Windows Analysis Report
SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Analysis ID:	1417615
MD5:	dbb69ee00786bed3e12a04518e0f469a
SHA1:	40a82d88b06e6be8ba82fab34b4a29305466202a
SHA256:	dbc32537a29f5eba5406aa3f2ae409eb52ea904e76c19a74bfb480a8c8c63d69
Tags:	exe
Infos:

Detection

Score:	38
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Compliance

Score:	35
Range:	0 - 100

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to register a low level keyboard hook

Found direct / indirect Syscall (likely to bypass EDR)

Installs a global event hook (focus changed)

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Writes many files with high entropy

Adds / modifies Windows certificates

Binary contains a suspicious time stamp

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a process as a different user

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

EXE planting / hijacking vulnerabilities found

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches the installation path of Mozilla Firefox

Stores large binary data to the registry

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	ReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Virustotal: Detection: 47%			Perma Link

Cryptography

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_8ccf0acf-0

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193551250.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193552126.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329193613.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193645809.log	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\license.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\service.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\provider.js.LICENSE.txt

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000E.00000000.2683061384.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2863845634.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877353306.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000000.2686209826.00007FF709791000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sers\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localizationl.pdb source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.00000000009E1000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000020.00000000.2775392213.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000020.00000002.2787815386.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: .exe.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: user32.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000021.00000002.2822156056.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000021.00000000.2786569147.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: 04AB974B14C4C44205044422E1.pdb source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: rrcsBizXUHISSeck.exe, 00000013.00000000.2738914318.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2739979138.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2740890446.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742095852.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2742916243.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2743982933.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2744605604.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2748351683.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752037220.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754018968.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2755480524.00000000005AE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: a_browser.dll.pdbs source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb~ source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ase.pdbs source: opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sbbdll.pdbREG_SZ source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	10_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	10_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	11_2_00349120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003D9AE2 FindFirstFileExW,	11_2_003D9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	12_2_00349120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003D9AE2 FindFirstFileExW,	12_2_003D9AE2

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera	Jump to behavior

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 37.228.108.133 37.228.108.133
Source: Joe Sandbox View	IP Address: 23.48.203.201 23.48.203.201
Source: Joe Sandbox View	IP Address: 104.18.8.172 104.18.8.172

Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "favicon_url": "https://www.rambler.ru/favicon.ico", equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "favicon_url": "https://www.yahoo.co.jp/favicon.ico", equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %t www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %t www.rambler.ru/favicon.icou equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %\|0www.yahoo.co.jp/favicon.ico equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %\|0www.yahoo.co.jp/favicon.icou equals www.yahoo.com (Yahoo)
Source: OperaGXSetup.exe	String found in binary or memory: hatsapp.com/legal; and c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/l equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.rambler.ru/favicon.icou equals www.rambler.ru (Rambler)

Source: OperaGXSetup.exe	String found in binary or memory: http://autoupdate-staging.services.ams.osa/
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A0F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digg
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: explorer.exe, 00000012.00000000.2716962759.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2714462125.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2715119137.0000000008720000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.org
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002398000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgA
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgAbout
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgAcerca
Source: OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com
Source: OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com(
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2857162913.000001CCDEC4A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com0
Source: OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.comp
Source: opera.exe, 00000021.00000002.2809563417.000001D7B5870000.00000002.00000001.00040000.00000021.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.spotify.com/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.youtube.com
Source: explorer.exe, 00000012.00000000.2719255948.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/0f0e5f62d66c60ed333aca63dd12b74d89b1197f/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/175c553e1afe06b6eba448d5d51821f3b3200c23/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/1eccff548be9e5afea58974ea48f09611bb0971f/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/2f7d465d32db944b1a50d34569ecc10aa71d7b1b/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/47495671858c844787b75a7b65d83bf0f4daa0b7/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/47ac1e141dfbb826480ad739f82202f33942e3a9/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/5a244c9761df69fd3c6925ff8f639d24e28b1169/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/626b4fd1d224c0f6344647a9049bdade45c11e10/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7090985e32fa004ea7f01e519549d5bb07e36e57/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7537081f498da9b83d5905e8a6aa77283f222bc3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7ce8277c35ac7d51701decad652c060741bd7e48/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7d5c2a2d6136fbf166211d5183bf66214a247f31/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/80c7dd8db07f193d40005f1a4c59dbc922d41bbc/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/9972667e4a17fabc1af14d8a388078a2069c5be3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/aaa83eac6890a9a6e2273ea51d6f2f2915b1a019/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/cf1b58b29b4efc97d4cd45328f0ab79f541469d4/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d31e12a38bccc4ce61b2fe8e6fd3160ec5191274/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d62bc2d4349d61e94daa48a5c49b897f6bfcd166/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d7966d331216ef6a7affdecb3ee81600ba5c34d3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/e3f47f1911ec0c9b987871ea7bc7da7525594997/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/fd1ad64e991dece2a0e4b2c8d5b45d22d513bd8b/
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.browser.yandex.ua/suggest/get?part=
Source: explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712661824.0000000003700000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000012.00000000.2715945417.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://appleid.apple.com
Source: explorer.exe, 00000012.00000000.2715945417.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/.opera.comOpera
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera
Source: OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2387970978.000000000509B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79
Source: OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.794z
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79As
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79Urb
Source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/developernightlyStableinstaller_prefs.jsonNightlyDeveloperNextStabl
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/Z
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://browser-notifications.opera.com/api/v1/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://browser-notifications.opera.com/api/v1/333333
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://config.gx.games/v0/config
Source: OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/v0/config?utm_campaign=PWN_US_PB4_3742&utm_medium=pa&utm_source=PWNgames&pro
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://config.gx.games/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&chann
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://consent.youtube.com
Source: assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: installer.exe, 0000000F.00000002.2872788376.000002E63AC50000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2875732136.00002B9C002AC000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000003.2804768028.000073F0002E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: OperaGXSetup.exe, 00000009.00000002.2886571583.0000000028CBC000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000009.00000002.2884935461.0000000028C24000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000009.00000002.2885746280.0000000028C68000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit(
Source: OperaGXSetup.exe, 00000009.00000002.2879616724.00000000005F8000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000009.00000003.2878556335.0000000028C2C000.00000004.00001000.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A78000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2872788376.000002E63AC59000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.2868388709.00002B9C00238000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit--annotation=channel=Stable--annotation=plat=
Source: installer.exe, 0000000F.00000002.2875896318.00002B9C002C4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit--url=https://crashstats-collector.opera.com/
Source: OperaGXSetup.exe, 00000006.00000002.2901349121.0000000054224000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x2f4
Source: OperaGXSetup.exe, 00000009.00000002.2884935461.0000000028C24000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x300
Source: assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit6
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitOperaDesktopGX
Source: OperaGXSetup.exe, 00000006.00000002.2901349121.0000000054224000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2902891568.00000000542BC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitT
Source: OperaGXSetup.exe, 00000006.00000002.2901773691.0000000054268000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitT&
Source: assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitZ
Source: assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitllO
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/$
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/6~
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/U
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/b
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/tUrlCache
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryBy
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryCx
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryP
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarya
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarydOIDInfo
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarydy.x
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarylwy
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarytx
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryuEuz
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryve7
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarywy
Source: OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/3d
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883069052.000000004902A000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1%
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1e
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=65442&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/u
Source: OperaGXSetup.exe, 00000005.00000003.2167809590.0000000001A37000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276745510.0000000001A37000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001988000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/ftp/pub/opera_gx/107.0.5045.79/win/Opera_GX_107.0.5045.79_Autoupdate_
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005020000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883069052.000000004902A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-1/1698947853-custom_partner_cont
Source: OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/sp
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/If
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant_gx/73.0.3856.382/Opera_GX_assistant_73.0.3856.382_
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2745567369.000075B400360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/
Source: installer.exe, 0000000E.00000003.2745567369.000075B400360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/u
Source: OperaGXSetup.exe, 00000005.00000003.2161415943.0000000001A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/)l
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/Al
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=17de6e44-cd52-4eec-9b
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gaana.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io)
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io/en/education.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io/en/get.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/
Source: launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/R
Source: opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/chrome-extension
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1776188531.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lamertang.com/4-peali-c1d-eny0-f8i
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/eula/computers
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/privacy
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/privacy.
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003D0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D11000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/terms
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/terms.
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://listen.tidal.com/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://listen.tidal.com/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.tidal.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/at/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/au/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/be/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/bg/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/br/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/by/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ca/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ch/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/cn/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/cz/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/de/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/dk/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/eg/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/es/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/fi/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/fr/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/gb/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/hu/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/id/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/in/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/it/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/jp/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ke/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/kr/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/kz/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ma/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/mx/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/my/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ng/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/nl/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/no/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ph/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/pl/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ro/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/rs/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ru/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/se/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/sg/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/sk/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/th/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/tr/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ua/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/us/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/vn/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/za/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.youtube.com
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=OFT&utm_campaign=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=OFT&utm_campaign=31121
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=OFT&utm_campaign=Downloading
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000241C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-1=31120
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D4E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.000000000369F000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000244B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-1?utm_source=PWNgames&utm_medium=pa&utm_campai
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000242D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com8R7/KLRL579/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D47000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com:443
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nova.rambler.ru/suggest?v=3&query=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://oauth.play.pl/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://offer.tidal.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://open.spotify.com
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://opera.com/privacy
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003727000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/geo?sourceID=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795740904.00000000007F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/geo?sourceID=31120&subId_1=361D4F6E-6488-4FB2-BF8B-32AC8683517
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/stpstat
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/stpstat&&subId_2=opera&subId_3=&subId_1=?sourceID=&subId_5=&ex
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003727000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/stpstat?
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://policies.google.com/terms;
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/amazon/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/search/rambler/?q=
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: installer.exe, 0000000E.00000002.2863088637.000075B4002EC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB4_3742&utm_content=3742_set
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.seznam.cz/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.co.jp/search?ei=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/search?ei=
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://smolecular.icu/tfg/?src=setupIO
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://soundcloud.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://sourcecode.opera.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://suggest.yandex.com.tr/suggest-opera?part=
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://telegram.org/tos/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://translate.yandex.fr/?text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://translate.yandex.net/main/v2.92.1465389915/i/favicon.ico
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.0000000000870000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.0000000000876000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002398000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2741486699.0000000001500000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742508996.0000000001870000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2743307763.00000000010E0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2744169384.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2745906045.0000000001830000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2749446919.0000000001110000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752926892.00000000016E0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754804739.0000000001670000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2778762112.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR8R7/KLRL579/?sub1=setupio&sub2=31120
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000081D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://try.opera.k
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://twitter.com/en/tos;
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/oauth
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.2719255948.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/baidu?wd=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/bg/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/br/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/cz/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/de/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/en/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/es/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/fi/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/fr/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/hu/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/id/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/it/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/mx/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/nl/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/no/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/pl/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/ro/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/ru/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/se/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/sk/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/sr/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/th/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/tr/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/us/login
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=opera&q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=opera-gx&q=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1779494360.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com..
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/eula/com5no
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/eula/computers
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/gx/
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com/privacy
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rambler.ru/favicon.ico
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1779494360.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.seznam.cz/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.so.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.so.com/s?src=lm&ls=sm2561755&lm_extend=ctype:31&q=
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.whatsapp.com/legal;
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.yahoo.co.jp/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com.tr/search/?clid=1669559&text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.fr/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.ua/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/home-static/_/92/929b10d17990e806734f68758ec917ec.png
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/home-static/_/f4/f47b1b3d8194c36ce660324ab55a04fe.png

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_00408643 SetWindowsHookExW 00000002,Function_00008615,00000000,00000000

10_2_00408643

Installs a global event hook (focus changed)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe entropy: 7.99999542145	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package entropy: 7.99999542145	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-dark.zip entropy: 7.99068917764	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-light.zip entropy: 7.99103298049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-dark.zip entropy: 7.99869813049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-light.zip entropy: 7.99851425914	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package entropy: 7.99594864967	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\default_dark_theme.zip entropy: 7.99758785849	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\PartnerRules entropy: 7.99926030074	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\73ea273a72f4aca30ca5.woff2 entropy: 7.99266429164	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\39890742bc957b368704.woff2 entropy: 7.99294636507	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\f650f111a3b890d116f1.woff2 entropy: 7.99099116763	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1833749219\classic.png entropy: 7.99067960013	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_240964628\GX_Wallpaper_classic.png entropy: 7.99798626337	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1072004584\GX_Wallpaper_Light_classic.png entropy: 7.99720505853	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\default_dark_theme.zip entropy: 7.99758785849	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\browser.js entropy: 7.9904775751	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\siteprefs.json entropy: 7.99016985488	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-dark.zip entropy: 7.99068917764	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-light.zip entropy: 7.99103298049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-dark.zip entropy: 7.99869813049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-light.zip entropy: 7.99851425914	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\assets\twitch-placeholder@x1.png entropy: 7.99139191957	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\img\crypto_wallet_background.34d522e0.webp entropy: 7.99397847277	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\img\portfolio_background.e09645c2.webp entropy: 7.99762050423	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\img\welcome_page_coin_logos.0d4e909e.webp entropy: 7.99152249428	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1054666066\classic.png entropy: 7.99067960013	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_493994295\GX_Wallpaper_classic.png entropy: 7.99798626337	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_386930391\GX_Wallpaper_Light_classic.png entropy: 7.99720505853	Jump to dropped file

System Summary

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_00302770: CreateFileW,DeviceIoControl,GetLastError,

11_2_00302770

Contains functionality to launch a process as a different user

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_00344EE0 SetHandleInformation,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,GetEnvironmentStringsW,FreeEnvironmentStringsW,CreateProcessW,AssignProcessToJobObject,AllowSetForegroundWindow,WaitForSingleObject,

11_2_00344EE0

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00405750	10_2_00405750
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_0041304B	10_2_0041304B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_0040AD40	10_2_0040AD40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00412910	10_2_00412910
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_004132E3	10_2_004132E3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00412F71	10_2_00412F71
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00330EE0	11_2_00330EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035F1B4	11_2_0035F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035B18D	11_2_0035B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035F782	11_2_0035F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003A206C	11_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002EA170	11_2_002EA170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F0290	11_2_002F0290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003522C0	11_2_003522C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00356390	11_2_00356390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00334410	11_2_00334410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0034C460	11_2_0034C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0042243A	11_2_0042243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00318480	11_2_00318480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00334730	11_2_00334730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00300746	11_2_00300746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F07C0	11_2_002F07C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00420864	11_2_00420864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00398860	11_2_00398860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003348E0	11_2_003348E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0043C89C	11_2_0043C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0043C954	11_2_0043C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0036A9F0	11_2_0036A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00422ACB	11_2_00422ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00338AC0	11_2_00338AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00352B10	11_2_00352B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F6C76	11_2_002F6C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003D6D0E	11_2_003D6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0038AE80	11_2_0038AE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00444EB6	11_2_00444EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00338EC0	11_2_00338EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003AD014	11_2_003AD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00423130	11_2_00423130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003A11A6	11_2_003A11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00309180	11_2_00309180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00421189	11_2_00421189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00353200	11_2_00353200
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00397280	11_2_00397280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00337370	11_2_00337370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003713D4	11_2_003713D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003A9494	11_2_003A9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003694F0	11_2_003694F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003454D0	11_2_003454D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F94D2	11_2_002F94D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002EF504	11_2_002EF504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003D35F4	11_2_003D35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0032D7D0	11_2_0032D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0034F8B0	11_2_0034F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003AD98E	11_2_003AD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002EDA78	11_2_002EDA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00423A9D	11_2_00423A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00441B41	11_2_00441B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0034FB00	11_2_0034FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00397B40	11_2_00397B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0041FBCF	11_2_0041FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002FBC70	11_2_002FBC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00345D10	11_2_00345D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0034FD10	11_2_0034FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00373DE0	11_2_00373DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0037FE30	11_2_0037FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002FDF40	11_2_002FDF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002EFFC0	11_2_002EFFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0041BFB0	11_2_0041BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003A206C	12_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003D6D0E	12_2_003D6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002EA170	12_2_002EA170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F0290	12_2_002F0290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003522C0	12_2_003522C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00356390	12_2_00356390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00334410	12_2_00334410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0034C460	12_2_0034C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0042243A	12_2_0042243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00318480	12_2_00318480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00334730	12_2_00334730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00300746	12_2_00300746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F07C0	12_2_002F07C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00420864	12_2_00420864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00398860	12_2_00398860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003348E0	12_2_003348E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0043C89C	12_2_0043C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0043C954	12_2_0043C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0036A9F0	12_2_0036A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00422ACB	12_2_00422ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00338AC0	12_2_00338AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00352B10	12_2_00352B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F6C76	12_2_002F6C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0038AE80	12_2_0038AE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00330EE0	12_2_00330EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00444EB6	12_2_00444EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00338EC0	12_2_00338EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003AD014	12_2_003AD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00423130	12_2_00423130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035F1B4	12_2_0035F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003A11A6	12_2_003A11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00309180	12_2_00309180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035B18D	12_2_0035B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00421189	12_2_00421189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00353200	12_2_00353200
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00397280	12_2_00397280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00337370	12_2_00337370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003713D4	12_2_003713D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003A9494	12_2_003A9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003694F0	12_2_003694F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003454D0	12_2_003454D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F94D2	12_2_002F94D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002EF504	12_2_002EF504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003D35F4	12_2_003D35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035F782	12_2_0035F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0032D7D0	12_2_0032D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0034F8B0	12_2_0034F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003AD98E	12_2_003AD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002EDA78	12_2_002EDA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00423A9D	12_2_00423A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00441B41	12_2_00441B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0034FB00	12_2_0034FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00397B40	12_2_00397B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0041FBCF	12_2_0041FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002FBC70	12_2_002FBC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00345D10	12_2_00345D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0034FD10	12_2_0034FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00373DE0	12_2_00373DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0037FE30	12_2_0037FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002FDF40	12_2_002FDF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002EFFC0	12_2_002EFFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0041BFB0	12_2_0041BFB0

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: String function: 004026DC appears 38 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 002E3696 appears 128 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0032C9E0 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0041A840 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00328B80 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00321BBC appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 002E1741 appears 408 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 004342D0 appears 110 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00320AA2 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00437CF8 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0032BE50 appears 78 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0032BEC0 appears 271 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0032B9C0 appears 154 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00320C44 appears 56 times

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: installer.exe.8.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: installer.exe.31.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows

PE file contains more sections than normal

Source: opera_autoupdate.exe.8.dr	Static PE information: Number of sections : 14 > 10
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: Number of sections : 15 > 10
Source: installer.exe.31.dr	Static PE information: Number of sections : 11 > 10
Source: installer.exe.8.dr	Static PE information: Number of sections : 11 > 10
Source: opera_elf.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: libEGL.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: mojo_core.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: opera_crashreporter.exe.8.dr	Static PE information: Number of sections : 13 > 10
Source: opera.exe.8.dr	Static PE information: Number of sections : 11 > 10
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: Number of sections : 15 > 10
Source: libGLESv2.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: Number of sections : 15 > 10
Source: win10_share_handler.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: notification_helper.exe.8.dr	Static PE information: Number of sections : 12 > 10
Source: opera_browser.dll.8.dr	Static PE information: Number of sections : 15 > 10
Source: installer_helper_64.exe.8.dr	Static PE information: Number of sections : 11 > 10
Source: launcher.exe.14.dr	Static PE information: Number of sections : 13 > 10
Source: dxcompiler.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: opera_gx_splash.exe.8.dr	Static PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: launcher.exe.8.dr	Static PE information: Number of sections : 13 > 10
Source: opera.exe.14.dr	Static PE information: Number of sections : 11 > 10

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FE35000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1776307366.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.0000000002798000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Searches the installation path of Mozilla Firefox

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Registry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uiamanager.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iertutil.dll
Source: C:\Windows\explorer.exe	Section loaded: twext.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: zipfldr.dll
Source: C:\Windows\explorer.exe	Section loaded: sendmail.dll
Source: C:\Windows\explorer.exe	Section loaded: mydocs.dll
Source: C:\Windows\explorer.exe	Section loaded: drprov.dll
Source: C:\Windows\explorer.exe	Section loaded: ntlanman.dll
Source: C:\Windows\explorer.exe	Section loaded: davclnt.dll
Source: C:\Windows\explorer.exe	Section loaded: davhlpr.dll
Source: C:\Windows\explorer.exe	Section loaded: playtodevice.dll
Source: C:\Windows\explorer.exe	Section loaded: ehstorapi.dll
Source: C:\Windows\explorer.exe	Section loaded: acppage.dll
Source: C:\Windows\explorer.exe	Section loaded: sfc.dll
Source: C:\Windows\explorer.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: ksuser.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dsreg.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wpnapps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: rmclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: usermgrcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.media.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: d3d11.dll

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: sus38.rans.spyw.evad.winEXE@106/1185@0/13

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_00408DD2 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,

10_2_00408DD2

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0030051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		11_2_0030051B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0030051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		12_2_0030051B

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_004011FD GetDiskFreeSpaceExW,SendMessageW,

10_2_004011FD

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_0040388A _wtol,_wtol,SHGetSpecialFolderPathW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,CoCreateInstance,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,

10_2_0040388A

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_00401DF5 GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,

10_2_00401DF5

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Mutant created: \Sessions\1\BaseNamedObjects\opera_splash_lock_0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\oauc_registry_mutex
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

File created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File read: C:\Windows\System32\drivers\etc\hosts

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	ReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Virustotal: Detection: 47%

Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$2040C,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$2040C,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: Opera GX Browser .lnk.14.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk0.14.dr	LNK file: ..\AppData\Local\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk1.14.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk2.14.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File written: C:\Users\user\AppData\Local\Temp\scoped_dir6668_666039449\persona.ini

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static file information: File size 2182176 > 1048576

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000E.00000000.2683061384.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2863845634.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877353306.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000000.2686209826.00007FF709791000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sers\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localizationl.pdb source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.00000000009E1000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000020.00000000.2775392213.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000020.00000002.2787815386.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: .exe.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: user32.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000021.00000002.2822156056.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000021.00000000.2786569147.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: 04AB974B14C4C44205044422E1.pdb source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: rrcsBizXUHISSeck.exe, 00000013.00000000.2738914318.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2739979138.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2740890446.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742095852.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2742916243.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2743982933.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2744605604.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2748351683.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752037220.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754018968.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2755480524.00000000005AE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: a_browser.dll.pdbs source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb~ source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ase.pdbs source: opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sbbdll.pdbREG_SZ source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: dxil.dll.8.dr

Static PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

10_2_0040239B

PE file contains an invalid checksum

Source: is-CR25G.tmp.1.dr	Static PE information: real checksum: 0x36b7e8 should be: 0x36d061
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0x311faa
Source: OperaGXSetup.exe.5.dr	Static PE information: real checksum: 0x36b7e8 should be: 0x36d061
Source: OperaLib.dll.1.dr	Static PE information: real checksum: 0x0 should be: 0x7f775

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Static PE information: section name: .didata
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: section name: .didata
Source: Opera_installer_2403291835508755424.dll.5.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835508755424.dll.5.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835508755424.dll.5.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835508755424.dll.5.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291835511345172.dll.6.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835511345172.dll.6.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835511345172.dll.6.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835511345172.dll.6.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291835514565980.dll.7.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835514565980.dll.7.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835514565980.dll.7.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835514565980.dll.7.dr	Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.8.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.8.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.8.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.8.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.8.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.8.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.8.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.8.dr	Static PE information: section name: _RDATA
Source: win10_share_handler.dll.8.dr	Static PE information: section name: .00cfg
Source: win10_share_handler.dll.8.dr	Static PE information: section name: .gxfg
Source: win10_share_handler.dll.8.dr	Static PE information: section name: .retplne
Source: win10_share_handler.dll.8.dr	Static PE information: section name: _RDATA
Source: win8_importing.dll.8.dr	Static PE information: section name: .00cfg
Source: win8_importing.dll.8.dr	Static PE information: section name: .gxfg
Source: win8_importing.dll.8.dr	Static PE information: section name: .retplne
Source: win8_importing.dll.8.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291835517673716.dll.8.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835517673716.dll.8.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835517673716.dll.8.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835517673716.dll.8.dr	Static PE information: section name: malloc_h
Source: mojo_core.dll.8.dr	Static PE information: section name: .00cfg
Source: mojo_core.dll.8.dr	Static PE information: section name: .gxfg
Source: mojo_core.dll.8.dr	Static PE information: section name: .retplne
Source: mojo_core.dll.8.dr	Static PE information: section name: _RDATA
Source: notification_helper.exe.8.dr	Static PE information: section name: .00cfg
Source: notification_helper.exe.8.dr	Static PE information: section name: .gxfg
Source: notification_helper.exe.8.dr	Static PE information: section name: .retplne
Source: notification_helper.exe.8.dr	Static PE information: section name: CPADinfo
Source: notification_helper.exe.8.dr	Static PE information: section name: _RDATA
Source: opera.exe.8.dr	Static PE information: section name: .00cfg
Source: opera.exe.8.dr	Static PE information: section name: .gxfg
Source: opera.exe.8.dr	Static PE information: section name: .retplne
Source: opera.exe.8.dr	Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: .00cfg
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: .gxfg
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: .retplne
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: CPADinfo
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: LZMADEC
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: malloc_h
Source: opera_browser.dll.8.dr	Static PE information: section name: .00cfg
Source: opera_browser.dll.8.dr	Static PE information: section name: .gxfg
Source: opera_browser.dll.8.dr	Static PE information: section name: .retplne
Source: opera_browser.dll.8.dr	Static PE information: section name: .rodata
Source: opera_browser.dll.8.dr	Static PE information: section name: CPADinfo
Source: opera_browser.dll.8.dr	Static PE information: section name: LZMADEC
Source: opera_browser.dll.8.dr	Static PE information: section name: _RDATA
Source: opera_browser.dll.8.dr	Static PE information: section name: malloc_h
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: .00cfg
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: .gxfg
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: .retplne
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: CPADinfo
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: _RDATA
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: malloc_h
Source: opera_elf.dll.8.dr	Static PE information: section name: .00cfg
Source: opera_elf.dll.8.dr	Static PE information: section name: .gxfg
Source: opera_elf.dll.8.dr	Static PE information: section name: .retplne
Source: opera_elf.dll.8.dr	Static PE information: section name: _RDATA
Source: opera_gx_splash.exe.8.dr	Static PE information: section name: .00cfg
Source: opera_gx_splash.exe.8.dr	Static PE information: section name: .gxfg
Source: opera_gx_splash.exe.8.dr	Static PE information: section name: .retplne
Source: opera_gx_splash.exe.8.dr	Static PE information: section name: _RDATA
Source: CUESDK.x64_2017.dll.8.dr	Static PE information: section name: .00cfg
Source: dxcompiler.dll.8.dr	Static PE information: section name: .00cfg
Source: dxcompiler.dll.8.dr	Static PE information: section name: .gxfg
Source: dxcompiler.dll.8.dr	Static PE information: section name: .retplne
Source: dxcompiler.dll.8.dr	Static PE information: section name: _RDATA
Source: dxil.dll.8.dr	Static PE information: section name: _RDATA
Source: installer.exe.8.dr	Static PE information: section name: .00cfg
Source: installer.exe.8.dr	Static PE information: section name: .gxfg
Source: installer.exe.8.dr	Static PE information: section name: .retplne
Source: installer.exe.8.dr	Static PE information: section name: _RDATA
Source: installer_helper_64.exe.8.dr	Static PE information: section name: .00cfg
Source: installer_helper_64.exe.8.dr	Static PE information: section name: .gxfg
Source: installer_helper_64.exe.8.dr	Static PE information: section name: .retplne
Source: installer_helper_64.exe.8.dr	Static PE information: section name: _RDATA
Source: launcher.exe.8.dr	Static PE information: section name: .00cfg
Source: launcher.exe.8.dr	Static PE information: section name: .gxfg
Source: launcher.exe.8.dr	Static PE information: section name: .retplne
Source: launcher.exe.8.dr	Static PE information: section name: LZMADEC
Source: launcher.exe.8.dr	Static PE information: section name: _RDATA
Source: launcher.exe.8.dr	Static PE information: section name: malloc_h
Source: libEGL.dll.8.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.8.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.8.dr	Static PE information: section name: .retplne
Source: libEGL.dll.8.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.8.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.8.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.8.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.8.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291835520002656.dll.9.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835520002656.dll.9.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835520002656.dll.9.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835520002656.dll.9.dr	Static PE information: section name: malloc_h
Source: assistant_installer.exe.10.dr	Static PE information: section name: .00cfg
Source: assistant_installer.exe.10.dr	Static PE information: section name: .voltbl
Source: assistant_installer.exe.10.dr	Static PE information: section name: CPADinfo
Source: browser_assistant.exe.10.dr	Static PE information: section name: .00cfg
Source: browser_assistant.exe.10.dr	Static PE information: section name: .rodata
Source: browser_assistant.exe.10.dr	Static PE information: section name: .voltbl
Source: browser_assistant.exe.10.dr	Static PE information: section name: CPADinfo
Source: mojo_core.dll.10.dr	Static PE information: section name: .00cfg
Source: mojo_core.dll.10.dr	Static PE information: section name: .voltbl
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: malloc_h
Source: opera.exe.14.dr	Static PE information: section name: .00cfg
Source: opera.exe.14.dr	Static PE information: section name: .gxfg
Source: opera.exe.14.dr	Static PE information: section name: .retplne
Source: opera.exe.14.dr	Static PE information: section name: _RDATA
Source: launcher.exe.14.dr	Static PE information: section name: .00cfg
Source: launcher.exe.14.dr	Static PE information: section name: .gxfg
Source: launcher.exe.14.dr	Static PE information: section name: .retplne
Source: launcher.exe.14.dr	Static PE information: section name: LZMADEC
Source: launcher.exe.14.dr	Static PE information: section name: _RDATA
Source: launcher.exe.14.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: malloc_h
Source: installer.exe.31.dr	Static PE information: section name: .00cfg
Source: installer.exe.31.dr	Static PE information: section name: .gxfg
Source: installer.exe.31.dr	Static PE information: section name: .retplne
Source: installer.exe.31.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: malloc_h

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00412C00 push eax; ret	10_2_00412C2E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0041B10C push ecx; ret	11_2_0041B11F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0041B10C push ecx; ret	12_2_0041B11F

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835517673716.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\additional_file0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711737406.old (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836456646936.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\is-CR25G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835508755424.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Opera_GX_assistant_73.0.3856.382_Setup[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836453876324.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835514565980.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835511345172.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836581706692.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835520002656.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	File created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193551250.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193552126.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329193613.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193645809.log	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\license.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\service.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\provider.js.LICENSE.txt

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Stores large binary data to the registry

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband FavoritesResolve

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_0034A6D0 rdtsc

11_2_0034A6D0

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Thread delayed: delay time: 922337203685477

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835517673716.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835514565980.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835511345172.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836456646936.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835508755424.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836581706692.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835520002656.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836453876324.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to dropped file

Found evaded block containing many API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Evaded block: after key decision

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	API coverage: 6.5 %
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	API coverage: 5.5 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 7052	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 7052	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe TID: 1020	Thread sleep time: -922337203685477s >= -30000s

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\blob_storage\2d1be686-7572-4c47-a1a8-6e6f3ae105d4 FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	10_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	10_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	11_2_00349120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003D9AE2 FindFirstFileExW,	11_2_003D9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	12_2_00349120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003D9AE2 FindFirstFileExW,	12_2_003D9AE2

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera	Jump to behavior

Source: explorer.exe, 00000012.00000000.2716759570.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000000.2715945417.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000012.00000000.2713624554.00000000078A0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: explorer.exe, 00000012.00000000.2716759570.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003DC0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.2716759570.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: explorer.exe, 00000012.00000000.2715945417.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000081D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001988000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000012.00000000.2716759570.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000012.00000000.2713624554.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000012.00000000.2715945417.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe

Process information queried: ProcessInformation

Anti Debugging

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_0034A6D0 rdtsc

11_2_0034A6D0

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_00346AE0 GetCurrentThread,IsDebuggerPresent,GetCurrentThreadId,__Init_thread_header,GetModuleHandleW,GetProcAddress,__Init_thread_footer,

11_2_00346AE0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

10_2_0040239B

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_004397FB mov eax, dword ptr fs:[00000030h]	11_2_004397FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00427C65 mov eax, dword ptr fs:[00000030h]	11_2_00427C65
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_004397FB mov eax, dword ptr fs:[00000030h]	12_2_004397FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00427C65 mov eax, dword ptr fs:[00000030h]	12_2_00427C65

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	11_2_0035AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003A206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen,	11_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,	11_2_0035C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0041A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_0041A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035ACEE GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	11_2_0035ACEE
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F1C00 SetUnhandledExceptionFilter,	11_2_002F1C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0042BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_0042BE76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003A206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen,	12_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,	12_2_0035C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0041A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_0041A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	12_2_0035AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F1C00 SetUnhandledExceptionFilter,	12_2_002F1C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0042BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_0042BE76

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtOpenKeyEx: Direct from: 0x76F02B9C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtOpenKeyEx: Direct from: 0x76F03C9C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtSetInformationProcess: Direct from: 0x76F02C5C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtUnmapViewOfSection: Direct from: 0x76F02D3C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtCreateMutant: Direct from: 0x76F035CC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtMapViewOfSection: Direct from: 0x76F02D1C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtOpenSection: Direct from: 0x76F02E0C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtQueryValueKey: Direct from: 0x76F02BEC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtAddAtomEx: Direct from: 0x76F0312C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtCreateFile: Direct from: 0x76F02FEC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtOpenFile: Direct from: 0x76F02DCC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtSetInformationThread: Direct from: 0x76F02ECC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtTerminateThread: Direct from: 0x76F02FCC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtQueryInformationProcess: Direct from: 0x76F02C26

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9c05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9c05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_0040247A AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

10_2_0040247A

Source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: Cannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000E.00000002.2857495442.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager_17aZ
Source: installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000E.00000002.2859196195.000001CCE16AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713444229.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: OperaGXSetup.exe, installer.exe, 0000000E.00000003.2753623330.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2857495442.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: installer.exe, 0000000E.00000003.2753486857.000001CCDECE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndX
Source: explorer.exe, 00000012.00000000.2716940508.0000000009ADC000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnde
Source: installer.exe, 0000000E.00000002.2859196195.000001CCE16AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnddia Center{
Source: installer.exe, 0000000E.00000002.2857162913.000001CCDECE4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2753486857.000001CCDECE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd 0
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: installer.exe, 0000000E.00000002.2857162913.000001CCDECE4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndX *
Source: explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: installer.exe, 0000000E.00000002.2859196195.000001CCE16AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program ManagerWi
Source: explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager
Source: installer.exe, 0000000E.00000003.2753623330.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2857495442.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Progman0

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_00351220 cpuid

11_2_00351220

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,??_U@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,	10_2_004021B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: GetLocaleInfoW,	11_2_0043769C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: GetLocaleInfoW,	12_2_0043769C

Queries the product ID of Windows

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\installer_prefs_include.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\root_files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\pref_default_overrides VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\installer_prefs_include.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\ab_tests.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\video_conference_popout.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\browser.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\siteprefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\partner_speeddials.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_666039449\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_666039449\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1442496224\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1442496224\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Web\Wallpaper\Windows\img0.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1033481467\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1033481467\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1054666066\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1054666066\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_493994295\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_493994295\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_386930391\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_386930391\GX_Wallpaper_Light_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1951791623\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1951791623\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1833749219\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1833749219\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_240964628\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_240964628\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\ScriptCache\4cb013792b196a35_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_459604197\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\347e592f-ac7b-4e67-84d5-adbd5f59389f.tmp VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_459604197\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\history-tags.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\main.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\startpage_test_function.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\targeted_sd_section.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\fr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\opera-services\cashback.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\opera-services\cashback.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\img\icons\icon_512.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\be\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es_419\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\avatar-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\checkbox.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\close.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\cover-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-arrow.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-logo.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\list-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\no-avatar.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\notification.mp3 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\search.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\settings.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\tile-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x1.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x2.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\common.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\input_styles.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\dummy_steamer_data.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch128.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\template.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\colors.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\preferences.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\sounds.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\stats.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\twitch_api.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\utils.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\volume.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0108e89c9003e8c14ea3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\017c29dbc4d9f1f201e9.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\01ac8450057de556853b.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\02271ec5cb9f5b4588ac.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0246e88ab3b60542f582.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0264fb02c65c7cc33355.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\046461fc1a778fe43d99.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\073b3402d036714b4370.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0c3b8929d377c0e9b2f3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0eebbdfb27d542c486ce.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\13a27524bd914f383b14.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\169.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\172d3529b26f8cedef6b.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1b3b83dac50be6b9c503.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e1c0e29b79b49a6ff4d.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e649c8a03d6232a688c.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\20f389c4120be058d80a.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\211.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\212532323374ae2448ec.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2179f0be6a7943d619de.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2573fae744f00a3822ff.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2960900c4f271311eb36.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2b1d5bea6b59d7df7543.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2d0dbf42750207f78ffa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2e7fc7bc27f14936d460.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2f7bc363fc5424ebda59.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\354501bac435c3264834.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\36c7b8b5ca8e5fb1c18c.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3732873d6bcc644421fa.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\395.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\39890742bc957b368704.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3a99e70aee4076660d38.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3be6ad1b3df0e5831c59.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3d0614224103268f2be7.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3dcbef40ef1b04e21951.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3f07ed67f06c720120ce.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\428978dc7837d46de091.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\44d85d37ca16b0b3a224.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4ad7c7e8bb8d10a34bb7.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c6b94fd1d07f8beff7c.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c761b3711973ab04edf.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4f35fbcc9ee8614c2bcc.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\53d29add4f51cb58cf68.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5571ad00c83ed7c02dfe.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\57f5c1837853986ea1db.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\591.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5adac599c899f8c8e7a5.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b49f4993ae22d7975b4.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b7f1191e76219e1b1a6.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5d1a909f3c0b18e897f0.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5e577791088fdf698fe4.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\60b4a28215d22a7d41a3.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\637f22f6137db0081579.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\651.js VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_0039CB18 GetVersion,CreateNamedPipeW,

11_2_0039CB18

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_00401841 ??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLocalTime,SystemTimeToFileTime,??2@YAPAXI@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,

10_2_00401841

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_00300746 GetUserNameW,GetNamedSecurityInfoW,GetNamedSecurityInfoW,GetExplicitEntriesFromAclW,CheckTokenMembership,BuildExplicitAccessWithNameW,SetEntriesInAclW,SetEntriesInAclW,LocalFree,LocalFree,LocalFree,LocalFree,SetNamedSecurityInfoW,SetNamedSecurityInfoW,LocalFree,LocalFree,

11_2_00300746

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_00405750 ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z,GetVersionExW,GetCommandLineW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetModuleFileNameW,_wtol,??2@YAPAXI@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfW,_wtol,GetCommandLineW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetCurrentProcess,SetProcessWorkingSetSize,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CoInitialize,_wtol,??3@YAXPAX@Z,GetKeyState,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetFileAttributesW,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetCurrentDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,MessageBoxA,

10_2_00405750

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Adds / modifies Windows certificates

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 Blob

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
44.217.103.196	unknown	United States	14618	AMAZON-AESUS	false
37.228.108.133	unknown	Norway	39832	NO-OPERANO	false
23.48.203.201	unknown	United States	24319	AKAMAI-TYO-APAkamaiTechnologiesTokyoASNSG	false
104.18.8.172	unknown	United States	13335	CLOUDFLARENETUS	false
88.208.5.115	unknown	Netherlands	39572	ADVANCEDHOSTERS-ASNL	false
192.229.211.108	unknown	United States	15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.10.89	unknown	United States	13335	CLOUDFLARENETUS	false
107.167.110.218	unknown	United States	21837	OPERASOFTWAREUS	false
107.167.110.211	unknown	United States	21837	OPERASOFTWAREUS	false
107.167.125.189	unknown	United States	21837	OPERASOFTWAREUS	false
107.167.96.31	unknown	United States	53755	IOFLOODUS	false

Private

IP
192.168.2.4

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	ReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Virustotal: Detection: 47%			Perma Link

Cryptography

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_8ccf0acf-0

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193551250.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193552126.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329193613.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193645809.log	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\license.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\service.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\provider.js.LICENSE.txt

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000E.00000000.2683061384.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2863845634.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877353306.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000000.2686209826.00007FF709791000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sers\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localizationl.pdb source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.00000000009E1000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000020.00000000.2775392213.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000020.00000002.2787815386.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: .exe.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: user32.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000021.00000002.2822156056.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000021.00000000.2786569147.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: 04AB974B14C4C44205044422E1.pdb source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: rrcsBizXUHISSeck.exe, 00000013.00000000.2738914318.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2739979138.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2740890446.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742095852.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2742916243.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2743982933.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2744605604.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2748351683.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752037220.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754018968.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2755480524.00000000005AE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: a_browser.dll.pdbs source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb~ source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ase.pdbs source: opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sbbdll.pdbREG_SZ source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	10_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	10_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	11_2_00349120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003D9AE2 FindFirstFileExW,	11_2_003D9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	12_2_00349120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003D9AE2 FindFirstFileExW,	12_2_003D9AE2

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera	Jump to behavior

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 37.228.108.133 37.228.108.133
Source: Joe Sandbox View	IP Address: 23.48.203.201 23.48.203.201
Source: Joe Sandbox View	IP Address: 104.18.8.172 104.18.8.172

Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "favicon_url": "https://www.rambler.ru/favicon.ico", equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "favicon_url": "https://www.yahoo.co.jp/favicon.ico", equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %t www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %t www.rambler.ru/favicon.icou equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %\|0www.yahoo.co.jp/favicon.ico equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %\|0www.yahoo.co.jp/favicon.icou equals www.yahoo.com (Yahoo)
Source: OperaGXSetup.exe	String found in binary or memory: hatsapp.com/legal; and c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/l equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.rambler.ru/favicon.icou equals www.rambler.ru (Rambler)

Source: OperaGXSetup.exe	String found in binary or memory: http://autoupdate-staging.services.ams.osa/
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A0F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digg
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: explorer.exe, 00000012.00000000.2716962759.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2714462125.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2715119137.0000000008720000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.org
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002398000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgA
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgAbout
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.kymoto.orgAcerca
Source: OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com
Source: OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com(
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2857162913.000001CCDEC4A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com0
Source: OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.comp
Source: opera.exe, 00000021.00000002.2809563417.000001D7B5870000.00000002.00000001.00040000.00000021.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.spotify.com/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.youtube.com
Source: explorer.exe, 00000012.00000000.2719255948.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/0f0e5f62d66c60ed333aca63dd12b74d89b1197f/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/175c553e1afe06b6eba448d5d51821f3b3200c23/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/1eccff548be9e5afea58974ea48f09611bb0971f/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/2f7d465d32db944b1a50d34569ecc10aa71d7b1b/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/47495671858c844787b75a7b65d83bf0f4daa0b7/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/47ac1e141dfbb826480ad739f82202f33942e3a9/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/5a244c9761df69fd3c6925ff8f639d24e28b1169/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/626b4fd1d224c0f6344647a9049bdade45c11e10/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7090985e32fa004ea7f01e519549d5bb07e36e57/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7537081f498da9b83d5905e8a6aa77283f222bc3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7ce8277c35ac7d51701decad652c060741bd7e48/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/7d5c2a2d6136fbf166211d5183bf66214a247f31/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/80c7dd8db07f193d40005f1a4c59dbc922d41bbc/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/9972667e4a17fabc1af14d8a388078a2069c5be3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/aaa83eac6890a9a6e2273ea51d6f2f2915b1a019/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/cf1b58b29b4efc97d4cd45328f0ab79f541469d4/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d31e12a38bccc4ce61b2fe8e6fd3160ec5191274/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d62bc2d4349d61e94daa48a5c49b897f6bfcd166/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/d7966d331216ef6a7affdecb3ee81600ba5c34d3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/e3f47f1911ec0c9b987871ea7bc7da7525594997/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/fd1ad64e991dece2a0e4b2c8d5b45d22d513bd8b/
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.browser.yandex.ua/suggest/get?part=
Source: explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712661824.0000000003700000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000012.00000000.2715945417.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://appleid.apple.com
Source: explorer.exe, 00000012.00000000.2715945417.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/.opera.comOpera
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera
Source: OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2387970978.000000000509B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79
Source: OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.794z
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79As
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79Urb
Source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/developernightlyStableinstaller_prefs.jsonNightlyDeveloperNextStabl
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/Z
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://browser-notifications.opera.com/api/v1/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://browser-notifications.opera.com/api/v1/333333
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://config.gx.games/v0/config
Source: OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://config.gx.games/v0/config?utm_campaign=PWN_US_PB4_3742&utm_medium=pa&utm_source=PWNgames&pro
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://config.gx.games/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&chann
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://consent.youtube.com
Source: assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: installer.exe, 0000000F.00000002.2872788376.000002E63AC50000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2875732136.00002B9C002AC000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000003.2804768028.000073F0002E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: OperaGXSetup.exe, 00000009.00000002.2886571583.0000000028CBC000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000009.00000002.2884935461.0000000028C24000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000009.00000002.2885746280.0000000028C68000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit(
Source: OperaGXSetup.exe, 00000009.00000002.2879616724.00000000005F8000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000009.00000003.2878556335.0000000028C2C000.00000004.00001000.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A78000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2872788376.000002E63AC59000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.2868388709.00002B9C00238000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit--annotation=channel=Stable--annotation=plat=
Source: installer.exe, 0000000F.00000002.2875896318.00002B9C002C4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit--url=https://crashstats-collector.opera.com/
Source: OperaGXSetup.exe, 00000006.00000002.2901349121.0000000054224000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x2f4
Source: OperaGXSetup.exe, 00000009.00000002.2884935461.0000000028C24000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x300
Source: assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit6
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitOperaDesktopGX
Source: OperaGXSetup.exe, 00000006.00000002.2901349121.0000000054224000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2902891568.00000000542BC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitT
Source: OperaGXSetup.exe, 00000006.00000002.2901773691.0000000054268000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitT&
Source: assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitZ
Source: assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitllO
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/$
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/6~
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/U
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/b
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/tUrlCache
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryBy
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryCx
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryP
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarya
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarydOIDInfo
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarydy.x
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarylwy
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarytx
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryuEuz
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryve7
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarywy
Source: OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/3d
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883069052.000000004902A000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1%
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1e
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=65442&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/u
Source: OperaGXSetup.exe, 00000005.00000003.2167809590.0000000001A37000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276745510.0000000001A37000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001988000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/ftp/pub/opera_gx/107.0.5045.79/win/Opera_GX_107.0.5045.79_Autoupdate_
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005020000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883069052.000000004902A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-1/1698947853-custom_partner_cont
Source: OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/sp
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/If
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant_gx/73.0.3856.382/Opera_GX_assistant_73.0.3856.382_
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2745567369.000075B400360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/
Source: installer.exe, 0000000E.00000003.2745567369.000075B400360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/u
Source: OperaGXSetup.exe, 00000005.00000003.2161415943.0000000001A37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/)l
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/Al
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=17de6e44-cd52-4eec-9b
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gaana.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io)
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io/en/education.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://gamemaker.io/en/get.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/
Source: launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/R
Source: opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/chrome-extension
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1776188531.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lamertang.com/4-peali-c1d-eny0-f8i
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/eula/computers
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/privacy
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/privacy.
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003D0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D11000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/terms
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://legal.opera.com/terms.
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://listen.tidal.com/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://listen.tidal.com/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.tidal.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/at/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/au/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/be/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/bg/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/br/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/by/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ca/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ch/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/cn/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/cz/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/de/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/dk/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/eg/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/es/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/fi/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/fr/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/gb/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/hu/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/id/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/in/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/it/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/jp/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ke/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/kr/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/kz/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ma/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/mx/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/my/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ng/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/nl/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/no/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ph/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/pl/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ro/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/rs/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ru/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/se/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/sg/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/sk/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/th/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/tr/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/ua/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/us/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/vn/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.apple.com/za/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://music.youtube.com
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=OFT&utm_campaign=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=OFT&utm_campaign=31121
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=OFT&utm_campaign=Downloading
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000241C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-1=31120
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D4E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.000000000369F000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000244B000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-1?utm_source=PWNgames&utm_medium=pa&utm_campai
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000242D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com8R7/KLRL579/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D47000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com:443
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nova.rambler.ru/suggest?v=3&query=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://oauth.play.pl/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://offer.tidal.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://open.spotify.com
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://opera.com/privacy
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003727000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/geo?sourceID=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795740904.00000000007F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/geo?sourceID=31120&subId_1=361D4F6E-6488-4FB2-BF8B-32AC8683517
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/stpstat
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/stpstat&&subId_2=opera&subId_3=&subId_1=?sourceID=&subId_5=&ex
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003727000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://partners-offapi.net/apiBundle/stpstat?
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://policies.google.com/terms;
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/amazon/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/search/rambler/?q=
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: installer.exe, 0000000E.00000002.2863088637.000075B4002EC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB4_3742&utm_content=3742_set
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.seznam.cz/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.co.jp/search?ei=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/search?ei=
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://smolecular.icu/tfg/?src=setupIO
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://soundcloud.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://sourcecode.opera.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://suggest.yandex.com.tr/suggest-opera?part=
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://telegram.org/tos/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://translate.yandex.fr/?text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://translate.yandex.net/main/v2.92.1465389915/i/favicon.ico
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.0000000000870000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.0000000000876000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002398000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2741486699.0000000001500000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742508996.0000000001870000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2743307763.00000000010E0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2744169384.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2745906045.0000000001830000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2749446919.0000000001110000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752926892.00000000016E0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754804739.0000000001670000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2778762112.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: https://try.opera.com/72TR8R7/KLRL579/?sub1=setupio&sub2=31120
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000081D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://try.opera.k
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://twitter.com/en/tos;
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/oauth
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.2719255948.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/baidu?wd=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/bg/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/br/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/cz/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/de/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/en/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/es/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/fi/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/fr/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/hu/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/id/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/it/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/mx/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/nl/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/no/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/pl/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/ro/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/ru/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/se/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/sk/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/sr/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/th/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/tr/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.deezer.com/us/login
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=opera&q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=opera-gx&q=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1779494360.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com..
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/eula/com5no
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/eula/computers
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/gx/
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.opera.com/privacy
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rambler.ru/favicon.ico
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1779494360.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.seznam.cz/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.so.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.so.com/s?src=lm&ls=sm2561755&lm_extend=ctype:31&q=
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.whatsapp.com/legal;
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.yahoo.co.jp/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com.tr/search/?clid=1669559&text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.fr/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yandex.ua/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/home-static/_/92/929b10d17990e806734f68758ec917ec.png
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/home-static/_/f4/f47b1b3d8194c36ce660324ab55a04fe.png

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_00408643 SetWindowsHookExW 00000002,Function_00008615,00000000,00000000

10_2_00408643

Installs a global event hook (focus changed)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe entropy: 7.99999542145	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package entropy: 7.99999542145	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-dark.zip entropy: 7.99068917764	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-light.zip entropy: 7.99103298049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-dark.zip entropy: 7.99869813049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-light.zip entropy: 7.99851425914	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package entropy: 7.99594864967	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\default_dark_theme.zip entropy: 7.99758785849	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\PartnerRules entropy: 7.99926030074	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\73ea273a72f4aca30ca5.woff2 entropy: 7.99266429164	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\39890742bc957b368704.woff2 entropy: 7.99294636507	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\f650f111a3b890d116f1.woff2 entropy: 7.99099116763	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1833749219\classic.png entropy: 7.99067960013	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_240964628\GX_Wallpaper_classic.png entropy: 7.99798626337	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1072004584\GX_Wallpaper_Light_classic.png entropy: 7.99720505853	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\default_dark_theme.zip entropy: 7.99758785849	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\browser.js entropy: 7.9904775751	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\siteprefs.json entropy: 7.99016985488	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-dark.zip entropy: 7.99068917764	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-light.zip entropy: 7.99103298049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-dark.zip entropy: 7.99869813049	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-light.zip entropy: 7.99851425914	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\assets\twitch-placeholder@x1.png entropy: 7.99139191957	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\img\crypto_wallet_background.34d522e0.webp entropy: 7.99397847277	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\img\portfolio_background.e09645c2.webp entropy: 7.99762050423	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\img\welcome_page_coin_logos.0d4e909e.webp entropy: 7.99152249428	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1054666066\classic.png entropy: 7.99067960013	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_493994295\GX_Wallpaper_classic.png entropy: 7.99798626337	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_386930391\GX_Wallpaper_Light_classic.png entropy: 7.99720505853	Jump to dropped file

System Summary

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_00302770: CreateFileW,DeviceIoControl,GetLastError,

11_2_00302770

Contains functionality to launch a process as a different user

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

11_2_00344EE0

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00405750	10_2_00405750
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_0041304B	10_2_0041304B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_0040AD40	10_2_0040AD40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00412910	10_2_00412910
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_004132E3	10_2_004132E3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00412F71	10_2_00412F71
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00330EE0	11_2_00330EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035F1B4	11_2_0035F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035B18D	11_2_0035B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035F782	11_2_0035F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003A206C	11_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002EA170	11_2_002EA170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F0290	11_2_002F0290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003522C0	11_2_003522C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00356390	11_2_00356390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00334410	11_2_00334410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0034C460	11_2_0034C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0042243A	11_2_0042243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00318480	11_2_00318480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00334730	11_2_00334730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00300746	11_2_00300746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F07C0	11_2_002F07C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00420864	11_2_00420864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00398860	11_2_00398860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003348E0	11_2_003348E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0043C89C	11_2_0043C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0043C954	11_2_0043C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0036A9F0	11_2_0036A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00422ACB	11_2_00422ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00338AC0	11_2_00338AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00352B10	11_2_00352B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F6C76	11_2_002F6C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003D6D0E	11_2_003D6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0038AE80	11_2_0038AE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00444EB6	11_2_00444EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00338EC0	11_2_00338EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003AD014	11_2_003AD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00423130	11_2_00423130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003A11A6	11_2_003A11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00309180	11_2_00309180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00421189	11_2_00421189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00353200	11_2_00353200
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00397280	11_2_00397280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00337370	11_2_00337370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003713D4	11_2_003713D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003A9494	11_2_003A9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003694F0	11_2_003694F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003454D0	11_2_003454D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F94D2	11_2_002F94D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002EF504	11_2_002EF504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003D35F4	11_2_003D35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0032D7D0	11_2_0032D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0034F8B0	11_2_0034F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003AD98E	11_2_003AD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002EDA78	11_2_002EDA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00423A9D	11_2_00423A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00441B41	11_2_00441B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0034FB00	11_2_0034FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00397B40	11_2_00397B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0041FBCF	11_2_0041FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002FBC70	11_2_002FBC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00345D10	11_2_00345D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0034FD10	11_2_0034FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00373DE0	11_2_00373DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0037FE30	11_2_0037FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002FDF40	11_2_002FDF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002EFFC0	11_2_002EFFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0041BFB0	11_2_0041BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003A206C	12_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003D6D0E	12_2_003D6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002EA170	12_2_002EA170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F0290	12_2_002F0290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003522C0	12_2_003522C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00356390	12_2_00356390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00334410	12_2_00334410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0034C460	12_2_0034C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0042243A	12_2_0042243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00318480	12_2_00318480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00334730	12_2_00334730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00300746	12_2_00300746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F07C0	12_2_002F07C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00420864	12_2_00420864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00398860	12_2_00398860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003348E0	12_2_003348E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0043C89C	12_2_0043C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0043C954	12_2_0043C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0036A9F0	12_2_0036A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00422ACB	12_2_00422ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00338AC0	12_2_00338AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00352B10	12_2_00352B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F6C76	12_2_002F6C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0038AE80	12_2_0038AE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00330EE0	12_2_00330EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00444EB6	12_2_00444EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00338EC0	12_2_00338EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003AD014	12_2_003AD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00423130	12_2_00423130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035F1B4	12_2_0035F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003A11A6	12_2_003A11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00309180	12_2_00309180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035B18D	12_2_0035B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00421189	12_2_00421189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00353200	12_2_00353200
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00397280	12_2_00397280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00337370	12_2_00337370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003713D4	12_2_003713D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003A9494	12_2_003A9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003694F0	12_2_003694F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003454D0	12_2_003454D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F94D2	12_2_002F94D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002EF504	12_2_002EF504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003D35F4	12_2_003D35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035F782	12_2_0035F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0032D7D0	12_2_0032D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0034F8B0	12_2_0034F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003AD98E	12_2_003AD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002EDA78	12_2_002EDA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00423A9D	12_2_00423A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00441B41	12_2_00441B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0034FB00	12_2_0034FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00397B40	12_2_00397B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0041FBCF	12_2_0041FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002FBC70	12_2_002FBC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00345D10	12_2_00345D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0034FD10	12_2_0034FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00373DE0	12_2_00373DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0037FE30	12_2_0037FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002FDF40	12_2_002FDF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002EFFC0	12_2_002EFFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0041BFB0	12_2_0041BFB0

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: String function: 004026DC appears 38 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 002E3696 appears 128 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0032C9E0 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0041A840 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00328B80 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00321BBC appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 002E1741 appears 408 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 004342D0 appears 110 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00320AA2 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00437CF8 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0032BE50 appears 78 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0032BEC0 appears 271 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 0032B9C0 appears 154 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: String function: 00320C44 appears 56 times

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: installer.exe.8.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: installer.exe.31.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows

PE file contains more sections than normal

Source: opera_autoupdate.exe.8.dr	Static PE information: Number of sections : 14 > 10
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: Number of sections : 15 > 10
Source: installer.exe.31.dr	Static PE information: Number of sections : 11 > 10
Source: installer.exe.8.dr	Static PE information: Number of sections : 11 > 10
Source: opera_elf.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: libEGL.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: mojo_core.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: opera_crashreporter.exe.8.dr	Static PE information: Number of sections : 13 > 10
Source: opera.exe.8.dr	Static PE information: Number of sections : 11 > 10
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: Number of sections : 15 > 10
Source: libGLESv2.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: Number of sections : 15 > 10
Source: win10_share_handler.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: notification_helper.exe.8.dr	Static PE information: Number of sections : 12 > 10
Source: opera_browser.dll.8.dr	Static PE information: Number of sections : 15 > 10
Source: installer_helper_64.exe.8.dr	Static PE information: Number of sections : 11 > 10
Source: launcher.exe.14.dr	Static PE information: Number of sections : 13 > 10
Source: dxcompiler.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: opera_gx_splash.exe.8.dr	Static PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.8.dr	Static PE information: Number of sections : 11 > 10
Source: launcher.exe.8.dr	Static PE information: Number of sections : 13 > 10
Source: opera.exe.14.dr	Static PE information: Number of sections : 11 > 10

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FE35000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1776307366.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.0000000002798000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Searches the installation path of Mozilla Firefox

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Registry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uiamanager.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Section loaded: iertutil.dll
Source: C:\Windows\explorer.exe	Section loaded: twext.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: zipfldr.dll
Source: C:\Windows\explorer.exe	Section loaded: sendmail.dll
Source: C:\Windows\explorer.exe	Section loaded: mydocs.dll
Source: C:\Windows\explorer.exe	Section loaded: drprov.dll
Source: C:\Windows\explorer.exe	Section loaded: ntlanman.dll
Source: C:\Windows\explorer.exe	Section loaded: davclnt.dll
Source: C:\Windows\explorer.exe	Section loaded: davhlpr.dll
Source: C:\Windows\explorer.exe	Section loaded: playtodevice.dll
Source: C:\Windows\explorer.exe	Section loaded: ehstorapi.dll
Source: C:\Windows\explorer.exe	Section loaded: acppage.dll
Source: C:\Windows\explorer.exe	Section loaded: sfc.dll
Source: C:\Windows\explorer.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: mfcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: ksuser.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dsreg.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: wpnapps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: rmclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: usermgrcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: windows.media.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Section loaded: d3d11.dll

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: sus38.rans.spyw.evad.winEXE@106/1185@0/13

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_00408DD2 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,

10_2_00408DD2

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0030051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		11_2_0030051B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0030051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		12_2_0030051B

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_004011FD GetDiskFreeSpaceExW,SendMessageW,

10_2_004011FD

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

10_2_0040388A

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

10_2_00401DF5

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Mutant created: \Sessions\1\BaseNamedObjects\opera_splash_lock_0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\oauc_registry_mutex
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

File created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File read: C:\Windows\System32\drivers\etc\hosts

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	ReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Virustotal: Detection: 47%

Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: OperaGXSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup
Source: OperaGXSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaGXSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaGXSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exe	String found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exe	String found in binary or memory: ran-launcher
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe	String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe	String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe	String found in binary or memory: Try '%ls --help' for more information.

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$2040C,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$2040C,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: Opera GX Browser .lnk.14.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk0.14.dr	LNK file: ..\AppData\Local\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk1.14.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk2.14.dr	LNK file: ..\..\..\..\Programs\Opera GX\launcher.exe

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File written: C:\Users\user\AppData\Local\Temp\scoped_dir6668_666039449\persona.ini

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Automated click: I accept the agreement

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static file information: File size 2182176 > 1048576

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000E.00000000.2683061384.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2863845634.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877353306.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000000.2686209826.00007FF709791000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sers\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localizationl.pdb source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.00000000009E1000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000020.00000000.2775392213.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000020.00000002.2787815386.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: .exe.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: user32.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000021.00000002.2822156056.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000021.00000000.2786569147.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: 04AB974B14C4C44205044422E1.pdb source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: rrcsBizXUHISSeck.exe, 00000013.00000000.2738914318.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2739979138.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2740890446.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742095852.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2742916243.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2743982933.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2744605604.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2748351683.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752037220.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754018968.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2755480524.00000000005AE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: a_browser.dll.pdbs source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb~ source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ase.pdbs source: opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sbbdll.pdbREG_SZ source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: dxil.dll.8.dr

Static PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

10_2_0040239B

PE file contains an invalid checksum

Source: is-CR25G.tmp.1.dr	Static PE information: real checksum: 0x36b7e8 should be: 0x36d061
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0x311faa
Source: OperaGXSetup.exe.5.dr	Static PE information: real checksum: 0x36b7e8 should be: 0x36d061
Source: OperaLib.dll.1.dr	Static PE information: real checksum: 0x0 should be: 0x7f775

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Static PE information: section name: .didata
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.dr	Static PE information: section name: .didata
Source: Opera_installer_2403291835508755424.dll.5.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835508755424.dll.5.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835508755424.dll.5.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835508755424.dll.5.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291835511345172.dll.6.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835511345172.dll.6.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835511345172.dll.6.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835511345172.dll.6.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291835514565980.dll.7.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835514565980.dll.7.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835514565980.dll.7.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835514565980.dll.7.dr	Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.8.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.8.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.8.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.8.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.8.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.8.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.8.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.8.dr	Static PE information: section name: _RDATA
Source: win10_share_handler.dll.8.dr	Static PE information: section name: .00cfg
Source: win10_share_handler.dll.8.dr	Static PE information: section name: .gxfg
Source: win10_share_handler.dll.8.dr	Static PE information: section name: .retplne
Source: win10_share_handler.dll.8.dr	Static PE information: section name: _RDATA
Source: win8_importing.dll.8.dr	Static PE information: section name: .00cfg
Source: win8_importing.dll.8.dr	Static PE information: section name: .gxfg
Source: win8_importing.dll.8.dr	Static PE information: section name: .retplne
Source: win8_importing.dll.8.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291835517673716.dll.8.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835517673716.dll.8.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835517673716.dll.8.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835517673716.dll.8.dr	Static PE information: section name: malloc_h
Source: mojo_core.dll.8.dr	Static PE information: section name: .00cfg
Source: mojo_core.dll.8.dr	Static PE information: section name: .gxfg
Source: mojo_core.dll.8.dr	Static PE information: section name: .retplne
Source: mojo_core.dll.8.dr	Static PE information: section name: _RDATA
Source: notification_helper.exe.8.dr	Static PE information: section name: .00cfg
Source: notification_helper.exe.8.dr	Static PE information: section name: .gxfg
Source: notification_helper.exe.8.dr	Static PE information: section name: .retplne
Source: notification_helper.exe.8.dr	Static PE information: section name: CPADinfo
Source: notification_helper.exe.8.dr	Static PE information: section name: _RDATA
Source: opera.exe.8.dr	Static PE information: section name: .00cfg
Source: opera.exe.8.dr	Static PE information: section name: .gxfg
Source: opera.exe.8.dr	Static PE information: section name: .retplne
Source: opera.exe.8.dr	Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: .00cfg
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: .gxfg
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: .retplne
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: CPADinfo
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: LZMADEC
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.8.dr	Static PE information: section name: malloc_h
Source: opera_browser.dll.8.dr	Static PE information: section name: .00cfg
Source: opera_browser.dll.8.dr	Static PE information: section name: .gxfg
Source: opera_browser.dll.8.dr	Static PE information: section name: .retplne
Source: opera_browser.dll.8.dr	Static PE information: section name: .rodata
Source: opera_browser.dll.8.dr	Static PE information: section name: CPADinfo
Source: opera_browser.dll.8.dr	Static PE information: section name: LZMADEC
Source: opera_browser.dll.8.dr	Static PE information: section name: _RDATA
Source: opera_browser.dll.8.dr	Static PE information: section name: malloc_h
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: .00cfg
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: .gxfg
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: .retplne
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: CPADinfo
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: _RDATA
Source: opera_crashreporter.exe.8.dr	Static PE information: section name: malloc_h
Source: opera_elf.dll.8.dr	Static PE information: section name: .00cfg
Source: opera_elf.dll.8.dr	Static PE information: section name: .gxfg
Source: opera_elf.dll.8.dr	Static PE information: section name: .retplne
Source: opera_elf.dll.8.dr	Static PE information: section name: _RDATA
Source: opera_gx_splash.exe.8.dr	Static PE information: section name: .00cfg
Source: opera_gx_splash.exe.8.dr	Static PE information: section name: .gxfg
Source: opera_gx_splash.exe.8.dr	Static PE information: section name: .retplne
Source: opera_gx_splash.exe.8.dr	Static PE information: section name: _RDATA
Source: CUESDK.x64_2017.dll.8.dr	Static PE information: section name: .00cfg
Source: dxcompiler.dll.8.dr	Static PE information: section name: .00cfg
Source: dxcompiler.dll.8.dr	Static PE information: section name: .gxfg
Source: dxcompiler.dll.8.dr	Static PE information: section name: .retplne
Source: dxcompiler.dll.8.dr	Static PE information: section name: _RDATA
Source: dxil.dll.8.dr	Static PE information: section name: _RDATA
Source: installer.exe.8.dr	Static PE information: section name: .00cfg
Source: installer.exe.8.dr	Static PE information: section name: .gxfg
Source: installer.exe.8.dr	Static PE information: section name: .retplne
Source: installer.exe.8.dr	Static PE information: section name: _RDATA
Source: installer_helper_64.exe.8.dr	Static PE information: section name: .00cfg
Source: installer_helper_64.exe.8.dr	Static PE information: section name: .gxfg
Source: installer_helper_64.exe.8.dr	Static PE information: section name: .retplne
Source: installer_helper_64.exe.8.dr	Static PE information: section name: _RDATA
Source: launcher.exe.8.dr	Static PE information: section name: .00cfg
Source: launcher.exe.8.dr	Static PE information: section name: .gxfg
Source: launcher.exe.8.dr	Static PE information: section name: .retplne
Source: launcher.exe.8.dr	Static PE information: section name: LZMADEC
Source: launcher.exe.8.dr	Static PE information: section name: _RDATA
Source: launcher.exe.8.dr	Static PE information: section name: malloc_h
Source: libEGL.dll.8.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.8.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.8.dr	Static PE information: section name: .retplne
Source: libEGL.dll.8.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.8.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.8.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.8.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.8.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291835520002656.dll.9.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291835520002656.dll.9.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291835520002656.dll.9.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291835520002656.dll.9.dr	Static PE information: section name: malloc_h
Source: assistant_installer.exe.10.dr	Static PE information: section name: .00cfg
Source: assistant_installer.exe.10.dr	Static PE information: section name: .voltbl
Source: assistant_installer.exe.10.dr	Static PE information: section name: CPADinfo
Source: browser_assistant.exe.10.dr	Static PE information: section name: .00cfg
Source: browser_assistant.exe.10.dr	Static PE information: section name: .rodata
Source: browser_assistant.exe.10.dr	Static PE information: section name: .voltbl
Source: browser_assistant.exe.10.dr	Static PE information: section name: CPADinfo
Source: mojo_core.dll.10.dr	Static PE information: section name: .00cfg
Source: mojo_core.dll.10.dr	Static PE information: section name: .voltbl
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291836453876324.dll.14.dr	Static PE information: section name: malloc_h
Source: opera.exe.14.dr	Static PE information: section name: .00cfg
Source: opera.exe.14.dr	Static PE information: section name: .gxfg
Source: opera.exe.14.dr	Static PE information: section name: .retplne
Source: opera.exe.14.dr	Static PE information: section name: _RDATA
Source: launcher.exe.14.dr	Static PE information: section name: .00cfg
Source: launcher.exe.14.dr	Static PE information: section name: .gxfg
Source: launcher.exe.14.dr	Static PE information: section name: .retplne
Source: launcher.exe.14.dr	Static PE information: section name: LZMADEC
Source: launcher.exe.14.dr	Static PE information: section name: _RDATA
Source: launcher.exe.14.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291836456646936.dll.15.dr	Static PE information: section name: malloc_h
Source: installer.exe.31.dr	Static PE information: section name: .00cfg
Source: installer.exe.31.dr	Static PE information: section name: .gxfg
Source: installer.exe.31.dr	Static PE information: section name: .retplne
Source: installer.exe.31.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: .00cfg
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: .gxfg
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: .retplne
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: .rodata
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: LZMADEC
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: _RDATA
Source: Opera_installer_2403291836581706692.dll.39.dr	Static PE information: section name: malloc_h

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00412C00 push eax; ret	10_2_00412C2E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0041B10C push ecx; ret	11_2_0041B11F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0041B10C push ecx; ret	12_2_0041B11F

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835517673716.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\additional_file0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711737406.old (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836456646936.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\is-CR25G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835508755424.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Opera_GX_assistant_73.0.3856.382_Setup[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836453876324.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835514565980.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835511345172.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836581706692.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835520002656.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	File created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193551250.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193552126.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329193613.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193645809.log	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	File created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\license.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\service.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\provider.js.LICENSE.txt

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Stores large binary data to the registry

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband FavoritesResolve

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_0034A6D0 rdtsc

11_2_0034A6D0

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Thread delayed: delay time: 922337203685477

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835517673716.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835514565980.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835511345172.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836456646936.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835508755424.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836581706692.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835520002656.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836453876324.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe	Jump to dropped file

Found evaded block containing many API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Evaded block: after key decision

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	API coverage: 6.5 %
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	API coverage: 5.5 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 7052	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 7052	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe TID: 1020	Thread sleep time: -922337203685477s >= -30000s

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\blob_storage\2d1be686-7572-4c47-a1a8-6e6f3ae105d4 FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,	10_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: 10_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,	10_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	11_2_00349120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003D9AE2 FindFirstFileExW,	11_2_003D9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,	12_2_00349120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003D9AE2 FindFirstFileExW,	12_2_003D9AE2

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	File opened: C:\Users\user\AppData\Local\Temp\.opera	Jump to behavior

Source: explorer.exe, 00000012.00000000.2716759570.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000000.2715945417.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000012.00000000.2713624554.00000000078A0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: explorer.exe, 00000012.00000000.2716759570.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003DC0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.2716759570.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: explorer.exe, 00000012.00000000.2715945417.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000081D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001988000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000012.00000000.2716759570.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000012.00000000.2713624554.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000012.00000000.2715945417.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe

Process information queried: ProcessInformation

Anti Debugging

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_0034A6D0 rdtsc

11_2_0034A6D0

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_00346AE0 GetCurrentThread,IsDebuggerPresent,GetCurrentThreadId,__Init_thread_header,GetModuleHandleW,GetProcAddress,__Init_thread_footer,

11_2_00346AE0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,

10_2_0040239B

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_004397FB mov eax, dword ptr fs:[00000030h]	11_2_004397FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_00427C65 mov eax, dword ptr fs:[00000030h]	11_2_00427C65
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_004397FB mov eax, dword ptr fs:[00000030h]	12_2_004397FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_00427C65 mov eax, dword ptr fs:[00000030h]	12_2_00427C65

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	11_2_0035AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_003A206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen,	11_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,	11_2_0035C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0041A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_0041A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0035ACEE GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	11_2_0035ACEE
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_002F1C00 SetUnhandledExceptionFilter,	11_2_002F1C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 11_2_0042BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_0042BE76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_003A206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen,	12_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,	12_2_0035C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0041A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_0041A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0035AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,	12_2_0035AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_002F1C00 SetUnhandledExceptionFilter,	12_2_002F1C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: 12_2_0042BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_0042BE76

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtOpenKeyEx: Direct from: 0x76F02B9C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtOpenKeyEx: Direct from: 0x76F03C9C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtSetInformationProcess: Direct from: 0x76F02C5C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtUnmapViewOfSection: Direct from: 0x76F02D3C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtCreateMutant: Direct from: 0x76F035CC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtMapViewOfSection: Direct from: 0x76F02D1C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtOpenSection: Direct from: 0x76F02E0C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtQueryValueKey: Direct from: 0x76F02BEC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtAddAtomEx: Direct from: 0x76F0312C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtCreateFile: Direct from: 0x76F02FEC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtOpenFile: Direct from: 0x76F02DCC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtSetInformationThread: Direct from: 0x76F02ECC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtTerminateThread: Direct from: 0x76F02FCC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe	NtQueryInformationProcess: Direct from: 0x76F02C26

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: unknown unknown

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9c05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9c05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Code function: 10_2_0040247A AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

10_2_0040247A

Source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: Cannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000E.00000002.2857495442.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager_17aZ
Source: installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000E.00000002.2859196195.000001CCE16AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713444229.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: OperaGXSetup.exe, installer.exe, 0000000E.00000003.2753623330.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2857495442.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: installer.exe, 0000000E.00000003.2753486857.000001CCDECE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndX
Source: explorer.exe, 00000012.00000000.2716940508.0000000009ADC000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnde
Source: installer.exe, 0000000E.00000002.2859196195.000001CCE16AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnddia Center{
Source: installer.exe, 0000000E.00000002.2857162913.000001CCDECE4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2753486857.000001CCDECE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd 0
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: installer.exe, 0000000E.00000002.2857162913.000001CCDECE4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndX *
Source: explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: installer.exe, 0000000E.00000002.2859196195.000001CCE16AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program ManagerWi
Source: explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager
Source: installer.exe, 0000000E.00000003.2753623330.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2857495442.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Progman0

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_00351220 cpuid

11_2_00351220

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe	Code function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,??_U@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,	10_2_004021B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: GetLocaleInfoW,	11_2_0043769C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe	Code function: GetLocaleInfoW,	12_2_0043769C

Queries the product ID of Windows

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\installer_prefs_include.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\root_files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\files_list VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\pref_default_overrides VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\installer_prefs_include.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\ab_tests.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\video_conference_popout.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\browser.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\siteprefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\partner_speeddials.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_666039449\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_666039449\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1442496224\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1442496224\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Web\Wallpaper\Windows\img0.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1033481467\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1033481467\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1054666066\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1054666066\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_493994295\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_493994295\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_386930391\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_386930391\GX_Wallpaper_Light_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1951791623\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1951791623\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1833749219\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1833749219\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_240964628\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_240964628\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\ScriptCache\4cb013792b196a35_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_459604197\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\347e592f-ac7b-4e67-84d5-adbd5f59389f.tmp VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_459604197\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\history-tags.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\main.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\startpage_test_function.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\targeted_sd_section.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\fr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\opera-services\cashback.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\opera-services\cashback.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\img\icons\icon_512.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\be\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es_419\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\avatar-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\checkbox.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\close.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\cover-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-arrow.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-logo.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\list-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\no-avatar.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\notification.mp3 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\search.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\settings.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\tile-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x1.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x2.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\common.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\input_styles.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\dummy_steamer_data.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch128.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\template.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\colors.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\preferences.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\sounds.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\stats.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\twitch_api.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\utils.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\volume.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0108e89c9003e8c14ea3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\017c29dbc4d9f1f201e9.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\01ac8450057de556853b.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\02271ec5cb9f5b4588ac.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0246e88ab3b60542f582.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0264fb02c65c7cc33355.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\046461fc1a778fe43d99.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\073b3402d036714b4370.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0c3b8929d377c0e9b2f3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0eebbdfb27d542c486ce.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\13a27524bd914f383b14.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\169.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\172d3529b26f8cedef6b.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1b3b83dac50be6b9c503.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e1c0e29b79b49a6ff4d.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e649c8a03d6232a688c.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\20f389c4120be058d80a.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\211.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\212532323374ae2448ec.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2179f0be6a7943d619de.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2573fae744f00a3822ff.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2960900c4f271311eb36.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2b1d5bea6b59d7df7543.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2d0dbf42750207f78ffa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2e7fc7bc27f14936d460.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2f7bc363fc5424ebda59.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\354501bac435c3264834.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\36c7b8b5ca8e5fb1c18c.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3732873d6bcc644421fa.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\395.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\39890742bc957b368704.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3a99e70aee4076660d38.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3be6ad1b3df0e5831c59.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3d0614224103268f2be7.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3dcbef40ef1b04e21951.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3f07ed67f06c720120ce.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\428978dc7837d46de091.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\44d85d37ca16b0b3a224.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4ad7c7e8bb8d10a34bb7.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c6b94fd1d07f8beff7c.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c761b3711973ab04edf.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4f35fbcc9ee8614c2bcc.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\53d29add4f51cb58cf68.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5571ad00c83ed7c02dfe.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\57f5c1837853986ea1db.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\591.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5adac599c899f8c8e7a5.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b49f4993ae22d7975b4.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b7f1191e76219e1b1a6.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5d1a909f3c0b18e897f0.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5e577791088fdf698fe4.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\60b4a28215d22a7d41a3.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\637f22f6137db0081579.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe	Queries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\651.js VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

Code function: 11_2_0039CB18 GetVersion,CreateNamedPipeW,

11_2_0039CB18

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

10_2_00401841

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe

11_2_00300746

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

10_2_00405750

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Adds / modifies Windows certificates

Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 Blob

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

ID:	1417615
Product:	CloudBasic
Start time:	19:34:13
Start date:	29.03.2024
Sample:	SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	dbb69ee00786bed3e12a04518e0f469a
SHA1:	40a82d88b06e6be8ba82fab34b4a29305466202a
SHA256:	dbc32537a29f5eba5406aa3f2ae409eb52ea904e76c19a74bfb480a8c8c63d69
Filetype:	Win32 Executable (generic) a (10002005/4) 98.04%

Windows Analysis Report SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

AV Detection

Cryptography

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Windows Analysis Report
SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe