rodata
Source: Opera_installer_240329181858612652.dll.6.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_240329181858612652.dll.6.dr	Static PE information: section name: malloc_h
Source: mojo_core.dll.6.dr	Static PE information: section name: .00cfg
Source: mojo_core.dll.6.dr	Static PE information: section name: .gxfg
Source: mojo_core.dll.6.dr	Static PE information: section name: .retplne
Source: mojo_core.dll.6.dr	Static PE information: section name: _RDATA
Source: notification_helper.exe.6.dr	Static PE information: section name: .00cfg
Source: notification_helper.exe.6.dr	Static PE information: section name: .gxfg
Source: notification_helper.exe.6.dr	Static PE information: section name: .retplne
Source: notification_helper.exe.6.dr	Static PE information: section name: CPADinfo
Source: notification_helper.exe.6.dr	Static PE information: section name: _RDATA
Source: opera.exe.6.dr	Static PE information: section name: .00cfg
Source: opera.exe.6.dr	Static PE information: section name: .gxfg
Source: opera.exe.6.dr	Static PE information: section name: .retplne
Source: opera.exe.6.dr	Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: .00cfg
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: .gxfg
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: .retplne
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: CPADinfo
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: LZMADEC
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.6.dr	Static PE information: section name: malloc_h
Source: opera_browser.dll.6.dr	Static PE information: section name: .00cfg
Source: opera_browser.dll.6.dr	Static PE information: section name: .gxfg
Source: opera_browser.dll.6.dr	Static PE information: section name: .retplne
Source: opera_browser.dll.6.dr	Static PE information: section name: .rodata
Source: opera_browser.dll.6.dr	Static PE information: section name: CPADinfo
Source: opera_browser.dll.6.dr	Static PE information: section name: LZMADEC
Source: opera_browser.dll.6.dr	Static PE information: section name: _RDATA
Source: opera_browser.dll.6.dr	Static PE information: section name: malloc_h
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: .00cfg
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: .gxfg
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: .retplne
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: CPADinfo
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: _RDATA
Source: opera_crashreporter.exe.6.dr	Static PE information: section name: malloc_h
Source: opera_elf.dll.6.dr	Static PE information: section name: .00cfg
Source: opera_elf.dll.6.dr	Static PE information: section name: .gxfg
Source: opera_elf.dll.6.dr	Static PE information: section name: .retplne
Source: opera_elf.dll.6.dr	Static PE information: section name: _RDATA
Source: opera_gx_splash.exe.6.dr	Static PE information: section name: .00cfg
Source: opera_gx_splash.exe.6.dr	Static PE information: section name: .gxfg
Source: opera_gx_splash.exe.6.dr	Static PE information: section name: .retplne
Source: opera_gx_splash.exe.6.dr	Static PE information: section name: _RDATA
Source: CUESDK.x64_2017.dll.6.dr	Static PE information: section name: .00cfg
Source: dxcompiler.dll.6.dr	Static PE information: section name: .00cfg
Source: dxcompiler.dll.6.dr	Static PE information: section name: .gxfg
Source: dxcompiler.dll.6.dr	Static PE information: section name: .retplne
Source: dxcompiler.dll.6.dr	Static PE information: section name: _RDATA
Source: dxil.dll.6.dr	Static PE information: section name: _RDATA
Source: installer.exe.6.dr	Static PE information: section name: .00cfg
Source: installer.exe.6.dr	Static PE information: section name: .gxfg
Source: installer.exe.6.dr	Static PE information: section name: .retplne
Source: installer.exe.6.dr	Static PE information: section name: _RDATA
Source: installer_helper_64.exe.6.dr	Static PE information: section name: .00cfg
Source: installer_helper_64.exe.6.dr	Static PE information: section name: .gxfg
Source: installer_helper_64.exe.6.dr	Static PE information: section name: .retplne
Source: installer_helper_64.exe.6.dr	Static PE information: section name: _RDATA
Source: launcher.exe.6.dr	Static PE information: section name: .00cfg
Source: launcher.exe.6.dr	Static PE information: section name: .gxfg
Source: launcher.exe.6.dr	Static PE information: section name: .retplne
Source: launcher.exe.6.dr	Static PE information: section name: LZMADEC
Source: launcher.exe.6.dr	Static PE information: section name: _RDATA
Source: launcher.exe.6.dr	Static PE information: section name: malloc_h
Source: libEGL.dll.6.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.6.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.6.dr	Static PE information: section name: .retplne
Source: libEGL.dll.6.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.6.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.6.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.6.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.6.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291818588244612.dll.7.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291818588244612.dll.7.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291818588244612.dll.7.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291818588244612.dll.7.dr	Static PE information: section name: malloc_h
Source: assistant_installer.exe.9.dr	Static PE information: section name: .00cfg
Source: assistant_installer.exe.9.dr	Static PE information: section name: .voltbl
Source: assistant_installer.exe.9.dr	Static PE information: section name: CPADinfo
Source: browser_assistant.exe.9.dr	Static PE information: section name: .00cfg
Source: browser_assistant.exe.9.dr	Static PE information: section name: .rodata
Source: browser_assistant.exe.9.dr	Static PE information: section name: .voltbl
Source: browser_assistant.exe.9.dr	Static PE information: section name: CPADinfo
Source: mojo_core.dll.9.dr	Static PE information: section name: .00cfg
Source: mojo_core.dll.9.dr	Static PE information: section name: .voltbl
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291819548603504.dll.13.dr	Static PE information: section name: malloc_h
Source: opera.exe.13.dr	Static PE information: section name: .00cfg
Source: opera.exe.13.dr	Static PE information: section name: .gxfg
Source: opera.exe.13.dr	Static PE information: section name: .retplne
Source: opera.exe.13.dr	Static PE information: section name: _RDATA
Source: launcher.exe.13.dr	Static PE information: section name: .00cfg
Source: launcher.exe.13.dr	Static PE information: section name: .gxfg
Source: launcher.exe.13.dr	Static PE information: section name: .retplne
Source: launcher.exe.13.dr	Static PE information: section name: LZMADEC
Source: launcher.exe.13.dr	Static PE information: section name: _RDATA
Source: launcher.exe.13.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291819551826188.dll.14.dr	Static PE information: section name: malloc_h
Source: installer.exe.19.dr	Static PE information: section name: .00cfg
Source: installer.exe.19.dr	Static PE information: section name: .gxfg
Source: installer.exe.19.dr	Static PE information: section name: .retplne
Source: installer.exe.19.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291820085812316.dll.23.dr	Static PE information: section name: malloc_h

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00412C00 push eax; ret	9_2_00412C2E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CACE90 push 89084589h; iretd	10_2_00CACE95
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D3B10C push ecx; ret	10_2_00D3B11F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CACE90 push 89084589h; iretd	11_2_00CACE95
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D3B10C push ecx; ret	11_2_00D3B11F

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291820085812316.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818579403276.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\additional_file0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711736396.old (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818588244612.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_240329181858612652.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Opera_GX_assistant_73.0.3856.382_Setup[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291819551826188.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\is-T2PA3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818582525068.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291819548603504.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	File created: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818577271396.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\opera_package			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191858040.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191858956.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329191920.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329191955376.log	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\license.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\aria.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\background_worker.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\command_line.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\prompt.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\webpage_content_reporter.js.LICENSE.txt

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Stores large binary data to the registry

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C6A6D0 rdtsc

10_2_00C6A6D0

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Thread delayed: delay time: 922337203685477

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291819551826188.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\0EA40E5AB06B\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291820085812316.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818582525068.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291819548603504.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818579403276.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818577271396.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291818588244612.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_240329181858612652.dll	Jump to dropped file

Found evaded block containing many API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Evaded block: after key decision

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	API coverage: 5.8 %
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	API coverage: 5.2 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 5784	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 5784	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe TID: 6628	Thread sleep time: -922337203685477s >= -30000s

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\blob_storage\1e19d893-ff31-4664-bfc4-34501f4bb978 FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Local\Opera Software\Opera GX Stable\System Cache\Cache_Data FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Local\Opera Software\Opera GX Stable\Cache\Cache_Data FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	9_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 9_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	9_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C69120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	10_2_00C69120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CF9AE2 FindFirstFileExW,	10_2_00CF9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C69120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	11_2_00C69120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CF9AE2 FindFirstFileExW,	11_2_00CF9AE2

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: explorer.exe, 00000011.00000000.2704927087.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
Source: explorer.exe, 00000011.00000000.2707241317.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0r
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTcaVMWare
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
Source: explorer.exe, 00000011.00000000.2702026651.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000011.00000000.2702026651.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000011.00000000.2700552070.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
Source: explorer.exe, 00000011.00000000.2704927087.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
Source: explorer.exe, 00000011.00000000.2719335016.000000000C908000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_SATAW
Source: OperaGXSetup.exe, 00000003.00000002.2868119126.0000000000C62000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2071672649.0000000000C62000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000003.2843688988.0000000000C62000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000C25000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2707241317.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000011.00000000.2702026651.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000011.00000000.2702026651.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware,p
Source: OperaGXSetup.exe, 00000003.00000002.2866378247.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Prod_VMware_SATAa
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
Source: explorer.exe, 00000011.00000000.2700552070.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000011.00000000.2704927087.000000000769A000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe

Process information queried: ProcessInformation

Anti Debugging

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C6A6D0 rdtsc

10_2_00C6A6D0

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C66AE0 GetCurrentThread,IsDebuggerPresent,GetCurrentThreadId,__Init_thread_header,GetModuleHandleW,GetProcAddress,

10_2_00C66AE0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

9_2_0040239B

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D597FB mov eax, dword ptr fs:[00000030h]	10_2_00D597FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D47C65 mov eax, dword ptr fs:[00000030h]	10_2_00D47C65
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D597FB mov eax, dword ptr fs:[00000030h]	11_2_00D597FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D47C65 mov eax, dword ptr fs:[00000030h]	11_2_00D47C65

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	10_2_00C7AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00CC206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,_strlen,	10_2_00CC206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,	10_2_00C7C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D3A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00D3A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C7ACEE GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	10_2_00C7ACEE
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00C11C00 SetUnhandledExceptionFilter,	10_2_00C11C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 10_2_00D4BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00D4BE76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00CC206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,_strlen,	11_2_00CC206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,	11_2_00C7C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D3A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00D3A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C7AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	11_2_00C7AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00C11C00 SetUnhandledExceptionFilter,	11_2_00C11C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: 11_2_00D4BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00D4BE76

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtQueryAttributesFile: Direct from: 0x76EF2E6C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtCreateMutant: Direct from: 0x76EF35CC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtQueryVolumeInformationFile: Direct from: 0x76EF2F2C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtMapViewOfSection: Direct from: 0x76EF2D1C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtOpenSection: Direct from: 0x76EF2E0C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtDeviceIoControlFile: Direct from: 0x76EF2AEC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtAllocateVirtualMemory: Direct from: 0x76EF2BFC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtAddAtomEx: Direct from: 0x76EF312C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtQueryValueKey: Direct from: 0x76EF2BEC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtSetInformationThread: Direct from: 0x76EF2ECC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtCreateFile: Direct from: 0x76EF2FEC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtOpenFile: Direct from: 0x76EF2DCC
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtQueryInformationProcess: Direct from: 0x76EF2C26
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtOpenKeyEx: Direct from: 0x76EF3C9C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtOpenKeyEx: Direct from: 0x76EF2B9C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtClose: Direct from: 0x76EF2B6C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtSetInformationProcess: Direct from: 0x76EF2C5C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtReadVirtualMemory: Direct from: 0x76EF2E8C
Source: C:\Program Files (x86)\iVbaHhMGgjRPQdstHmqQTgkbxiYBLxBpyzsEuAKAsKqyZeBOViMTYbkOnfuIVKzSyxpCQrvLHujso\koksDTqWjvmuJdFhyPGiECl.exe	NtProtectVirtualMemory: Direct from: 0x76EF2F9C

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-TG3DC.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6bb4623c,0x6bb46248,0x6bb46254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1396 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329191858" --session-guid=8ddbc8bc-ca9a-4c2b-a001-468713504759 --server-tracking-blob=NGFjMjBjZGM2OTE2N2RiNmJlYjJmY2M2YTBmZDdmMDY4ZjE3N2Y3OWFjNmExN2RhOTU2NGUyNWUyOTFkYjhlNjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzYzMzYuNTM0NCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4MDVjOTQ2ZWM3YzU0NjgwYjM3ZjU4MmQ1OGRlMTgzMCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImFiN2E4MGUwLWY1MjItNDZjMy1iYzdlLWQxNzkzYjIwNDhlMiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7005000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x308,0x30c,0x310,0x2d8,0x314,0x6aeb623c,0x6aeb6248,0x6aeb6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0xdb4f48,0xdb4f58,0xdb4f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff8a8dad180,0x7ff8a8dad18c,0x7ff8a8dad198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=a7abe095bcfd6dc868442c2e858a30d1 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7ff8a6189628,0x7ff8a6189638,0x7ff8a6189648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=1972 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=2776 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3216 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=3356 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4364 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --enable-quic --no-appcompat-clear --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --mojo-platform-channel-handle=4764 --field-trial-handle=1860,i,17205455559367761425,8087887266479412671,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6e85938fc,0x7ff6e8593908,0x7ff6e8593918

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 9_2_0040247A AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

9_2_0040247A

Source: installer.exe, 0000000D.00000003.2638115252.000001D8873D1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000012.00000000.2711688977.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 00000012.00000002.2770887188.00007FF7385C4000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: Cannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000011.00000000.2707241317.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd=
Source: installer.exe, 0000000D.00000000.2625540919.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000000.2628833836.00007FF65F517000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: OperaGXSetup.exe, 00000003.00000002.2850171237.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000004.00000002.2885993218.00000000001B0000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000002.2061459211.00000000009F0000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000D.00000002.2906158946.000001D8874C6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000011.00000000.2704546993.0000000004B00000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: OperaGXSetup.exe, installer.exe, 0000000D.00000002.2908402486.000001D88844A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000011.00000000.2701335122.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: installer.exe, 0000000D.00000002.2905358133.000001D887438000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager_1
Source: explorer.exe, 00000011.00000000.2700552070.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PProgman
Source: installer.exe, 0000000D.00000002.2903459350.000001D885A78000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Progmant
Source: explorer.exe, 00000011.00000000.2707007143.000000000946C000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndes

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00C71220 cpuid

10_2_00C71220

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,	9_2_004021B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: GetLocaleInfoW,	10_2_00D5769C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe	Code function: GetLocaleInfoW,	11_2_00D5769C

Queries the product ID of Windows

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\installer_prefs_include.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\root_files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\pref_default_overrides VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\installer_prefs_include.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\ab_tests.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\video_conference_popout.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\browser.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\partner_speeddials.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\siteprefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1605735293\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1605735293\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_808861689\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_808861689\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Web\Wallpaper\Windows\img0.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_850653473\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_850653473\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_4152286\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_4152286\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_812821631\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_812821631\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1282861814\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1282861814\GX_Wallpaper_Light_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1458538868\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1458538868\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1587385142\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1587385142\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1254482314\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1254482314\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_106807459\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_106807459\GX_Wallpaper_Light_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\cfb3ebf5-c309-4af9-9fd1-ff20a23468ef.tmp VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\ScriptCache\4cb013792b196a35_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_597946959\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_597946959\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\es\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\es_419\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_1960165041\CRX_INSTALL\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\history-tags.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\main.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\startpage_test_function.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\targeted_sd_section.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\be\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es_419\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\avatar-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\checkbox.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\close.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\cover-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-arrow.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-logo.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\list-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\no-avatar.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\notification.mp3 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\search.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\settings.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\tile-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x1.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x2.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\common.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\input_styles.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\dummy_steamer_data.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch128.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\template.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\colors.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\preferences.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\sounds.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\stats.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\twitch_api.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\utils.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\volume.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_280866610\CRX_INSTALL\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir5144_142773148\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0108e89c9003e8c14ea3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\017c29dbc4d9f1f201e9.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\01ac8450057de556853b.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\02271ec5cb9f5b4588ac.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0246e88ab3b60542f582.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0264fb02c65c7cc33355.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\046461fc1a778fe43d99.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\073b3402d036714b4370.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0c3b8929d377c0e9b2f3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0eebbdfb27d542c486ce.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\13a27524bd914f383b14.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\169.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\172d3529b26f8cedef6b.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1b3b83dac50be6b9c503.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e1c0e29b79b49a6ff4d.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e649c8a03d6232a688c.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\20f389c4120be058d80a.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\211.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\212532323374ae2448ec.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2179f0be6a7943d619de.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2573fae744f00a3822ff.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2960900c4f271311eb36.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2b1d5bea6b59d7df7543.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2d0dbf42750207f78ffa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2e7fc7bc27f14936d460.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2f7bc363fc5424ebda59.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\354501bac435c3264834.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\36c7b8b5ca8e5fb1c18c.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3732873d6bcc644421fa.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\395.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\39890742bc957b368704.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3a99e70aee4076660d38.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3be6ad1b3df0e5831c59.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3d0614224103268f2be7.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3dcbef40ef1b04e21951.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3f07ed67f06c720120ce.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\428978dc7837d46de091.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\44d85d37ca16b0b3a224.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4ad7c7e8bb8d10a34bb7.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c6b94fd1d07f8beff7c.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c761b3711973ab04edf.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4f35fbcc9ee8614c2bcc.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\53d29add4f51cb58cf68.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5571ad00c83ed7c02dfe.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\57f5c1837853986ea1db.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\591.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5adac599c899f8c8e7a5.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b49f4993ae22d7975b4.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b7f1191e76219e1b1a6.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5d1a909f3c0b18e897f0.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5e577791088fdf698fe4.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\60b4a28215d22a7d41a3.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\637f22f6137db0081579.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\651.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\65882ad114b64cb3e4c4.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6912698b643838d06158.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\692d5af8b740a53ced1a.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6d3d25f4820d0da8f01f.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6de7d4b539221a49e9e2.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6e912113b807d9defcf7.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6eec866c69313624be60.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\6fdf0ac577be0ba82a4c.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\70eba12308e7984fd14b.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7120b68615ebe4b28075.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\727f6e5002062e656358.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\73ea273a72f4aca30ca5.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7489a2fbfb9bfe704420.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\75bd363a076f7029be1d.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\763c3b026deaf11f0f62.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7947224e8a9914fa332b.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7bce35126a6372258d77.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7be90d1afea9e1266308.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7d393d382f3e7fb1c637.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\7e873d3833eb108a0758.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\8169508bf58f8bd92ad8.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\823d989847c2950d3b26.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\828abcb200061cffbaae.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\8303dd9ea54e07b2677d.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\853be92419a6c3766b9a.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\8723f9d7e62d3b67094f.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\doh_providers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00CBCB18 GetVersion,CreateNamedPipeW,

10_2_00CBCB18

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

9_2_00401841

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

10_2_00C20746

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\assistant_installer.exe

Code function: 10_2_00D4F7E2 GetTimeZoneInformation,

10_2_00D4F7E2

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291918581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

9_2_00405750

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Adds / modifies Windows certificates

Source: C:\Users\user\AppData\Local\Temp\is-NM93K.tmp\OperaGXSetup.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

ID:	1417615
Product:	CloudBasic
Start time:	19:18:05
Start date:	29.03.2024
Sample:	SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	dbb69ee00786bed3e12a04518e0f469a
SHA1:	40a82d88b06e6be8ba82fab34b4a29305466202a
SHA256:	dbc32537a29f5eba5406aa3f2ae409eb52ea904e76c19a74bfb480a8c8c63d69
Filetype:	Win32 Executable (generic) a (10002005/4) 98.04%

Windows Analysis Report SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

AV Detection

Cryptography

Privilege Escalation

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Windows Analysis Report
SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe