Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe

Overview

General Information

Sample name:SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Analysis ID:1417615
MD5:dbb69ee00786bed3e12a04518e0f469a
SHA1:40a82d88b06e6be8ba82fab34b4a29305466202a
SHA256:dbc32537a29f5eba5406aa3f2ae409eb52ea904e76c19a74bfb480a8c8c63d69
Tags:exe
Infos:

Detection

Score:38
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:35
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to register a low level keyboard hook
Found direct / indirect Syscall (likely to bypass EDR)
Installs a global event hook (focus changed)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Writes many files with high entropy
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches the installation path of Mozilla Firefox
Stores large binary data to the registry
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample searches for specific file, try point organization specific fake files to the analysis machine
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe (PID: 6960 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe" MD5: DBB69EE00786BED3E12A04518E0F469A)
    • SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp (PID: 7004 cmdline: "C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$2040C,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe" MD5: 668D5368DEF8B65631C43EECBD50EA48)
      • OperaGXSetup.exe (PID: 5424 cmdline: "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0 MD5: 1033B8A679409AAE694776CF2FDD3E8D)
        • OperaGXSetup.exe (PID: 5172 cmdline: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254 MD5: 1033B8A679409AAE694776CF2FDD3E8D)
        • OperaGXSetup.exe (PID: 5980 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version MD5: 1033B8A679409AAE694776CF2FDD3E8D)
        • OperaGXSetup.exe (PID: 3716 cmdline: "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000 MD5: 1033B8A679409AAE694776CF2FDD3E8D)
          • OperaGXSetup.exe (PID: 2656 cmdline: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254 MD5: 1033B8A679409AAE694776CF2FDD3E8D)
          • installer.exe (PID: 6324 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79 MD5: 21AD4599ABD2E158DB5128F32D3CC4EE)
            • installer.exe (PID: 6936 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198 MD5: 21AD4599ABD2E158DB5128F32D3CC4EE)
            • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
              • opera.exe (PID: 6668 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040 --lowered-browser MD5: F452A15BC7E4392149F6BB2675EAAA59)
            • rrcsBizXUHISSeck.exe (PID: 1704 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 5668 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 2896 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 4020 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 1004 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 1456 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 4996 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 5300 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 5676 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 3808 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • launcher.exe (PID: 4900 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized MD5: D737A64C835D918DBE53B2C7724488FF)
              • opera_gx_splash.exe (PID: 4820 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=0e78e69c624cbcf87c7f299659eb65c0 MD5: 706FE814240C22A6CB09FBF48CB86020)
              • opera.exe (PID: 5252 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040 MD5: F452A15BC7E4392149F6BB2675EAAA59)
                • opera_crashreporter.exe (PID: 6412 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648 MD5: 26DF88B2E68E23B60C0EEAB3E29496BB)
            • rrcsBizXUHISSeck.exe (PID: 3004 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 2648 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 2852 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 6012 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • rrcsBizXUHISSeck.exe (PID: 3584 cmdline: "C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5184 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe" MD5: E9A2209B61F4BE34F25069A6E54AFFEA)
        • assistant_installer.exe (PID: 2136 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version MD5: 4C8FBED0044DA34AD25F781C3D117A66)
          • assistant_installer.exe (PID: 3128 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64 MD5: 4C8FBED0044DA34AD25F781C3D117A66)
  • launcher.exe (PID: 2932 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0 MD5: D737A64C835D918DBE53B2C7724488FF)
    • installer.exe (PID: 6692 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version MD5: 21AD4599ABD2E158DB5128F32D3CC4EE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeVirustotal: Detection: 47%Perma Link
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeEXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeEXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeEXE: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exeJump to behavior
Uses 32bit PE files
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Creates a software uninstall entry
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79
Creates install or setup log file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193551250.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193552126.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeFile created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329193613.logJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193645809.logJump to behavior
Creates license or readme file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpFile created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\license.txtJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\service.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\provider.js.LICENSE.txt
PE / OLE file has a valid certificate
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000E.00000000.2683061384.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2863845634.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877353306.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000000.2686209826.00007FF709791000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: sers\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localizationl.pdb source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.00000000009E1000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000020.00000000.2775392213.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000020.00000002.2787815386.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: .exe.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source: Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: user32.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000021.00000002.2822156056.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000021.00000000.2786569147.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source: Binary string: 04AB974B14C4C44205044422E1.pdb source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: rrcsBizXUHISSeck.exe, 00000013.00000000.2738914318.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2739979138.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2740890446.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742095852.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2742916243.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2743982933.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2744605604.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2748351683.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752037220.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754018968.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2755480524.00000000005AE000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: a_browser.dll.pdbs source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb~ source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ase.pdbs source: opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: sbbdll.pdbREG_SZ source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003D9AE2 FindFirstFileExW,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003D9AE2 FindFirstFileExW,
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData\Local\Temp\.opera
Source: Joe Sandbox ViewIP Address: 37.228.108.133 37.228.108.133
Source: Joe Sandbox ViewIP Address: 23.48.203.201 23.48.203.201
Source: Joe Sandbox ViewIP Address: 104.18.8.172 104.18.8.172
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "favicon_url": "https://www.rambler.ru/favicon.ico", equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "favicon_url": "https://www.yahoo.co.jp/favicon.ico", equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %t www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %t www.rambler.ru/favicon.icou equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %|0www.yahoo.co.jp/favicon.ico equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %|0www.yahoo.co.jp/favicon.icou equals www.yahoo.com (Yahoo)
Source: OperaGXSetup.exeString found in binary or memory: hatsapp.com/legal; and c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/l equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2862390206.000075B400250000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.rambler.ru/favicon.icou equals www.rambler.ru (Rambler)
Source: OperaGXSetup.exeString found in binary or memory: http://autoupdate-staging.services.ams.osa/
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A0F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digg
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.000000000982D000.00000004.00000001.00020000.00000000.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2350241048.00000000492C4000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: explorer.exe, 00000012.00000000.2716962759.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2714462125.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2715119137.0000000008720000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.0000000005001000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.kymoto.org
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002398000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.kymoto.orgA
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.kymoto.orgAbout
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.kymoto.orgAcerca
Source: OperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opera.com
Source: OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opera.com(
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A28000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2143034932.00000000040EC000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000E24000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001444000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001444000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2857162913.000001CCDEC4A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2686274484.00007FF709C6E000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001F.00000003.2796536874.00000230B9D01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opera.com0
Source: OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opera.comp
Source: opera.exe, 00000021.00000002.2809563417.000001D7B5870000.00000002.00000001.00040000.00000021.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.spotify.com/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.youtube.com
Source: explorer.exe, 00000012.00000000.2719255948.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/0f0e5f62d66c60ed333aca63dd12b74d89b1197f/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/175c553e1afe06b6eba448d5d51821f3b3200c23/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/1eccff548be9e5afea58974ea48f09611bb0971f/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/2f7d465d32db944b1a50d34569ecc10aa71d7b1b/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/47495671858c844787b75a7b65d83bf0f4daa0b7/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/47ac1e141dfbb826480ad739f82202f33942e3a9/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/5a244c9761df69fd3c6925ff8f639d24e28b1169/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/626b4fd1d224c0f6344647a9049bdade45c11e10/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7090985e32fa004ea7f01e519549d5bb07e36e57/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7537081f498da9b83d5905e8a6aa77283f222bc3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7ce8277c35ac7d51701decad652c060741bd7e48/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7d5c2a2d6136fbf166211d5183bf66214a247f31/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/80c7dd8db07f193d40005f1a4c59dbc922d41bbc/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/9972667e4a17fabc1af14d8a388078a2069c5be3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/aaa83eac6890a9a6e2273ea51d6f2f2915b1a019/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/cf1b58b29b4efc97d4cd45328f0ab79f541469d4/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/d31e12a38bccc4ce61b2fe8e6fd3160ec5191274/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/d62bc2d4349d61e94daa48a5c49b897f6bfcd166/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/d7966d331216ef6a7affdecb3ee81600ba5c34d3/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/e3f47f1911ec0c9b987871ea7bc7da7525594997/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/fd1ad64e991dece2a0e4b2c8d5b45d22d513bd8b/
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.browser.yandex.ua/suggest/get?part=
Source: explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712661824.0000000003700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000012.00000000.2715945417.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://appleid.apple.com
Source: explorer.exe, 00000012.00000000.2715945417.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/.opera.comOpera
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera
Source: OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2387970978.000000000509B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79
Source: OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.794z
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79As
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79Urb
Source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/developernightlyStableinstaller_prefs.jsonNightlyDeveloperNextStabl
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/geolocation/Z
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser-notifications.opera.com/api/v1/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser-notifications.opera.com/api/v1/333333
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.gx.games/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://config.gx.games/v0/config
Source: OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.gx.games/v0/config?utm_campaign=PWN_US_PB4_3742&utm_medium=pa&utm_source=PWNgames&pro
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://config.gx.games/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&chann
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://consent.youtube.com
Source: assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: installer.exe, 0000000F.00000002.2872788376.000002E63AC50000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2875732136.00002B9C002AC000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000003.2804768028.000073F0002E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: OperaGXSetup.exe, 00000009.00000002.2886571583.0000000028CBC000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000009.00000002.2884935461.0000000028C24000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000009.00000002.2885746280.0000000028C68000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit(
Source: OperaGXSetup.exe, 00000009.00000002.2879616724.00000000005F8000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000009.00000003.2878556335.0000000028C2C000.00000004.00001000.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A78000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2872788376.000002E63AC59000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.2868388709.00002B9C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit--annotation=channel=Stable--annotation=plat=
Source: installer.exe, 0000000F.00000002.2875896318.00002B9C002C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit--url=https://crashstats-collector.opera.com/
Source: OperaGXSetup.exe, 00000006.00000002.2901349121.0000000054224000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x2f4
Source: OperaGXSetup.exe, 00000009.00000002.2884935461.0000000028C24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x300
Source: assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit6
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitOperaDesktopGX
Source: OperaGXSetup.exe, 00000006.00000002.2901349121.0000000054224000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000006.00000002.2902891568.00000000542BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitT
Source: OperaGXSetup.exe, 00000006.00000002.2901773691.0000000054268000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitT&
Source: assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitZ
Source: assistant_installer.exe, 0000000C.00000002.2366353317.0000000004A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitllO
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/$
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/6~
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/U
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/b
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/tUrlCache
Source: OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryBy
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryCx
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryP
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarya
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarydOIDInfo
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarydy.x
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software
Source: OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarylwy
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarytx
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryuEuz
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryve7
Source: OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarywy
Source: OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/3d
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883069052.000000004902A000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1%
Source: OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1e
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=65442&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/u
Source: OperaGXSetup.exe, 00000005.00000003.2167809590.0000000001A37000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276745510.0000000001A37000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001988000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/ftp/pub/opera_gx/107.0.5045.79/win/Opera_GX_107.0.5045.79_Autoupdate_
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005020000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2883069052.000000004902A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-1/1698947853-custom_partner_cont
Source: OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/sp
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/If
Source: OperaGXSetup.exe, 00000005.00000002.2890562952.0000000005002000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant_gx/73.0.3856.382/Opera_GX_assistant_73.0.3856.382_
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2745567369.000075B400360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://extension-updates.opera.com/api/omaha/update/
Source: installer.exe, 0000000E.00000003.2745567369.000075B400360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://extension-updates.opera.com/api/omaha/update/u
Source: OperaGXSetup.exe, 00000005.00000003.2161415943.0000000001A37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/)l
Source: OperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/Al
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=17de6e44-cd52-4eec-9b
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gaana.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://gamemaker.io
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://gamemaker.io)
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://gamemaker.io/en/education.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://gamemaker.io/en/get.
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://help.opera.com/latest/
Source: launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/R
Source: opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://help.opera.com/latest/https://www.opera.com/gx/https://www.opera.com/gx/chrome-extension
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1776188531.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lamertang.com/4-peali-c1d-eny0-f8i
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://legal.opera.com/eula/computers
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://legal.opera.com/privacy
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://legal.opera.com/privacy.
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003D0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D11000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://legal.opera.com/terms
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://legal.opera.com/terms.
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://listen.tidal.com/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://listen.tidal.com/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.tidal.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/at/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/au/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/be/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/bg/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/br/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/by/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ca/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ch/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/cn/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/cz/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/de/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/dk/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/eg/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/es/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/fi/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/fr/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/gb/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/hu/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/id/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/in/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/it/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/jp/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ke/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/kr/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/kz/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ma/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/mx/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/my/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ng/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/nl/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/no/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ph/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/pl/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ro/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/rs/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ru/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/se/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/sg/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/sk/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/th/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/tr/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ua/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/us/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/vn/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/za/browse
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.youtube.com
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=OFT&utm_campaign=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=OFT&utm_campaign=31121
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=OFT&utm_campaign=Downloading
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000241C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-1=31120
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D4E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.000000000369F000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000244B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-1?utm_source=PWNgames&utm_medium=pa&utm_campai
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000242D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com8R7/KLRL579/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com:443
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nova.rambler.ru/suggest?v=3&query=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauth.play.pl/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://offer.tidal.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://open.spotify.com
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://opera.com/privacy
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003727000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://partners-offapi.net/apiBundle/geo?sourceID=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795740904.00000000007F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://partners-offapi.net/apiBundle/geo?sourceID=31120&subId_1=361D4F6E-6488-4FB2-BF8B-32AC8683517
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://partners-offapi.net/apiBundle/stpstat
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://partners-offapi.net/apiBundle/stpstat&&subId_2=opera&subId_3=&subId_1=?sourceID=&subId_5=&ex
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972105883.0000000003C78000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003727000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://partners-offapi.net/apiBundle/stpstat?
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://policies.google.com/terms;
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/amazon/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/search/rambler/?q=
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: installer.exe, 0000000E.00000002.2863088637.000075B4002EC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB4_3742&utm_content=3742_set
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.seznam.cz/?q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.co.jp/search?ei=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/search?ei=
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smolecular.icu/tfg/?src=setupIO
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://soundcloud.com/
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://sourcecode.opera.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://suggest.yandex.com.tr/suggest-opera?part=
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://telegram.org/tos/
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://translate.yandex.fr/?text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://translate.yandex.net/main/v2.92.1465389915/i/favicon.ico
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.0000000000870000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.0000000000876000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002398000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2741486699.0000000001500000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742508996.0000000001870000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2743307763.00000000010E0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2744169384.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2745906045.0000000001830000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2749446919.0000000001110000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752926892.00000000016E0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754804739.0000000001670000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2778762112.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: https://try.opera.com/72TR8R7/KLRL579/?sub1=setupio&sub2=31120
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000081D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://try.opera.k
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://twitter.com/en/tos;
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/oauth
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.2719255948.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/baidu?wd=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/bg/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/br/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/cz/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/de/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/en/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/es/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/fi/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/fr/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/hu/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/id/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/it/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/mx/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/nl/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/no/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/pl/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/ro/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/ru/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/se/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/sk/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/sr/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/th/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/tr/login
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/us/login
Source: OperaGXSetup.exe, 00000005.00000003.2883204968.000000004900C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2888187544.0000000001BD7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362684062.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362477663.000000000509B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363141712.0000000000520000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.0000000000827000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2152678644.0000000001A4F000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A4B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A44000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=opera&q=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=opera-gx&q=
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1779494360.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.opera.com
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.opera.com..
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/eula/com5no
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/eula/computers
Source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/gx/
Source: installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.opera.com/privacy
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rambler.ru/favicon.ico
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1779494360.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.seznam.cz/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/s?src=lm&ls=sm2561755&lm_extend=ctype:31&q=
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.whatsapp.com/legal;
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.yahoo.co.jp/favicon.ico
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.com.tr/search/?clid=1669559&text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.fr/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.ua/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yastatic.net/s3/home-static/_/92/929b10d17990e806734f68758ec917ec.png
Source: installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yastatic.net/s3/home-static/_/f4/f47b1b3d8194c36ce660324ab55a04fe.png

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00408643 SetWindowsHookExW 00000002,Function_00008615,00000000,00000000
Installs a global event hook (focus changed)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeWindows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes many files with high entropy
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe entropy: 7.99999542145Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package entropy: 7.99999542145
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-dark.zip entropy: 7.99068917764
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-1-classic-light.zip entropy: 7.99103298049
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-dark.zip entropy: 7.99869813049
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\gx-classic-light.zip entropy: 7.99851425914
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package entropy: 7.99594864967Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\standard_themes\default_dark_theme.zip entropy: 7.99758785849
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\PartnerRules entropy: 7.99926030074
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\73ea273a72f4aca30ca5.woff2 entropy: 7.99266429164
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\39890742bc957b368704.woff2 entropy: 7.99294636507
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\f650f111a3b890d116f1.woff2 entropy: 7.99099116763
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1833749219\classic.png entropy: 7.99067960013
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_240964628\GX_Wallpaper_classic.png entropy: 7.99798626337
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1072004584\GX_Wallpaper_Light_classic.png entropy: 7.99720505853
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\default_dark_theme.zip entropy: 7.99758785849
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\browser.js entropy: 7.9904775751
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\siteprefs.json entropy: 7.99016985488
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-dark.zip entropy: 7.99068917764
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-1-classic-light.zip entropy: 7.99103298049
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-dark.zip entropy: 7.99869813049
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\themes_backup\gx-classic-light.zip entropy: 7.99851425914
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\assets\twitch-placeholder@x1.png entropy: 7.99139191957
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\img\crypto_wallet_background.34d522e0.webp entropy: 7.99397847277
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\img\portfolio_background.e09645c2.webp entropy: 7.99762050423
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\img\welcome_page_coin_logos.0d4e909e.webp entropy: 7.99152249428
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1054666066\classic.png entropy: 7.99067960013
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_493994295\GX_Wallpaper_classic.png entropy: 7.99798626337
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_386930391\GX_Wallpaper_Light_classic.png entropy: 7.99720505853
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00302770: CreateFileW,DeviceIoControl,GetLastError,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00344EE0 SetHandleInformation,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,GetEnvironmentStringsW,FreeEnvironmentStringsW,CreateProcessW,AssignProcessToJobObject,AllowSetForegroundWindow,WaitForSingleObject,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00405750
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_0041304B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_0040AD40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00412910
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_004132E3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00412F71
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00330EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0035F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0035B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0035F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002EA170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002F0290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003522C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00356390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00334410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0034C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0042243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00318480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00334730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00300746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002F07C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00420864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00398860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003348E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0043C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0043C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0036A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00422ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00338AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00352B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002F6C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003D6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0038AE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00444EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00338EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003AD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00423130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003A11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00309180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00421189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00353200
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00397280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00337370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003713D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003A9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003694F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003454D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002F94D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002EF504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003D35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0032D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0034F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003AD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002EDA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00423A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00441B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0034FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00397B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0041FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002FBC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00345D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0034FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00373DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0037FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002FDF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002EFFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0041BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003A206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003D6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002EA170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002F0290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003522C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00356390
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00334410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0034C460
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0042243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00318480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00334730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00300746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002F07C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00420864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00398860
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003348E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0043C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0043C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0036A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00422ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00338AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00352B10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002F6C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0038AE80
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00330EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00444EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00338EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003AD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00423130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0035F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003A11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00309180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0035B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00421189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00353200
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00397280
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00337370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003713D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003A9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003694F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003454D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002F94D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002EF504
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003D35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0035F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0032D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0034F8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003AD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002EDA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00423A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00441B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0034FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00397B40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0041FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002FBC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00345D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0034FD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00373DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0037FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002FDF40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002EFFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0041BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: String function: 004026DC appears 38 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 002E3696 appears 128 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 0032C9E0 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 0041A840 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 00328B80 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 00321BBC appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 002E1741 appears 408 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 004342D0 appears 110 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 00320AA2 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 00437CF8 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 0032BE50 appears 78 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 0032BEC0 appears 271 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 0032B9C0 appears 154 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: String function: 00320C44 appears 56 times
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: installer.exe.8.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: installer.exe.31.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: opera_autoupdate.exe.8.drStatic PE information: Number of sections : 14 > 10
Source: Opera_installer_2403291836453876324.dll.14.drStatic PE information: Number of sections : 15 > 10
Source: installer.exe.31.drStatic PE information: Number of sections : 11 > 10
Source: installer.exe.8.drStatic PE information: Number of sections : 11 > 10
Source: opera_elf.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: mojo_core.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: opera_crashreporter.exe.8.drStatic PE information: Number of sections : 13 > 10
Source: opera.exe.8.drStatic PE information: Number of sections : 11 > 10
Source: Opera_installer_2403291836456646936.dll.15.drStatic PE information: Number of sections : 15 > 10
Source: libGLESv2.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: Opera_installer_2403291836581706692.dll.39.drStatic PE information: Number of sections : 15 > 10
Source: win10_share_handler.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: notification_helper.exe.8.drStatic PE information: Number of sections : 12 > 10
Source: opera_browser.dll.8.drStatic PE information: Number of sections : 15 > 10
Source: installer_helper_64.exe.8.drStatic PE information: Number of sections : 11 > 10
Source: launcher.exe.14.drStatic PE information: Number of sections : 13 > 10
Source: dxcompiler.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: opera_gx_splash.exe.8.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.8.drStatic PE information: Number of sections : 11 > 10
Source: launcher.exe.8.drStatic PE information: Number of sections : 13 > 10
Source: opera.exe.14.drStatic PE information: Number of sections : 11 > 10
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FE35000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000000.1776307366.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.0000000002798000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: winhttpcom.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: uiamanager.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeSection loaded: iertutil.dll
Source: C:\Windows\explorer.exeSection loaded: twext.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dll
Source: C:\Windows\explorer.exeSection loaded: msvcp140.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dll
Source: C:\Windows\explorer.exeSection loaded: zipfldr.dll
Source: C:\Windows\explorer.exeSection loaded: sendmail.dll
Source: C:\Windows\explorer.exeSection loaded: mydocs.dll
Source: C:\Windows\explorer.exeSection loaded: drprov.dll
Source: C:\Windows\explorer.exeSection loaded: ntlanman.dll
Source: C:\Windows\explorer.exeSection loaded: davclnt.dll
Source: C:\Windows\explorer.exeSection loaded: davhlpr.dll
Source: C:\Windows\explorer.exeSection loaded: playtodevice.dll
Source: C:\Windows\explorer.exeSection loaded: ehstorapi.dll
Source: C:\Windows\explorer.exeSection loaded: acppage.dll
Source: C:\Windows\explorer.exeSection loaded: sfc.dll
Source: C:\Windows\explorer.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: mfcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: ksuser.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dsreg.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: wpnapps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: rmclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: usermgrcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: windows.media.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeSection loaded: d3d11.dll
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: sus38.rans.spyw.evad.winEXE@106/1185@0/13
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00408DD2 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0030051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0030051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_004011FD GetDiskFreeSpaceExW,SendMessageW,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_0040388A _wtol,_wtol,SHGetSpecialFolderPathW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,CoCreateInstance,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00401DF5 GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeMutant created: \Sessions\1\BaseNamedObjects\opera_splash_lock_0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeMutant created: NULL
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeMutant created: \Sessions\1\BaseNamedObjects\oauc_registry_mutex
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeFile created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmpJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeReversingLabs: Detection: 36%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeVirustotal: Detection: 47%
Source: OperaGXSetup.exeString found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exeString found in binary or memory: video-on-start-page
Source: OperaGXSetup.exeString found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exeString found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exeString found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exeString found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exeString found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exeString found in binary or memory: master-copy-installation
Source: OperaGXSetup.exeString found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exeString found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exeString found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exeString found in binary or memory: ran-launcher
Source: OperaGXSetup.exeString found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exeString found in binary or memory: video-on-start-page
Source: OperaGXSetup.exeString found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exeString found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exeString found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exeString found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exeString found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exeString found in binary or memory: master-copy-installation
Source: OperaGXSetup.exeString found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exeString found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exeString found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exeString found in binary or memory: ran-launcher
Source: OperaGXSetup.exeString found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup
Source: OperaGXSetup.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exeString found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exeString found in binary or memory: video-on-start-page
Source: OperaGXSetup.exeString found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exeString found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exeString found in binary or memory: master-copy-installation
Source: OperaGXSetup.exeString found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exeString found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exeString found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exeString found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exeString found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exeString found in binary or memory: ran-launcher
Source: OperaGXSetup.exeString found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exeString found in binary or memory: video-on-start-page
Source: OperaGXSetup.exeString found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exeString found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exeString found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exeString found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exeString found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exeString found in binary or memory: master-copy-installation
Source: OperaGXSetup.exeString found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exeString found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exeString found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exeString found in binary or memory: ran-launcher
Source: OperaGXSetup.exeString found in binary or memory: opera-startpage-special
Source: OperaGXSetup.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup
Source: OperaGXSetup.exeString found in binary or memory: run-at-startup-default
Source: OperaGXSetup.exeString found in binary or memory: video-on-start-page
Source: OperaGXSetup.exeString found in binary or memory: yat-emoji-addresses
Source: OperaGXSetup.exeString found in binary or memory: installer-bypass-launcher
Source: OperaGXSetup.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaGXSetup.exeString found in binary or memory: enable-installer-stats
Source: OperaGXSetup.exeString found in binary or memory: show-eula-window-on-start
Source: OperaGXSetup.exeString found in binary or memory: launchopera-on-os-start
Source: OperaGXSetup.exeString found in binary or memory: master-copy-installation
Source: OperaGXSetup.exeString found in binary or memory: post-elevated-install-tasks
Source: OperaGXSetup.exeString found in binary or memory: override-additional-config-url
Source: OperaGXSetup.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: OperaGXSetup.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaGXSetup.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: Try '%ls --help' for more information.
Source: OperaGXSetup.exeString found in binary or memory: all-installer-experiments
Source: OperaGXSetup.exeString found in binary or memory: Global\Opera/Installer/
Source: OperaGXSetup.exeString found in binary or memory: ran-launcher
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeProcess created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$2040C,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeProcess created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp "C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$2040C,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040 --lowered-browser
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32
Source: Opera GX Browser .lnk.14.drLNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk0.14.drLNK file: ..\AppData\Local\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk1.14.drLNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: Opera GX Browser .lnk2.14.drLNK file: ..\..\..\..\Programs\Opera GX\launcher.exe
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile written: C:\Users\user\AppData\Local\Temp\scoped_dir6668_666039449\persona.ini
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpWindow found: window name: TMainForm
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLL
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 107.0.5045.79
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeStatic file information: File size 2182176 > 1048576
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: installer.exe, 0000000E.00000000.2683061384.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000E.00000002.2863845634.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877353306.00007FF709791000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000000.2686209826.00007FF709791000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: sers\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localizationl.pdb source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: _lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdbp source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.00000000009E1000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001001000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_gx_splash.exe.pdb source: opera_gx_splash.exe, 00000020.00000000.2775392213.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp, opera_gx_splash.exe, 00000020.00000002.2787815386.00007FF7E8CC5000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: .exe.pdb source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source: Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000000.2364384262.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000000.2364962075.0000000000475000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000475000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: user32.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 00000021.00000002.2822156056.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp, opera.exe, 00000021.00000000.2786569147.00007FF602D10000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: .exe.pdbp source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source: Binary string: 04AB974B14C4C44205044422E1.pdb source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: _lib.dll.pdb`, source: OperaGXSetup.exe, 00000005.00000000.2138284914.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000000.2140854030.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000000.2144031476.0000000000C37000.00000080.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000000.2147198016.0000000001257000.00000080.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000000.2149537810.0000000001257000.00000080.00000001.01000000.00000008.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: rrcsBizXUHISSeck.exe, 00000013.00000000.2738914318.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2739979138.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2740890446.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742095852.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2742916243.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2743982933.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2744605604.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2748351683.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752037220.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754018968.00000000005AE000.00000002.00000001.01000000.00000016.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2755480524.00000000005AE000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2363549620.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000037C5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera1\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001001000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: a_browser.dll.pdbs source: opera.exe, 00000021.00000002.2818813940.000073F000258000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Boo\Code\_Offergate\Setupio\OperaLib\Build-Release-Win32\OperaLib.pdb~ source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ase.pdbs source: opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: opera.exe, 00000021.00000002.2820602542.000073F0002B8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: sbbdll.pdbREG_SZ source: opera.exe, 00000021.00000002.2820131533.000073F00027C000.00000004.00001000.00020000.00000000.sdmp
Source: dxil.dll.8.drStatic PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,
Source: is-CR25G.tmp.1.drStatic PE information: real checksum: 0x36b7e8 should be: 0x36d061
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0x311faa
Source: OperaGXSetup.exe.5.drStatic PE information: real checksum: 0x36b7e8 should be: 0x36d061
Source: OperaLib.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x7f775
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeStatic PE information: section name: .didata
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp.0.drStatic PE information: section name: .didata
Source: Opera_installer_2403291835508755424.dll.5.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403291835508755424.dll.5.drStatic PE information: section name: .rodata
Source: Opera_installer_2403291835508755424.dll.5.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403291835508755424.dll.5.drStatic PE information: section name: malloc_h
Source: Opera_installer_2403291835511345172.dll.6.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403291835511345172.dll.6.drStatic PE information: section name: .rodata
Source: Opera_installer_2403291835511345172.dll.6.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403291835511345172.dll.6.drStatic PE information: section name: malloc_h
Source: Opera_installer_2403291835514565980.dll.7.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403291835514565980.dll.7.drStatic PE information: section name: .rodata
Source: Opera_installer_2403291835514565980.dll.7.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403291835514565980.dll.7.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll.8.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.8.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.8.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.8.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.8.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.8.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.8.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.8.drStatic PE information: section name: _RDATA
Source: win10_share_handler.dll.8.drStatic PE information: section name: .00cfg
Source: win10_share_handler.dll.8.drStatic PE information: section name: .gxfg
Source: win10_share_handler.dll.8.drStatic PE information: section name: .retplne
Source: win10_share_handler.dll.8.drStatic PE information: section name: _RDATA
Source: win8_importing.dll.8.drStatic PE information: section name: .00cfg
Source: win8_importing.dll.8.drStatic PE information: section name: .gxfg
Source: win8_importing.dll.8.drStatic PE information: section name: .retplne
Source: win8_importing.dll.8.drStatic PE information: section name: _RDATA
Source: Opera_installer_2403291835517673716.dll.8.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403291835517673716.dll.8.drStatic PE information: section name: .rodata
Source: Opera_installer_2403291835517673716.dll.8.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403291835517673716.dll.8.drStatic PE information: section name: malloc_h
Source: mojo_core.dll.8.drStatic PE information: section name: .00cfg
Source: mojo_core.dll.8.drStatic PE information: section name: .gxfg
Source: mojo_core.dll.8.drStatic PE information: section name: .retplne
Source: mojo_core.dll.8.drStatic PE information: section name: _RDATA
Source: notification_helper.exe.8.drStatic PE information: section name: .00cfg
Source: notification_helper.exe.8.drStatic PE information: section name: .gxfg
Source: notification_helper.exe.8.drStatic PE information: section name: .retplne
Source: notification_helper.exe.8.drStatic PE information: section name: CPADinfo
Source: notification_helper.exe.8.drStatic PE information: section name: _RDATA
Source: opera.exe.8.drStatic PE information: section name: .00cfg
Source: opera.exe.8.drStatic PE information: section name: .gxfg
Source: opera.exe.8.drStatic PE information: section name: .retplne
Source: opera.exe.8.drStatic PE information: section name: _RDATA
Source: opera_autoupdate.exe.8.drStatic PE information: section name: .00cfg
Source: opera_autoupdate.exe.8.drStatic PE information: section name: .gxfg
Source: opera_autoupdate.exe.8.drStatic PE information: section name: .retplne
Source: opera_autoupdate.exe.8.drStatic PE information: section name: CPADinfo
Source: opera_autoupdate.exe.8.drStatic PE information: section name: LZMADEC
Source: opera_autoupdate.exe.8.drStatic PE information: section name: _RDATA
Source: opera_autoupdate.exe.8.drStatic PE information: section name: malloc_h
Source: opera_browser.dll.8.drStatic PE information: section name: .00cfg
Source: opera_browser.dll.8.drStatic PE information: section name: .gxfg
Source: opera_browser.dll.8.drStatic PE information: section name: .retplne
Source: opera_browser.dll.8.drStatic PE information: section name: .rodata
Source: opera_browser.dll.8.drStatic PE information: section name: CPADinfo
Source: opera_browser.dll.8.drStatic PE information: section name: LZMADEC
Source: opera_browser.dll.8.drStatic PE information: section name: _RDATA
Source: opera_browser.dll.8.drStatic PE information: section name: malloc_h
Source: opera_crashreporter.exe.8.drStatic PE information: section name: .00cfg
Source: opera_crashreporter.exe.8.drStatic PE information: section name: .gxfg
Source: opera_crashreporter.exe.8.drStatic PE information: section name: .retplne
Source: opera_crashreporter.exe.8.drStatic PE information: section name: CPADinfo
Source: opera_crashreporter.exe.8.drStatic PE information: section name: _RDATA
Source: opera_crashreporter.exe.8.drStatic PE information: section name: malloc_h
Source: opera_elf.dll.8.drStatic PE information: section name: .00cfg
Source: opera_elf.dll.8.drStatic PE information: section name: .gxfg
Source: opera_elf.dll.8.drStatic PE information: section name: .retplne
Source: opera_elf.dll.8.drStatic PE information: section name: _RDATA
Source: opera_gx_splash.exe.8.drStatic PE information: section name: .00cfg
Source: opera_gx_splash.exe.8.drStatic PE information: section name: .gxfg
Source: opera_gx_splash.exe.8.drStatic PE information: section name: .retplne
Source: opera_gx_splash.exe.8.drStatic PE information: section name: _RDATA
Source: CUESDK.x64_2017.dll.8.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.8.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.8.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll.8.drStatic PE information: section name: .retplne
Source: dxcompiler.dll.8.drStatic PE information: section name: _RDATA
Source: dxil.dll.8.drStatic PE information: section name: _RDATA
Source: installer.exe.8.drStatic PE information: section name: .00cfg
Source: installer.exe.8.drStatic PE information: section name: .gxfg
Source: installer.exe.8.drStatic PE information: section name: .retplne
Source: installer.exe.8.drStatic PE information: section name: _RDATA
Source: installer_helper_64.exe.8.drStatic PE information: section name: .00cfg
Source: installer_helper_64.exe.8.drStatic PE information: section name: .gxfg
Source: installer_helper_64.exe.8.drStatic PE information: section name: .retplne
Source: installer_helper_64.exe.8.drStatic PE information: section name: _RDATA
Source: launcher.exe.8.drStatic PE information: section name: .00cfg
Source: launcher.exe.8.drStatic PE information: section name: .gxfg
Source: launcher.exe.8.drStatic PE information: section name: .retplne
Source: launcher.exe.8.drStatic PE information: section name: LZMADEC
Source: launcher.exe.8.drStatic PE information: section name: _RDATA
Source: launcher.exe.8.drStatic PE information: section name: malloc_h
Source: libEGL.dll.8.drStatic PE information: section name: .00cfg
Source: libEGL.dll.8.drStatic PE information: section name: .gxfg
Source: libEGL.dll.8.drStatic PE information: section name: .retplne
Source: libEGL.dll.8.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.8.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.8.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.8.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.8.drStatic PE information: section name: _RDATA
Source: Opera_installer_2403291835520002656.dll.9.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403291835520002656.dll.9.drStatic PE information: section name: .rodata
Source: Opera_installer_2403291835520002656.dll.9.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403291835520002656.dll.9.drStatic PE information: section name: malloc_h
Source: assistant_installer.exe.10.drStatic PE information: section name: .00cfg
Source: assistant_installer.exe.10.drStatic PE information: section name: .voltbl
Source: assistant_installer.exe.10.drStatic PE information: section name: CPADinfo
Source: browser_assistant.exe.10.drStatic PE information: section name: .00cfg
Source: browser_assistant.exe.10.drStatic PE information: section name: .rodata
Source: browser_assistant.exe.10.drStatic PE information: section name: .voltbl
Source: browser_assistant.exe.10.drStatic PE information: section name: CPADinfo
Source: mojo_core.dll.10.drStatic PE information: section name: .00cfg
Source: mojo_core.dll.10.drStatic PE information: section name: .voltbl
Source: Opera_installer_2403291836453876324.dll.14.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403291836453876324.dll.14.drStatic PE information: section name: .gxfg
Source: Opera_installer_2403291836453876324.dll.14.drStatic PE information: section name: .retplne
Source: Opera_installer_2403291836453876324.dll.14.drStatic PE information: section name: .rodata
Source: Opera_installer_2403291836453876324.dll.14.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403291836453876324.dll.14.drStatic PE information: section name: LZMADEC
Source: Opera_installer_2403291836453876324.dll.14.drStatic PE information: section name: _RDATA
Source: Opera_installer_2403291836453876324.dll.14.drStatic PE information: section name: malloc_h
Source: opera.exe.14.drStatic PE information: section name: .00cfg
Source: opera.exe.14.drStatic PE information: section name: .gxfg
Source: opera.exe.14.drStatic PE information: section name: .retplne
Source: opera.exe.14.drStatic PE information: section name: _RDATA
Source: launcher.exe.14.drStatic PE information: section name: .00cfg
Source: launcher.exe.14.drStatic PE information: section name: .gxfg
Source: launcher.exe.14.drStatic PE information: section name: .retplne
Source: launcher.exe.14.drStatic PE information: section name: LZMADEC
Source: launcher.exe.14.drStatic PE information: section name: _RDATA
Source: launcher.exe.14.drStatic PE information: section name: malloc_h
Source: Opera_installer_2403291836456646936.dll.15.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403291836456646936.dll.15.drStatic PE information: section name: .gxfg
Source: Opera_installer_2403291836456646936.dll.15.drStatic PE information: section name: .retplne
Source: Opera_installer_2403291836456646936.dll.15.drStatic PE information: section name: .rodata
Source: Opera_installer_2403291836456646936.dll.15.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403291836456646936.dll.15.drStatic PE information: section name: LZMADEC
Source: Opera_installer_2403291836456646936.dll.15.drStatic PE information: section name: _RDATA
Source: Opera_installer_2403291836456646936.dll.15.drStatic PE information: section name: malloc_h
Source: installer.exe.31.drStatic PE information: section name: .00cfg
Source: installer.exe.31.drStatic PE information: section name: .gxfg
Source: installer.exe.31.drStatic PE information: section name: .retplne
Source: installer.exe.31.drStatic PE information: section name: _RDATA
Source: Opera_installer_2403291836581706692.dll.39.drStatic PE information: section name: .00cfg
Source: Opera_installer_2403291836581706692.dll.39.drStatic PE information: section name: .gxfg
Source: Opera_installer_2403291836581706692.dll.39.drStatic PE information: section name: .retplne
Source: Opera_installer_2403291836581706692.dll.39.drStatic PE information: section name: .rodata
Source: Opera_installer_2403291836581706692.dll.39.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2403291836581706692.dll.39.drStatic PE information: section name: LZMADEC
Source: Opera_installer_2403291836581706692.dll.39.drStatic PE information: section name: _RDATA
Source: Opera_installer_2403291836581706692.dll.39.drStatic PE information: section name: malloc_h
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00412C00 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0041B10C push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0041B10C push ecx; ret
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835517673716.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\additional_file0.tmp
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711737406.old (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpFile created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\_isetup\_setup64.tmp
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836456646936.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpFile created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\is-CR25G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\mojo_core.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835508755424.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Opera_GX_assistant_73.0.3856.382_Setup[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836453876324.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835514565980.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpFile created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe (copy)
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835511345172.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\browser_assistant.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpFile created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaLib.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package
Source: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836581706692.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835520002656.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeFile created: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193551250.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193552126.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeFile created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240329193613.logJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240329193645809.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpFile created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\license.txtJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\service.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\provider.js.LICENSE.txt
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband FavoritesResolve
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0034A6D0 rdtsc
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835517673716.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835514565980.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835511345172.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\_isetup\_setup64.tmp
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_browser.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\browser_assistant.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836456646936.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vk_swiftshader.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_elf.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\mojo_core.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835508755424.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win8_importing.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\vulkan-1.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\win10_share_handler.dll
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaLib.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\opera_package
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836581706692.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291835520002656.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2403291836453876324.dll
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.exe
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeEvaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeAPI coverage: 6.5 %
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeAPI coverage: 5.5 %
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 7052Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp TID: 7052Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe TID: 1020Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile Volume queried: C:\Users\user\Desktop FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeFile Volume queried: C:\Users\user\Desktop FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile Volume queried: C:\Users\user\Desktop FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\blob_storage\2d1be686-7572-4c47-a1a8-6e6f3ae105d4 FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003D9AE2 FindFirstFileExW,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00349120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003D9AE2 FindFirstFileExW,
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeFile opened: C:\Users\user\AppData\Local\Temp\.opera
Source: explorer.exe, 00000012.00000000.2716759570.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000000.2715945417.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000012.00000000.2713624554.00000000078A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: explorer.exe, 00000012.00000000.2716759570.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}%
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003DC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.2716759570.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: explorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
Source: explorer.exe, 00000012.00000000.2715945417.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795504766.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000081D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2336785079.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2340540494.0000000001A1D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001988000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2337063003.0000000001A20000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000012.00000000.2716759570.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000012.00000000.2713624554.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000012.00000000.2715945417.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess information queried: ProcessInformation
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0034A6D0 rdtsc
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00346AE0 GetCurrentThread,IsDebuggerPresent,GetCurrentThreadId,__Init_thread_header,GetModuleHandleW,GetProcAddress,__Init_thread_footer,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_004397FB mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00427C65 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_004397FB mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_00427C65 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0035AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_003A206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0035C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0041A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0035ACEE GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_002F1C00 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0042BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_003A206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0035C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0041A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0035AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_002F1C00 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 12_2_0042BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtOpenKeyEx: Direct from: 0x76F02B9C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtOpenKeyEx: Direct from: 0x76F03C9C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtReadVirtualMemory: Direct from: 0x76F02E8C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtProtectVirtualMemory: Direct from: 0x76F02F9C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtSetInformationProcess: Direct from: 0x76F02C5C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtQueryAttributesFile: Direct from: 0x76F02E6C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtUnmapViewOfSection: Direct from: 0x76F02D3C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtCreateMutant: Direct from: 0x76F035CC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtMapViewOfSection: Direct from: 0x76F02D1C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtOpenSection: Direct from: 0x76F02E0C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtDeviceIoControlFile: Direct from: 0x76F02AEC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtQueryValueKey: Direct from: 0x76F02BEC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtAddAtomEx: Direct from: 0x76F0312C
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtCreateFile: Direct from: 0x76F02FEC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtOpenFile: Direct from: 0x76F02DCC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtSetInformationThread: Direct from: 0x76F02ECC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtTerminateThread: Direct from: 0x76F02FCC
Source: C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exeNtQueryInformationProcess: Direct from: 0x76F02C26
Source: C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9c05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe "c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9c05000000000000
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe c:\users\user\appdata\local\temp\is-u02b5.tmp\operagxsetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=zmuxnwflnzqyyjk1nza4ztljodeyogm4zdy1ndg0m2yynmvhn2mxnjg3mdq5ymeymgnjnzfjmzeynju5mgzjztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnf8znzqyjnv0bv9pzd04nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsz1dg1fy29udgvudd0znzqyx3nldhvwaw8ilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mte3mzczmjmumdmxncisinvzzxjhz2vudci6iklubm8gu2v0dxagni4yljiilcj1dg0ionsiy2ftcgfpz24ioijqv05fvvnfuei0xzm3ndiilcjjb250zw50ijoimzc0ml9zzxr1cglviiwiawqioii4nme3ymy5nzi1yjk0ndyxyjmzyzmzmgm3zta5nduwmsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu1zwjhzda2ltcxy2mtndg4ny1hogrmltdlytdjnzkwmzhhysj9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe "c:\users\user\appdata\local\programs\opera gx\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_0040247A AllocateAndInitializeSid,CheckTokenMembership,FreeSid,
Source: installer.exe, 0000000E.00000003.2692576902.000001CCE05B4000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 0000001D.00000002.2821886109.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmp, launcher.exe, 0000001D.00000000.2754276925.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: Cannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000E.00000002.2857495442.000001CCE0616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager_17aZ
Source: installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000E.00000002.2859196195.000001CCE16AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
Source: OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2715945417.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713444229.0000000004CE0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: OperaGXSetup.exe, installer.exe, 0000000E.00000003.2753623330.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2857495442.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: installer.exe, 0000000E.00000003.2753486857.000001CCDECE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndX
Source: explorer.exe, 00000012.00000000.2716940508.0000000009ADC000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnde
Source: installer.exe, 0000000E.00000002.2859196195.000001CCE16AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnddia Center{
Source: installer.exe, 0000000E.00000002.2857162913.000001CCDECE4000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2753486857.000001CCDECE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd 0
Source: explorer.exe, 00000012.00000000.2712063818.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
Source: installer.exe, 0000000E.00000002.2857162913.000001CCDECE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndX *
Source: explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: installer.exe, 0000000E.00000002.2859196195.000001CCE16AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagerWi
Source: explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
Source: installer.exe, 0000000E.00000003.2753623330.000001CCE0616000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000002.2857495442.000001CCE0616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00351220 cpuid
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,??_U@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: GetLocaleInfoW,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: GetLocaleInfoW,
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\installer_prefs_include.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\root_files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\installer_prefs_include.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\ab_tests.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\video_conference_popout.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\browser.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\siteprefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\partner_speeddials.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_666039449\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_666039449\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1442496224\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1442496224\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Web\Wallpaper\Windows\img0.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1033481467\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1033481467\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1054666066\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1054666066\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_493994295\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_493994295\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_386930391\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_386930391\GX_Wallpaper_Light_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1951791623\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1951791623\wallpaper.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1833749219\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1833749219\classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_240964628\persona.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_240964628\GX_Wallpaper_classic.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\ScriptCache\4cb013792b196a35_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_459604197\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\347e592f-ac7b-4e67-84d5-adbd5f59389f.tmp VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_459604197\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\history-tags.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\main.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\startpage_test_function.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\targeted_sd_section.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk\1.1.3_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\fr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1055328301\CRX_INSTALL\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\opera-services\cashback.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1960971200\CRX_INSTALL\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\web3\dispatcher.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\opera-services\cashback.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\img\icons\icon_512.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\be\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bg\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\bn\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ca\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\cs\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\da\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\de\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\el\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en_GB\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\es_419\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\fr_CA\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\hu\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\id\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\it\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ja\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ko\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\lv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ms\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nb\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\nl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\pt_BR\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ro\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ru\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sv\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\sw\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\ta\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\te\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\th\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tl\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\tr\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\uk\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\vi\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_CN\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\zh_TW\messages.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\avatar-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\checkbox.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\close.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\cover-placeholder.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-arrow.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\go-to-twitch-logo.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\list-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\no-avatar.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\notification.mp3 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\search.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\settings.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\tile-view.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x1.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\assets\twitch-placeholder@x2.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\background.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\common.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\input_styles.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_icon.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\components\stream_list.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\dummy_steamer_data.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch128.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.css VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.html VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\sidebar.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\template.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\colors.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\preferences.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\sounds.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\stats.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\twitch_api.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\utils.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\utils\volume.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_metadata\computed_hashes.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir6668_1453063255\CRX_INSTALL\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\webpage_content_reporter.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\icons\512\icon_512_black.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\_metadata\verified_contents.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0108e89c9003e8c14ea3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\017c29dbc4d9f1f201e9.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\01ac8450057de556853b.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\02271ec5cb9f5b4588ac.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0246e88ab3b60542f582.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0264fb02c65c7cc33355.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\046461fc1a778fe43d99.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\073b3402d036714b4370.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0c3b8929d377c0e9b2f3.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\0eebbdfb27d542c486ce.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\13a27524bd914f383b14.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\169.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\172d3529b26f8cedef6b.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1b3b83dac50be6b9c503.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e1c0e29b79b49a6ff4d.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\1e649c8a03d6232a688c.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\20f389c4120be058d80a.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\211.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\212532323374ae2448ec.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2179f0be6a7943d619de.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2573fae744f00a3822ff.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2960900c4f271311eb36.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2b1d5bea6b59d7df7543.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2d0dbf42750207f78ffa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2e7fc7bc27f14936d460.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\2f7bc363fc5424ebda59.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\354501bac435c3264834.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\36c7b8b5ca8e5fb1c18c.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3732873d6bcc644421fa.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\395.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\39890742bc957b368704.woff2 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3a99e70aee4076660d38.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3be6ad1b3df0e5831c59.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3d0614224103268f2be7.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3dcbef40ef1b04e21951.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\3f07ed67f06c720120ce.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\428978dc7837d46de091.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\44d85d37ca16b0b3a224.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4ad7c7e8bb8d10a34bb7.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c6b94fd1d07f8beff7c.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4c761b3711973ab04edf.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\4f35fbcc9ee8614c2bcc.woff VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\53d29add4f51cb58cf68.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5571ad00c83ed7c02dfe.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\57f5c1837853986ea1db.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\591.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5adac599c899f8c8e7a5.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b49f4993ae22d7975b4.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5b7f1191e76219e1b1a6.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5d1a909f3c0b18e897f0.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\5e577791088fdf698fe4.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\60b4a28215d22a7d41a3.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\637f22f6137db0081579.svg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeQueries volume information: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\3.2_0\651.js VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_0039CB18 GetVersion,CreateNamedPipeW,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00401841 ??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLocalTime,SystemTimeToFileTime,??2@YAPAXI@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exeCode function: 11_2_00300746 GetUserNameW,GetNamedSecurityInfoW,GetNamedSecurityInfoW,GetExplicitEntriesFromAclW,CheckTokenMembership,BuildExplicitAccessWithNameW,SetEntriesInAclW,SetEntriesInAclW,LocalFree,LocalFree,LocalFree,LocalFree,SetNamedSecurityInfoW,SetNamedSecurityInfoW,LocalFree,LocalFree,
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 10_2_00405750 ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z,GetVersionExW,GetCommandLineW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetModuleFileNameW,_wtol,??2@YAPAXI@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfW,_wtol,GetCommandLineW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetCurrentProcess,SetProcessWorkingSetSize,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CoInitialize,_wtol,??3@YAXPAX@Z,GetKeyState,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetFileAttributesW,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetCurrentDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,MessageBoxA,
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 BlobJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		22
Windows Management Instrumentation		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		1
OS Credential Dumping		1
System Time Discovery		Remote Services11
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API		1
DLL Search Order Hijacking		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
Credential API Hooking		1
Account Discovery		Remote Desktop Protocol1
Browser Session Hijacking		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts12
Command and Scripting Interpreter		1
Valid Accounts		1
DLL Search Order Hijacking		1
Abuse Elevation Control Mechanism		11
Input Capture		4
File and Directory Discovery		SMB/Windows Admin Shares1
Data from Local System		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Scheduled Task/Job		1
Windows Service		1
Valid Accounts		21
Obfuscated Files or Information		NTDS76
System Information Discovery		Distributed Component Object Model1
Credential API Hooking		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Scheduled Task/Job		11
Access Token Manipulation		1
Software Packing		LSA Secrets1
Query Registry		SSH11
Input Capture		Fallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Windows Service		1
Timestomp		Cached Domain Credentials231
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items13
Process Injection		1
DLL Side-Loading		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job1
Scheduled Task/Job		1
DLL Search Order Hijacking		Proc Filesystem131
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Masquerading		/etc/passwd and /etc/shadow3
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Valid Accounts		Network Sniffing1
Remote System Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Modify Registry		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task131
Virtualization/Sandbox Evasion		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers11
Access Token Manipulation		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
Business RelationshipsServerTrusted RelationshipVisual BasicContainer Orchestration JobContainer Orchestration Job13
Process Injection		Web Portal CaptureLocal GroupsComponent Object Model and Distributed COMLocal Email CollectionInternal ProxyCommonly Used PortDirect Network Flood

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417615 Sample: SecuriteInfo.com.Adware.Ele... Startdate: 29/03/2024 Architecture: WINDOWS Score: 38 142 Multi AV Scanner detection for submitted file 2->142 144 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 2->144 146 Contains functionality to register a low level keyboard hook 2->146 148 2 other signatures 2->148 12 SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe 2 2->12         started        15 launcher.exe 2->15         started        process3 file4 104 SecuriteInfo.com.A....22.28512.27778.tmp, PE32 12->104 dropped 17 SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp 3 19 12->17         started        106 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 15->106 dropped 21 installer.exe 15->21         started        process5 dnsIp6 126 107.167.110.211 OPERASOFTWAREUS United States 17->126 128 44.217.103.196 AMAZON-AESUS United States 17->128 130 88.208.5.115 ADVANCEDHOSTERS-ASNL Netherlands 17->130 66 C:\Users\user\AppData\Local\...\is-CR25G.tmp, PE32 17->66 dropped 68 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 17->68 dropped 70 C:\Users\user\AppData\Local\...\OperaLib.dll, PE32 17->70 dropped 72 C:\Users\user\...\OperaGXSetup.exe (copy), PE32 17->72 dropped 23 OperaGXSetup.exe 47 17->23         started        74 Opera_installer_2403291836581706692.dll, PE32+ 21->74 dropped file7 process8 dnsIp9 132 107.167.110.218 OPERASOFTWAREUS United States 23->132 134 107.167.125.189 OPERASOFTWAREUS United States 23->134 136 6 other IPs or domains 23->136 88 C:\Users\user\AppData\Local\...\opera_package, PE32 23->88 dropped 90 Opera_GX_107.0.504...toupdate_x64[1].exe, PE32 23->90 dropped 92 Opera_installer_2403291835508755424.dll, PE32 23->92 dropped 94 4 other files (none is malicious) 23->94 dropped 152 Writes many files with high entropy 23->152 28 OperaGXSetup.exe 1 181 23->28         started        31 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 5 23->31         started        33 OperaGXSetup.exe 5 23->33         started        35 2 other processes 23->35 file10 signatures11 process12 file13 108 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 28->108 dropped 110 C:\Users\user\AppData\...\assistant_package, PE32 28->110 dropped 112 C:\Users\user\...\gx-classic-light.zip, Zip 28->112 dropped 124 25 other files (4 malicious) 28->124 dropped 37 installer.exe 32 28->37         started        41 OperaGXSetup.exe 4 28->41         started        114 C:\Users\user\AppData\Local\...\mojo_core.dll, PE32 31->114 dropped 116 C:\Users\user\...\browser_assistant.exe, PE32 31->116 dropped 118 C:\Users\user\...\assistant_installer.exe, PE32 31->118 dropped 120 Opera_installer_2403291835511345172.dll, PE32 33->120 dropped 122 Opera_installer_2403291835514565980.dll, PE32 35->122 dropped 43 assistant_installer.exe 2 35->43         started        process14 file15 78 C:\Users\user\AppData\Local\...\opera.exe, PE32+ 37->78 dropped 80 Opera_installer_2403291836453876324.dll, PE32+ 37->80 dropped 82 C:\Users\user\AppData\Local\...\launcher.exe, PE32+ 37->82 dropped 84 C:\...\launcher.exe.1711737406.old (copy), PE32+ 37->84 dropped 150 Installs a global event hook (focus changed) 37->150 45 explorer.exe 37->45 injected 47 rrcsBizXUHISSeck.exe 37->47 injected 50 launcher.exe 37->50         started        52 15 other processes 37->52 86 Opera_installer_2403291835520002656.dll, PE32 41->86 dropped signatures16 process17 file18 55 opera.exe 45->55         started        156 Found direct / indirect Syscall (likely to bypass EDR) 47->156 60 opera.exe 50->60         started        62 opera_gx_splash.exe 50->62         started        76 Opera_installer_2403291836456646936.dll, PE32+ 52->76 dropped signatures19 process20 dnsIp21 138 192.168.2.4 unknown unknown 55->138 140 239.255.255.250 unknown Reserved 55->140 96 C:\Users\user\...\gx-classic-light.zip, Zip 55->96 dropped 98 C:\Users\user\AppData\...\gx-classic-dark.zip, Zip 55->98 dropped 100 C:\Users\user\...\gx-1-classic-light.zip, Zip 55->100 dropped 102 18 other malicious files 55->102 dropped 154 Tries to harvest and steal browser information (history, passwords, etc) 55->154 64 opera_crashreporter.exe 60->64         started        file22 signatures23 process24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe37%ReversingLabsWin32.Trojan.Generic
SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe47%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Opera_GX_assistant_73.0.3856.382_Setup[1].exe0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Opera_GX_assistant_73.0.3856.382_Setup[1].exe1%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711737406.old (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711737406.old (copy)0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\mojo_core.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\notification_helper.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera.exe0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://autoupdate-staging.services.ams.osa/0%URL Reputationsafe
http://autoupdate-staging.services.ams.osa/0%URL Reputationsafe
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%URL Reputationsafe
https://www.remobjects.com/ps0%URL Reputationsafe
http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching0%URL Reputationsafe
https://outlook.com_0%URL Reputationsafe
https://desktop-netinstaller-sub.osp.opera.software/b0%Avira URL Cloudsafe
https://partners-offapi.net/apiBundle/geo?sourceID=31120&subId_1=361D4F6E-6488-4FB2-BF8B-32AC86835170%Avira URL Cloudsafe
http://localhost:3001api/prefs/?product=$1&version=$2..0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/U0%Avira URL Cloudsafe
https://net.geo.opera.com8R7/KLRL579/0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryve70%Avira URL Cloudsafe
https://www.innosetup.com/0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryCx0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/b0%VirustotalBrowse
https://www.innosetup.com/1%VirustotalBrowse
https://yandex.com.tr/search/?clid=1669559&text=0%Avira URL Cloudsafe
http://www.kymoto.orgA0%Avira URL Cloudsafe
http://www.kymoto.orgAbout0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/6~0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/U0%VirustotalBrowse
https://yandex.com.tr/search/?clid=1669559&text=0%VirustotalBrowse
https://gamemaker.io)0%Avira URL Cloudsafe
https://features.opera-api2.com/)l0%Avira URL Cloudsafe
http://crl4.digg0%Avira URL Cloudsafe
https://partners-offapi.net/apiBundle/stpstat0%Avira URL Cloudsafe
https://gamemaker.io/en/get.0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/6~0%VirustotalBrowse
https://gamemaker.io0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binarytx0%Avira URL Cloudsafe
https://partners-offapi.net/apiBundle/stpstat1%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryBy0%Avira URL Cloudsafe
https://gamemaker.io/en/get.0%VirustotalBrowse
https://smolecular.icu/tfg/?src=setupIO0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryBy0%VirustotalBrowse
https://gamemaker.io0%VirustotalBrowse
https://config.gx.games/0%Avira URL Cloudsafe
https://smolecular.icu/tfg/?src=setupIO0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/0%VirustotalBrowse
https://config.gx.games/0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryCx0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/v1/binarytx0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://try.opera.com/72TR8R7/KLRL579/?sub1=setupio&sub2=31120SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.0000000000870000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.0000000000876000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002398000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2712316828.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000013.00000000.2739420869.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000014.00000000.2740429131.0000000001330000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000015.00000000.2741486699.0000000001500000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000016.00000000.2742508996.0000000001870000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000017.00000000.2743307763.00000000010E0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000018.00000000.2744169384.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 00000019.00000000.2745906045.0000000001830000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001A.00000000.2749446919.0000000001110000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001B.00000000.2752926892.00000000016E0000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001C.00000000.2754804739.0000000001670000.00000002.00000001.00040000.00000000.sdmp, rrcsBizXUHISSeck.exe, 0000001E.00000000.2778762112.0000000001AB1000.00000002.00000001.00040000.00000000.sdmpfalse
    		high
    https://aka.ms/odirmrexplorer.exe, 00000012.00000000.2713624554.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
      		high
      https://net.geo.opera.com8R7/KLRL579/SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.000000000242D000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://yandex.ua/search/?clid=2358536&text=installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://legal.opera.com/termsSecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2983667346.0000000003D0B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D11000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
          		high
          https://www.deezer.com/sr/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://api.browser.yandex.ua/suggest/get?part=installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                https://download.opera.com/uOperaGXSetup.exe, 00000005.00000003.2162819871.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2161348409.0000000001A65000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://help.opera.com/latest/OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, launcher.exe, 0000001D.00000002.2813281163.000052F800288000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000002.2818715184.000073F000254000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000012.00000000.2715945417.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                      		high
                      https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://download5.operacdn.com/IfOperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://policies.google.com/terms;OperaGXSetup.exe, 00000005.00000002.2884160745.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A3A000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.000000000105A000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                            		high
                            https://www.baidu.com/favicon.icoinstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://ff.search.yahoo.com/gossip?output=fxjson&command=installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://autoupdate-staging.services.ams.osa/OperaGXSetup.exefalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://desktop-netinstaller-sub.osp.opera.software/bOperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://localhost:3001api/prefs/?product=$1&version=$2..OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://www.opera.comOperaGXSetup.exe, 00000005.00000003.2350253023.000000004914C000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2506614581.0000000049160000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newOperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.0000000003384000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000B.00000002.2365475236.0000000000447000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                    		high
                                    https://partners-offapi.net/apiBundle/geo?sourceID=31120&subId_1=361D4F6E-6488-4FB2-BF8B-32AC8683517SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1795740904.00000000007F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.deezer.com/no/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.deezer.com/ro/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://completion.amazon.com/search/complete?q=installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://listen.tidal.com/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://desktop-netinstaller-sub.osp.opera.software/UOperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwareOperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.remobjects.com/psSecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1779494360.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://desktop-netinstaller-sub.osp.opera.software/v1/binaryve7OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.innosetup.com/SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777621493.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1777988728.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000000.1779494360.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                  • 1%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.deezer.com/fi/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://download3.operacdn.com/OperaGXSetup.exe, 00000005.00000003.2167809590.0000000001A37000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276745510.0000000001A37000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2890562952.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887132236.0000000001988000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388096688.000000000502D000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2881045334.000000000502D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://net.geo.opera.com:443SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2966678264.0000000003D47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1eOperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.so.com/favicon.icoinstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.deezer.com/mx/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://wns.windows.com/Lexplorer.exe, 00000012.00000000.2719255948.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://crashpad.chromium.org/assistant_installer.exe, assistant_installer.exe, 0000000C.00000002.2366144225.0000000000447000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                  		high
                                                                  https://addons.opera.com/en/extensions/details/dify-cashback/launcher.exe, 0000001F.00000000.2765373482.00007FF6ED634000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                    		high
                                                                    https://www.deezer.cominstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://autoupdate.geo.opera.com/geolocation/OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                        		high
                                                                        https://desktop-netinstaller-sub.osp.opera.software/v1/binaryCxOperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • 0%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://duckduckgo.com/?q=installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://yandex.com.tr/search/?clid=1669559&text=installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • 0%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.kymoto.orgASecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.0000000002398000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://crashstats-collector.opera.com/collector/submitinstaller.exe, 0000000F.00000002.2872788376.000002E63AC50000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2875732136.00002B9C002AC000.00000004.00001000.00020000.00000000.sdmp, opera.exe, 00000021.00000003.2804768028.000073F0002E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.kymoto.orgAboutSecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000012.00000000.2713624554.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://desktop-netinstaller-sub.osp.opera.software/6~OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • 0%, Virustotal, Browse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://opera.com/privacyOperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                      		high
                                                                                      http://www.kymoto.orgSecuriteInfo.com.Adware.Elemental.22.28512.27778.exe, 00000000.00000003.1776639051.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2977724410.00000000023CA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1782647300.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.opera.com/eula/computersSecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://gamemaker.io)OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		low
                                                                                            http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/FetchingOperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://duckduckgo.com/favicon.icoinstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.google.com/favicon.icoinstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://features.opera-api2.com/)lOperaGXSetup.exe, 00000005.00000002.2890469695.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://crl4.diggOperaGXSetup.exe, 00000005.00000002.2887132236.0000000001A0B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://download3.operacdn.com/spOperaGXSetup.exe, 00000005.00000003.2167728563.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://partners-offapi.net/apiBundle/stpstatSecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          • 1%, Virustotal, Browse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.deezer.com/ru/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://gamemaker.io/en/get.OperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                              • 0%, Virustotal, Browse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://gamemaker.ioOperaGXSetup.exe, OperaGXSetup.exe, 00000009.00000002.2880101734.000000000105A000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • 0%, Virustotal, Browse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2387970978.000000000509B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://translate.yandex.net/main/v2.92.1465389915/i/favicon.icoinstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/installer.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://desktop-netinstaller-sub.osp.opera.software/v1/binarytxOperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • 0%, Virustotal, Browse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://outlook.com_explorer.exe, 00000012.00000000.2719255948.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		low
                                                                                                                        https://browser-notifications.opera.com/api/v1/Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000A.00000003.2362613101.00000000034F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://desktop-netinstaller-sub.osp.opera.software/v1/binaryByOperaGXSetup.exe, 00000005.00000003.2340456692.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A65000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • 0%, Virustotal, Browse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.deezer.com/us/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://smolecular.icu/tfg/?src=setupIOSecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2972553999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.1825748633.0000000000864000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2968654031.000000000086E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2964326998.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp, 00000001.00000003.2985134000.000000000086E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • 0%, Virustotal, Browse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1%OperaGXSetup.exe, 00000005.00000003.2362601899.0000000001A36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000012.00000000.2713624554.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://OperaGXSetup.exe, 00000005.00000002.2884160745.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000006.00000002.2895156720.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000007.00000002.2146216434.0000000000A60000.00000040.00000001.01000000.0000000B.sdmp, OperaGXSetup.exe, 00000008.00000002.2872841518.0000000001080000.00000040.00000001.01000000.00000008.sdmp, OperaGXSetup.exe, 00000009.00000002.2880101734.0000000001080000.00000040.00000001.01000000.00000008.sdmp, installer.exe, 0000000E.00000000.2683131065.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000002.2877709511.00007FF7097B7000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://crashstats-collector.opera.com/collector/submit0x300OperaGXSetup.exe, 00000009.00000002.2884935461.0000000028C24000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://crashstats-collector.opera.com/collector/submit--url=https://crashstats-collector.opera.com/installer.exe, 0000000F.00000002.2875896318.00002B9C002C4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • 0%, Virustotal, Browse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://www.deezer.com/es/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=107.0.5045.79AsOperaGXSetup.exe, 00000005.00000003.2880727130.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000003.2388014507.0000000001A64000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000005.00000002.2887654221.0000000001A64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://config.gx.games/OperaGXSetup.exe, 00000005.00000002.2887132236.00000000019D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • 0%, Virustotal, Browse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://www.deezer.com/de/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://download.opera.com/download/get/?id=65442&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_UOperaGXSetup.exe, 00000005.00000003.2276691379.0000000001A4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.deezer.com/th/logininstaller.exe, 0000000E.00000003.2745278631.000075B400604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high

                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public IPs

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                44.217.103.196
                                                                                                                                                		unknownUnited States
                                                                                                                                                		14618AMAZON-AESUSfalse
                                                                                                                                                37.228.108.133
                                                                                                                                                		unknownNorway
                                                                                                                                                		39832NO-OPERANOfalse
                                                                                                                                                23.48.203.201
                                                                                                                                                		unknownUnited States
                                                                                                                                                		24319AKAMAI-TYO-APAkamaiTechnologiesTokyoASNSGfalse
                                                                                                                                                104.18.8.172
                                                                                                                                                		unknownUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                88.208.5.115
                                                                                                                                                		unknownNetherlands
                                                                                                                                                		39572ADVANCEDHOSTERS-ASNLfalse
                                                                                                                                                192.229.211.108
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15133EDGECASTUSfalse
                                                                                                                                                239.255.255.250
                                                                                                                                                		unknownReserved
                                                                                                                                                		unknownunknownfalse
                                                                                                                                                104.18.10.89
                                                                                                                                                		unknownUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                107.167.110.218
                                                                                                                                                		unknownUnited States
                                                                                                                                                		21837OPERASOFTWAREUSfalse
                                                                                                                                                107.167.110.211
                                                                                                                                                		unknownUnited States
                                                                                                                                                		21837OPERASOFTWAREUSfalse
                                                                                                                                                107.167.125.189
                                                                                                                                                		unknownUnited States
                                                                                                                                                		21837OPERASOFTWAREUSfalse
                                                                                                                                                107.167.96.31
                                                                                                                                                		unknownUnited States
                                                                                                                                                		53755IOFLOODUSfalse

                                                                                                                                                Private

                                                                                                                                                IP
                                                                                                                                                192.168.2.4

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                Analysis ID:1417615
                                                                                                                                                Start date and time:2024-03-29 19:34:13 +01:00
                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 14m 34s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:light
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                Run name:Run with higher sleep bypass
                                                                                                                                                Number of analysed new started processes analysed:25
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:16
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Sample name:SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
                                                                                                                                                Detection:SUS
                                                                                                                                                Classification:sus38.rans.spyw.evad.winEXE@106/1185@0/13
                                                                                                                                                EGA Information:
                                                                                                                                                • Successful, ratio: 37.5%
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 64%
                                                                                                                                                • Number of executed functions: 0
                                                                                                                                                • Number of non-executed functions: 0
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                Warnings

                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                • Created / dropped Files have been reduced to 100
                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                TimeTypeDescription
                                                                                                                                                18:36:53Task SchedulerRun new task: Opera GX scheduled Autoupdate 1711737405 path: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe s>--scheduledautoupdate $(Arg0)

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                No context

                                                                                                                                                Domains

                                                                                                                                                No context

                                                                                                                                                ASNs

                                                                                                                                                No context

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                No context

                                                                                                                                                Dropped Files

                                                                                                                                                No context

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:Certificate, Version=3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1428
                                                                                                                                                Entropy (8bit):7.688784034406474
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):254
                                                                                                                                                Entropy (8bit):3.06077288271926
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:kKP5LDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:X5LYS4tWOxSW0PAMsZp
                                                                                                                                                MD5:65E66C643C62F9356D9BDE3A2D8B6DA7
                                                                                                                                                SHA1:A69AF4850B203D2A220538A9CA2B89101C86A6EF
                                                                                                                                                SHA-256:06272A71D4E08484A18C6A748D559AA96C8FE3E9B5C82C9BEF53A7D2BE419DF4
                                                                                                                                                SHA-512:BAC58E5BB55C94CE1923E2D5BF75647CC87A281934E1143EF4615CCE019B2EA0191DE27BB610A354A77651C847D8B85BAA8CC13B442139D3EE7597BD1C713E85
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:p...... ....l....l......(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.db

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):109624
                                                                                                                                                Entropy (8bit):4.024022148317409
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:bP7FDIkDk2XGu/f5Njk0ygGPHjhd/N/LyrrJEn5KxQ6RR1v/0oVeXmcypJ3Mdhg1:Hk2/BG/VdSchgiPGjnf+PFYKJq/
                                                                                                                                                MD5:90477A9375ED2F730FE986BDC72A3218
                                                                                                                                                SHA1:FD720DA1DF06A7DFB9B2700F6800CA53CEF1DDF4
                                                                                                                                                SHA-256:6DBDBEAA611DF6225F82844424985D01D9DC3E891F9E2CC301136ECCB3A1B257
                                                                                                                                                SHA-512:A840922E947D6496C8A487C6D01F033BF1E34FE704C862ADEA10FE4B61D7564A516A2BE42BA4A82BC756B72B1B9C3663178AD1D8091236666B13EA8C45A011A3
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:....h... ...8..........P..............Z...8...a........... ...........X.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002e.db

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):107824
                                                                                                                                                Entropy (8bit):4.037579683480944
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:LDZF4tuykTGJzuFvPjk0m5OyhSwrvBGNGLw1eJQ+aoxZz8R1vIhokb1m/ypu3a86:Ak6uscyQsvzKhginGJnoUFkKeIphH
                                                                                                                                                MD5:4FDB20C57754C47432BBC293B4D8F4AA
                                                                                                                                                SHA1:151B795E6744B9D6C57A2B7455BCF3833E1BCB4E
                                                                                                                                                SHA-256:0A662BAB85975AF388647AAD2C7FB18EF5F5BF7D48A1C2D42D49571B092050BB
                                                                                                                                                SHA-512:8E5F454DCB4128104F24DEFED3561523D007305A6894DEC6F112FFA0506803D86C7D90769093B21643AD55F908665C3D91E35F5A594715D0763D5C194C687710
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:....h... ...0..........P..............Z...8...a........... ...........X.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002f.db

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):105952
                                                                                                                                                Entropy (8bit):4.051217656460597
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:7kifyyupcojuiqzGh8iGGMngCF0KJXXSmw:7kgyyupcojuNzGh8iRCFznS3
                                                                                                                                                MD5:36A48CF290B28F3CCD11414CF62DCC69
                                                                                                                                                SHA1:973568BFDA3B8E7AFFECAADBDDA6EB60C1EC58D2
                                                                                                                                                SHA-256:72368748851A5B5710B4842489BD0F7132756CAA6DA5A971066D0573C1A5C3AA
                                                                                                                                                SHA-512:C4869F7AC79CB62B9990B9E742CE4381361D24A197576CBAC8D7BD817C1CF609EF2622E5123F11C04140138D6DA9D56E9E8E24743C9577B2B8A2F2785E2C5764
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:....h... ...............P...............Z......a...0..............x...X.......e.n.-.C.H.;.e.n.-.G.B...............P..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\features[1].json

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:JSON data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1523
                                                                                                                                                Entropy (8bit):4.399292637963254
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:YPiRyiRAS3R+GRH4rRUtRCRMR6mR9R5DR3RoRY+RWEIiRGiRCR8xRIjRuAcBpDRC:YqRyiRhR/RYRUtRCRMR6mR9R5DR3RoRY
                                                                                                                                                MD5:B7C15128A1E2AA333069D2797BFEFD6E
                                                                                                                                                SHA1:5BD78BF3DF58921E80A72895BFDF2DE3F6549A50
                                                                                                                                                SHA-256:FA5789F32C280FCDEA8E61CA8A322F859390C64CE8776D131CE73421D9882A93
                                                                                                                                                SHA-512:DCC4EA98D587CDBC7FB21A7EB383938CE70744DF897EC9D8A7BCF1532E1028D0D1395B9732494FC3196AD2D080D33F5F2153A82A3DFC0F2F055D5E31B50DA75F
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:{"features":{"01979299c8cd":{"state":"enabled"},"13e025f64bd6":{"state":"disabled"},"13eeaf851da7":{"state":"enabled"},"15322f489976":{"state":"enabled"},"1ad69b007ce5":{"state":"enabled"},"1c4dddb65bac":{"state":"enabled"},"1d24dceb937a":{"state":"enabled"},"278deecb29a1":{"state":"enabled"},"2c1429a5a72e":{"state":"enabled"},"3389f6c15eb9":{"state":"enabled"},"40db6e644d2c":{"state":"disabled"},"50796754ffc7":{"state":"enabled"},"5448a57d6689":{"state":"disabled"},"54726ed4401e":{"state":"enabled"},"56d717ae3ad6":{"state":"enabled"},"5a28d66c82cd":{"state":"enabled"},"603cade21cf7":{"state":"enabled"},"654296fe9d6c":{"state":"enabled"},"818c3ef12d0b":{"state":"enabled","dna_filter":{"required_dna":["64336fb81a04836eb8108d24fbca3aa3682db0a5"],"forbidden_dna":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"]}},"8511df77ed15":{"state":"enabled"},"970fe421a344":{"state":"enabled"},"9ec4e68ae70a":{"state":"disabled"},"b2a2a32b832b":{"state":"enabled"},"b7751444d14a":{"state":"enabled"},"b9677b

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Opera_GX_assistant_73.0.3856.382_Setup[1].exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1499104
                                                                                                                                                Entropy (8bit):7.985603261747699
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:4ACKcQz8HkfJ8dQnd4GrbwsgY+UfLBCQdI5f3cjCRgCPPWCUZry8k/GUrbN:5pT8HkfJ5eGrbmR0afsXCBrG
                                                                                                                                                MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\1698947853-custom_partner_content[1].json

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1344708
                                                                                                                                                Entropy (8bit):6.081849998191263
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:idUTvr+x0E4H3CAHkd0OhPVVUCs4dxemFiG7V76d5vQVUCaxU:iKTHhySkuz/G65v1y
                                                                                                                                                MD5:1FB07CF2B20D516ADC1067D9C4C57BB7
                                                                                                                                                SHA1:DA0BFEB9A98B2FDAF422A1B52FFA33ECA0684EA1
                                                                                                                                                SHA-256:294592F92BDDA407A531D81D64B7D141979F7B5B052370C1041430530DB7C481
                                                                                                                                                SHA-512:F4B17E1E60281465A3288E5BDE7C537AC419236A72B680AD533E93CAE81DC8E12221339A737C27257B0A561192F655C70230D818EB0219CCB5E4641B5FF811D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:// DUwgkzpRs2UBZDQI77+cT3P6rFCB1A0dTs323s0P8VwKPNxJg7UC76QDbcCRMySUWu6oS1yzTCguRlUYTcidqpeZdtHOL09/z+luPzIHHqB/vQ9rnmKvNPJpGrBJkKfytTOuw9v8frDeZaeH6r4iB1b3IcxXDVBG/cZiVMvhj0/b9SbAbkgN94GUrDjIArHEo49eBMFcYKuLFjOUmbiRuESFn3Rlx1SFNsPk2GEohrRvsb3Fzh9UH6hwKFUEBxwUWIGMtPpf2rIDmUxAEUigjvrWMiGoDk4x5FdM+p5livY9OVeyVGtcfDm8zZJ3psJ6Uz8cqK1ZhYsebZFUup9rZA==.{. "version": 32,. "partner_id": "std-1",. "user_agent": "std-1",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0].

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_107.0.5045.79_Autoupdate_x64[1].exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):142198520
                                                                                                                                                Entropy (8bit):7.999995421447281
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:3145728:4PPyb5NN6TkxOYod/OocWSqlsw6I3iYwiA1+ulOYZ:gP4Z0/jl0vVB+usg
                                                                                                                                                MD5:E5C66BC2A10855CB4164EEF86F92FB0D
                                                                                                                                                SHA1:9453AA10DE00E311EE3415D1C07F1990FE6FB491
                                                                                                                                                SHA-256:FD238E7993A9800F8B9D5C0C0F4FB90E624823BC4A085F658F9544296A4A967D
                                                                                                                                                SHA-512:CFE5614CD7FBA269DC89A69240382B42649AA45449266447EC29E95A01C69D898F317AD75E07651BD75AB7FCF42C1E6E1731457F91A51397810744D95F1F96B9
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..................................z......................................b......................X.y..)...........................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\107.0.5045.79.manifest

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):225
                                                                                                                                                Entropy (8bit):4.929804541487484
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:KdhlRu9TbX+A8/5RFYpThkokIkoX0CdiYCWoA1G:KLuVA5cp1kvIks07vWBG
                                                                                                                                                MD5:C45BDB4215269232365A5939FDCFD5EF
                                                                                                                                                SHA1:6947C09E83ED9FF44C747280104CE62C129CE08B
                                                                                                                                                SHA-256:881561A1AF511D35898655D5233605380EF1E71111781C05F637AE7EC578B216
                                                                                                                                                SHA-512:0575A827C9C57FD1B7EDA4FDC6B5D710EE87AB3CCB1F74CF3F3E6A771A1EFCE490F549BF90803D237352D6E461E3275EA90B9D41B701E56F8DBFD07F44733E14
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='107.0.5045.79'.. version='107.0.5045.79'.. type='win32'/>.. <file name='opera_elf.dll'/>..</assembly>..

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-100.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2181
                                                                                                                                                Entropy (8bit):7.807674908350133
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:Pe+1prHq0WWdnFX5lKhqEiJVk10s5pqe/cme:G+1prHqXkhrWqEiJa10ae
                                                                                                                                                MD5:B5A21B88B3D8A42DF265817EBEB742BB
                                                                                                                                                SHA1:E0BE32B4FC158DB4E9783094CCE614922114B742
                                                                                                                                                SHA-256:9635C074C9D8EDDE0BAF3111DBD7DB49CBDC370C4F729C80AC382949F32BE526
                                                                                                                                                SHA-512:21ECE0DCF17B038400D09565438FCE8BE61746DAA0250F2FA9D0526BBA3D1CE6F8DA5CCE944EF8FA685C5EB6CF857B073D2A50ADA44A44A76D84813871FAA5D0
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......gt..6...7YjaU....0.*.......3..l.#.. =.h0t.06.v..C...T.}m..%...g..i,Cq..8.g.q..hx. .>..Kz...1....VF.)..q..$....._Z-.U...(....~>...-z]$.mh.%...e.+.....|.n.2..:...N._R..x..>.|S......i?.P....Q.F.d..U.8..i...T...........I.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-100_contrast-white.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 150 x 150, 8-bit gray+alpha, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1828
                                                                                                                                                Entropy (8bit):7.716814612583543
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:uIrxqF+qFL9yUaKagPWex0mLgIbPdyFKD0YTkogFey6mkAN7G:3wFRoGagTx0A4KDfTko6eCZG
                                                                                                                                                MD5:0BAE0648C3E320C4D439F158B4FD5531
                                                                                                                                                SHA1:4E860AE24F03522C89BDF37F3CCC10B54832861E
                                                                                                                                                SHA-256:28CE8FCB22080CE1F69346CB0720BBE5662959E413426F00062B706013DA8C28
                                                                                                                                                SHA-512:6A5E4105CCBE1664546798DB057B93622C9CBD6D5AF4967E6BE4E390A18FEC0FFCC807E3331F09ED0DE63ED85569BE7EC5EED5A7C663DF6CE4A5B70E09500371
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR................i....IDATx...i.]U........J..RT.H....T...seV..)b.B.5.@.a.Q..P.c. 2E....eR...P(.....P........I...s..v...y...u......Q.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ...S.n...j.."....p..|B..]....>.......9.32.....Y.l.R..*y.\.8.4.....p.K..EY%}.5.h.[*.|.V..i.F..q~...;..W61.M5_..1F...Gj..IZ..u. ...*.w....oS..D.r.).U....j.y.#..y..U..;S.-"...n..v.^i.UW.j.hk...n.....,...LRe[.i.}....H.z@.9.q..".v.U9.""n.)....DD.iX.b.....*'....v5.#..~.$.7.]..Tm.....i......+....m...x.j_.'"NG.]..n.j.vl{..Ls...;.T.=E..3...1;.v..xB...*"^.1U..8...xL,7]...D.9.i.."..N.."...c..D...X...c+.t..8M...[......"f.........R..0R.1..Xh..;ND.=U.ID.a.....v..8...'.uct.....k.q>.q.jc.+b...F....r....AN.....}.....Y.J.k~.;4.3".U....s..$....n.q.b{.q.j......".Y_..E...b.=.S.".4...[...S....Y.6O.L...."...."......i../"..!M.>..4ED.....I..""60x.Ct.i...4.."..f..`(.....4..5.L....o........*W....xX.M...E..C...r.....U...8..<'.G.}D....E.k!.8...ED..iL...V.8.."b.C3[Dl..gED..^....-...NDL.iBs..O...`m..zW...k.A

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-140.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 210 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3140
                                                                                                                                                Entropy (8bit):7.81304512495968
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:X4+RWiQZwj2bSjtW8+i2elETWt5nQ1pzuiV8:ozEW8+iZECt9kzuie
                                                                                                                                                MD5:7E529063A02E4E83736B0263CB1B82E0
                                                                                                                                                SHA1:17A3C4B76962E90B1D2FA8A49441157949F4DC78
                                                                                                                                                SHA-256:A36A13A5D5E3D39E3018CCC5F8859944C87256F8BE24A3C08A6BF3CB06A26804
                                                                                                                                                SHA-512:571806725F83FECA90360B246D167A8857EDFD9EDC8DC0EF7EEEF80F291FD06088C405A5653513CB8AA309DF08CD609DF85A95E3379E3E5907566C876CA77CDE
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR.............?..B....IDATx................................................{..dg.8....m....m.Z.m..;;y...s.GI?..Su..k=.T#..#.;..}/\.g..:b..a+.....t.A}...q..hq.-.}...`:.gk....tm.$...Ax.....B....c.ih....G6L.....;...T.U0...l....~...........W....=<j.....X..O.....r.Y..-..Q..1.....q`..PC..jL...x.'9........y.b=L.m..(U........a.....W......`:.Me.jh..U0.......;..{..I..|.W..C..4...b.nt.......L..a.........`9.!..7N@.......E.?..$.._.q..6..":.+`....W.O.G>o.F.K.c..G.28..Q.....|.....m..#X......N.P..{:...1.........4...F.....w......Z89.Y.w`.L...v.DC.h'......h...[=...c.2...&ze*h..t..j...@?..cpN......0...KC.....f..F.....2"...c1..m.)y..q..(..C,.e..!w.N@I..q4.......!.A...;q..Y..sy.{...."L.p..#<...'.-8.!u.C#...O;.......y<.=....h.c<.=...5N...s....._...p,..Ia...yo....=...Y..4...t.}m@....g._.......#.M{...t........t...;.bjh..l..84.C8..z....B9..[.D.R..}...r..e.pl...~.....<.~ `...Ep..b...L.^.9..x.vB..IZH.a,k..c..L..U...M0....}.n........H..<.!..B.(Y

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-140_contrast-white.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 210 x 210, 8-bit gray+alpha, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2659
                                                                                                                                                Entropy (8bit):7.828610258666657
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:zQX9JrPPPPPPnouwOlIbylOhFARjcSY1E1y0fAiKb+Y+GzYvpSYWTX5sPPPPPPPn:z0rPPPPPPojFby+m00fAiKiySSYWTXqP
                                                                                                                                                MD5:EBE7D27ED3B4CB6566A10165ABFAA941
                                                                                                                                                SHA1:FDF7C27058CF5DAF7061756E938A33C1BBB26C3D
                                                                                                                                                SHA-256:0BD63FE653885286E180FBDF6D1DADC66AF242B8ED6BD1D03D8C5ECCC20E91D7
                                                                                                                                                SHA-512:50EC8592D78F00A6387F06E077E0DEF88DB26723C0FB8632C4EA06F2E09488DB0FB82E0EB1F03DA53F9C750F6CEBD29F7889B1DE342E4F0AE69F88C4B7B1425B
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...............V....*IDATx...{.]U}......"... .!.#..D .k..:.....5...6B..Q@+..lq.(%my.P..C-..Eb..<L5..<C!.1.$wu...f..}........5..Yk...^{.}..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)u.d.Y.b?t..Q.E.,u......$o.-..rK....nw..7..w.TF..-...5=.r....?N...a.N.....~7..7,...r..-..q.}..R....Ye#y.u...IF2...Z..6.o.F....R1<w..]T..H..zw{.k..Y.L.Fm.k.ay.W.P.....I..,5G..C..........v.]...].-R..A......1.a;J-..>E....Qe'............#^VF.J.J-.....LRe.....|....g.M.e.+<.l$gHM.l..y..T.s#.Ow.o+....=...4....P"..J...("...]...~....z...h...P.*..QD....Fg.a..7m...W.`.j..C.q...E....D........8.i..D...^c...J.,.../.&rH[M..9.4._kfzN..#..bD.....[.D.4M3.....2Cs.........._k.Z%....bs7+...wkf...'.%..D.j..!M4A.z-R.k5.....q+-.*&j,..GE......p..(.j_V"......i.M...7.....E..LUz.8>i..jm....[.T.].F.%Q.;.2.....X.x.....-...b...;EQ..dU...avR[..V...f....`,.....J........K...........NWe.....Z:YT.>..{....-..(.uvV......P.x...m..ku.)q..Z>9vU;.)..xTC........j"..ra..D..(..6...t.Ib.O.....D

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-180.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 270 x 270, 8-bit colormap, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3904
                                                                                                                                                Entropy (8bit):7.301300867894784
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:Fe0zdfrjvg/ofL7NkqKgOL6bq64wL3XtakhXSTxyfO8cg7WZUScsO62vSQ6Q4MCR:JdfrYoDdbJlXBRSMoj6H626Qr45eg
                                                                                                                                                MD5:F332E088E89B88070EF1EFBECA5B90F8
                                                                                                                                                SHA1:86129A8B1E2E7F78D6CE23C58A37FAC9DA5E566D
                                                                                                                                                SHA-256:6A8F64754C75EDCC9ABC1138E44ACBD7064D7E8E2A28783939241DBD6AFA30A5
                                                                                                                                                SHA-512:2314AAE692C024F914661E46CFD76531DA6C09B94C084FE915A0594625927DF30282D09518A950EAFCFDD2E499B1E4877CF3CDBF5509DE0CC756DADCDE43FD45
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR.............Oo......PLTE.....N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N...*....tRNS..8Uq...........jO+..D......o3.0y..b...g..a...@........_....d'...7Qp......K;..^h.\.W.../...S....-..J......&......Y..I!.P.w#...uT |....:.V...1.z%.Fn.6....N..L..$.2.?.e.s".ti

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-180_contrast-white.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 270 x 270, 8-bit gray+alpha, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3673
                                                                                                                                                Entropy (8bit):7.8322183683928195
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:nBWR5fosUcvpqnOtkeU4ghCboMmSaj+5UZy:MvHUUMnOtpz4Csz65UZy
                                                                                                                                                MD5:98B9F7A4F4322E7B46DE392FD20F66E5
                                                                                                                                                SHA1:D009D227522206C40CF592E460C9642CD03B8769
                                                                                                                                                SHA-256:A706B332E6A846357A86C30D0E8BB7697E7DD55C2AE592DD45611DDCE0C0BF14
                                                                                                                                                SHA-512:3B3E5BAF3CFC57119E0812DE2816DF6C7DCB42E96C4891E47C4F32320FD3BE2F27A0118051A6651595BAAAA30069BB1C0D78AA701744A44534CABE7547D4BECD
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR..............1.... IDATx...k.u.......:.....*.o..I..J...L.H.(a...1....6S.....b.6..2M...fD.M..TN.5..o qx....;g..}^........."""""""""""""""""""""""""""""""""""""""""""""""""""""""q2.3Qr..z..<r....D.w.2.".r.*...s.......\..)d+.XJ.A........8Vq....g...vo.%..B..._M{.a&.XZ;.|r.v%."NaN.Q..R6....c.cN..~H..M1.X..a'%.d,=iZwF2...;.l.xU.H[..i.6;q.....#.y...w...... m.$~..$...L\E...l. .IM2s5.==.%..-....|.:,.`..........<.c-.".\....l...3...j4...B.sn@....Oxb.%.....B......$...-...WC).j..ru.s+.{.2"..5.c.q.e-...;.`-O1...@.G.F3.El.'..>$...(....d....6....%.CG\.e.[8.5.!.#....`q.3.W]X.%...$y...&...DZI....K..W.x.....%.......H+.O%../..n...~....C4...9nAZ..`..F...2.S.khhtz.E.(.CX....Uf....^&J:..@....$M......(.2..U.].O'vc...mzxlm....obq.M6....,.."H...}J'\yll..,....Jx..$/..X.uH.&.].....r,P-...[9.Q...Lr:....(..>..|..;.h4V.%y.|.]...$#....[[..d...U. ..B.H9..d.26.#.w..5.b....q....oq..0Z.y.NP..1.c.V!!.D=.k1.:.?.q'-..w.]..B,P..B...|....+X....j,..2q....

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-80.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1723
                                                                                                                                                Entropy (8bit):7.769427546963699
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:MtXb2ikqrN+EMaUeTPMSEGS6CT/GF2MdJtDHBkZH39Hmgwiw:CXbzrzfUsUGS6A/ETJtHBYNG1iw
                                                                                                                                                MD5:1F2FB1BF463B2FF2BEC96784DEBFEF84
                                                                                                                                                SHA1:AE6F721AD937FE39F86602F71002435B18BF1EDD
                                                                                                                                                SHA-256:7E6B0D9EA7FDA1B5CA7A0B01290521DFF943DA4CBF1498412CA7D749DB42C32D
                                                                                                                                                SHA-512:0C92C4F75E620D0B636CFD83E89C69A44F6A96A00006FBD0B13637BA5DCC77C9B302029E62F4B80766811F31810F9C20AC1A98B65C38789951CA0E19A5BB6894
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...x...x.....9d6.....IDATx......... ..................s....P...m.m.m.m.m.6N......w.......-...g2/...)z.....K....~(^..`...j...z.^Sc.n.,.....0.VW..al6...a.....R0...k.Q..N..P.x.J[ol2..)o...A....x.....c.m;F...t.16.....L8....vb=AQ0.<.X).@....M......g.....k..,.AN...-..R......$....b..`...... %H....`6.g#..h.]q..5._.@dA..c0.;X....a.. .2...~..;.1..:.x.....q[@R....,4.w.v.._..s;.b..s.Qu5..U.|.6Zj...P..........\...qa. ..D..W.L...c.~.....A...F1g@x....V..`..,..D.=..d.i..Q...o.c...N......$.`....]...P}.G....BT. .?.......L.n..+nG./..cC.>0.N1.\.C..B..4.l./L.3....T.c.S..bf.0..t...J..!.aU..p`.....0./..}.iL.).w..hc.M..'.. ..;'.p.Rt....R.g......8.%14...S....<.Jf./@..U.h'.G.R..D.\..z.4......<....*2K.S.bj.1....=.../pd.........cfPL$7....S[.M.%H.M..W..T...ZP.aA~....D...+..~EYK.#..zOZ.]fA~...fz..].....7.>..|.........[...v..M..vb.........L....z.`.P...X..RP{.....`...+.0...l/..>...i.w...W. .....x....T...............t..+B}d*`/..+.;L...J..._...iC..pv..gA~..k.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\150x150Logo.scale-80_contrast-white.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 120 x 120, 8-bit gray+alpha, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1425
                                                                                                                                                Entropy (8bit):7.721284228612739
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:sRv0SxfL9UEp3g4/RjUG894TBRVPvhjfghucgXy2nRlWzIXQuohMU9ocyMDh:sRv0sq4/tU10XVPZjhy0Izy9srWcyUh
                                                                                                                                                MD5:17471BB63ED62A6E545B6B626A763511
                                                                                                                                                SHA1:586B9EFDE7B3A04580A49F8FE7739593D42D303E
                                                                                                                                                SHA-256:DFD1054F989CDEE25F19EA792F363F042A125CAB537A424F0224BBEE13607E39
                                                                                                                                                SHA-512:F619D963B62EDB07C8077C3C6AE60ED8D3F3DD5BB1D05A2B83DCA1A7A4A346598B055F6C7EA22E05BF281B1DE0F205F5D1054819000759D9450EE1FE8F6491AE
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...x...x......m.Y...XIDATx...m..e....}....d...9]9\...r2..L..37...S..."s..SV..].t).*.I..dh.Em..`A ...9.`......./..u.}...........v].KUUUUUUUUUUUUUU...~.p.....M.6Y..l.]...Fv..W;..o..d.l...r..{.d..r....a....r.y...@..>.z..C.l.qh............7{E:d.w.W..ZD.2[.~_..y^4.q.!./;GK......Z."s.m..9...{^.g...g...i..[$"F..x.Pj9.b[E...,.q.^.......v. w...4.I.E\....D....9......C".Q.._El0].=.Z`?.>gD....&Y-b...+E...(.f..~`..."^....Z...:\.h....S.v.v-KE,.8.....W.....Ag.V.....q..yD.<..6....x.d.N.....d..?.Q...[..".WZ&.,....v......Z...vG..k.4."...tv....".T.K.L.q..sQZ%.M3V..D...D.!.-.T.*b.n|W.u..xVl....X..._.."...n...5...W.?.1U7Z...p.>#.R.p..#QzJl.;D\..;E....Q..zl.w..wD.4 .j.u....D,.SE<..Bl.........U.Z.[D..._.4K..u.....mJ.e....&.m......-7*..X...:T.K.}..;~....."6(...O..(M..=.#.q.{..xHl..E,...v...3.`......X.[.E|S.IF......C.b.....r......9....o.\.x..WM..J..5.&.IJ......|...........q.J..!{t9L.Y.}D./5.."Vv|./4V.v....i...8Ji......ae18...>.q....0...X.,

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-100.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1564
                                                                                                                                                Entropy (8bit):7.78686155071436
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:kO3Sxd5HLMZAoBjXkaBPxrX6hzB6eCvTYJSM2nY2YptQ/ceAV5ulBbYZwix2:MLLMWcV2z8nryWY2SDV5uPsqiw
                                                                                                                                                MD5:C3722E0232EC20AC8F99CCE7A040B294
                                                                                                                                                SHA1:91CA47DA87EC045ED3EF5D97243167F08FB9E10B
                                                                                                                                                SHA-256:A333D7E4293F5269426B3FCB673A284F3708A66F957DE62403B6570B24BAE8F5
                                                                                                                                                SHA-512:71940B8431E36307BA5176939A169B9259BB6B43C32529A10A12C5EA31447BDDCCAD7EB9EF7CB309B175EE7BD56E70926BD5AA0855D0FD9497547ECD7FF93158
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...F...F.....q......IDATx.....L../..m.m.m.m.m{.._...+...d...[.|..y.'.{8..N8..N8....x0..$.iA&..d..@r........&X...../.z..../.....{..../u~....|.._4$5..4...6....q..P..D.U...u...W....o@#..j .o....j...r..MI.n..X.RI.]..W*g.g..;...|.D...2..._.#..$.....A......I..r..GOF#F...L)..P.8.....G.. .l.m..J.=(+.{..@#....CH..|.:..n.%..0..*.{...O.+.Q.ORp...7L)dxS2H..Ge....e....$..k....iJT.~...eZP..A2....g..PUB..|....v.......>..k..~h3...40.x...(.......v.%.F......vl..h`>...P...4...W4.D...\o.9...z....3]........`.}t.......XI.[z..%....S<.e... .D..TA...'.....h....l...,...$7.......0,%....I[Au"...d&?.j......,..|...~F..pB...]......L.]d.v5...U%..h:}%..._.$...X.m.....S.yL...Bc.R;K..8...*..TiP.}5.g..p..m..s].ZU....H.{P.!,..?......t.U....=m-<.a.v..I$...u.T5..LG..b]...c6.19d;k%...3......,..I.[.1..:...YN...h.*5...W..._....dL6.v.Rch..~...i.1G....|].AU.k...H.[Q.a,6.5-....Gt.9U......n(.#...D.v......_.*...@I.}...i.u.@..w.T%..*.&Y.:o.X..3.Z.m..fW..5.....D...

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-100_contrast-white.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 70 x 70, 8-bit gray+alpha, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1341
                                                                                                                                                Entropy (8bit):7.829707677562043
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:vHNfCYvjHq3yow73tnF7H1r8IR07iBa/ptAFjLmocqM3LNpi+MaG9vz:vHsY7Hq3QzT7H1r8Wr0/zAxfyLNp1Pab
                                                                                                                                                MD5:504D80D276ADCC0163A8E4720013F9E7
                                                                                                                                                SHA1:6D34A0593FFCE916CD19B66D61004FD7E7EB2CD1
                                                                                                                                                SHA-256:EBBE0B4761EA8968A0A3FAFB383AC7AE175E98CD31A0F41BDF5FCB43469B58EC
                                                                                                                                                SHA-512:9961259704FF97C0E1899A33259F62155B73264E272064F3FA90E64124513C7C8BD6AB69A39C1EFB271ECC2972AB8FD86FB836F22153A9BB35419C3816D11337
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...F...F......'*.....IDATx...{L.U......#A../.9S.&:/..%]ti...TL][Hm.n..8,gsZ..Zk....:u....lF...".I..[.H(.q...{.sx.</......y....9.9.<."""""l%.J..2.L...xFp?...?.8....:N.M..`2.i..M.uZZ+'..C......9.f.1.X.}He....b...$..V.."..'T........[.s..}..F.........t.lnK..d.5...Yr..ld..x.\...iP... ....X......a ...i.C.D.E.H.&......Y....h..G.....1..h..C..>t...$...m..+..../.<.n4.."..(w..%,.R-...t.$.?..#.QB.+.ep..-.....r3.LYo....A...1CVK..$=.ER....}.o.m<.....#....D]O 1\..}..^....,.|[..L..j..`...n.,...C.N.K..U...k..(.IF......1.....B6..X..U......oK..cvm...tP.....,lM....iAq.+...~.t..M.&...0......i(.y.Gq......Zw.,.H.|... .H...zXR...>....K... )S...E......V..H0UR*...P.....\.I......n.fj*.*|..1...U(=.....~@=.X....Hq...4.....D..4S-...x.t;.....X0.....`....j....+..X8....z.t..DV.6c.\....=Ri2.y.{ac..../Gv./....X.n..o....x..ha.d.....p..V.QRg....8...?.[Qrxo!...r....Ni.4tOHz...Ca...z.K....er....3...;....(.0..[r)6.J.3.S'..(.v....l..~t..".&Fwx..M....P....>.7.E.Z.Y.%.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-140.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2005
                                                                                                                                                Entropy (8bit):7.837796638299837
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:FtyHJuovwDhlXRvUCvqfPAuwdESKbtU04aQkClnRU8lbPxbsFIV4hEIA:FtygGwDhlX1oHO4KwCAQ9MEIA
                                                                                                                                                MD5:667BFBAAEB2D2B372B6E0D4BF4992CE4
                                                                                                                                                SHA1:4C6C2E07183963F59391945FBEE077B55F8F6B2A
                                                                                                                                                SHA-256:207519F1C7B6C7509BFEB7B55724997EEC6456C8BAF55E882E72FC5CD43DA221
                                                                                                                                                SHA-512:AC63A3DD2F6088E7849E3824C35FD58CA78EC77DC31E1F6CBD47DE7CC394318CBA7D2309912206A94180267BE057C2AF5C835424019E2A03EE33A2AB801BA9A4
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...b...b.............IDATx..........S.d..........=...F...m...5.r..........m....g{......[1..q./.D.B."......)h.a.o..x.p..r....]..\....b fR......W.a.."..Ix............58.G.G%D.....0lE..E1D.<...u<o...6>....-.`..FX....l\.....K.....{..Y........D...............B.<G.....7.5...8...\....?.!j.b..F..PH..X....8."..,..R....X...((..G.0..&~a...{..DA<v.....H.4Q.u..a..#<Bk...E ..b\@'...3...U.\..4M...o.m.m.m.m.m..$..R9......&..NMW..{..4].....m....h..y/..x....a.[e..7.ua.^.lC8....l0....1...r.&........G.......c.....d....F]...M.a&.M..V..?[..t.P.Xx...*<.(...s...'.Q....'.~{_......8....R.%..7|O.Bl......Sr....^..@..........us.".M..?x....*.T.....A....&.l........H`g..."...I}E.7..].=...C.gz........V!.EE.....7WvB.!.d..vJ...k.{?.......1.n/.Q.{.....LD..;k...\....]G..S.+....F3.}z.=F(.....$..D.[.y.... /Q..eU...]M.[r.......}.f.s..;..!...s..C...x...Y3...<....0.O.p.\..&5...f.u.....4..A..".. .lD..7.#..P.../.i. ......+...M...}/..U\...}..Ah3"t.....D...!v..V$

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-140_contrast-white.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 98 x 98, 8-bit gray+alpha, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1697
                                                                                                                                                Entropy (8bit):7.76630495035972
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:TyhJvOYkuSoLYIWawZM7SkzaacHxXgr4RzhQpKP7C:6JWiEIOuWkCxCSzhQpCC
                                                                                                                                                MD5:93223E8777B581E988B703DF82593B17
                                                                                                                                                SHA1:40A035464C27041CCC87C7935C45100D93D1C948
                                                                                                                                                SHA-256:464AFAF960C32ABDC2C3937A48BF14C5D1A819B017E719FDED591D43A65D94C4
                                                                                                                                                SHA-512:B8A3EE4A71E609625EAB51F0F6DAFCC82CC47BA2C567CC8BF73CF6423056F9171276289BFDCC8428B7C07645097664065EE9B0B78874425BFF800178222FED12
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...b...b...........hIDATx...........9.Q.f..ttS....u....%..1.a.s.!f..c.b.b.K7QFg3..Y..2M5..6:B..z9.%..N.s>9.{.=..........|.7------------..QNt.G..].E.....b.s.e..X.C...Q.b.;.p..m......g....L.\te.G\.d...F..X..=f..]y.A..\e.t....Ei''...d.X...X..7[TYh.1J..g...y....]/.,r...........mi..2.6J.6Yte.....g.....<o...;..v.T..KJm..\T....i...G.."Qe.c..1.I.T#.6...2...7.y.K.*'.....p..J.2S.V...zf..Z%b..Z.6.z._j.}K..w..R.2.Y..M...P..l..d.JG..Sm..0V..o.u.'R..6...(U.k...k.+m..i].n.ub..D.b.JwJ......-1..(. U..|.^....(."UO..z;.@,2Vi..D,...;K.NAi.."f.TO.j.XlO..}$..M6..".iC.."..MO]-..[(]"U.i..E...J.K..zn..".V..M..i....q.(=%.5...R.e...:P."..(.*U..[...M.G~C......Q3)..]o.%U.*./.c....t..:J...q..k...g...R....\...A.@.kl...H.vJ...x..../....9.:..?q...Y..":@i...4f..E.Yi.T}^.....Q..#..h.#"...4S.y.l...AiG.kl.QWI.nJ.E.F.}M.tP...9...U.f..g...../....]..U:N.{..B..A.2..i.Ru..A"..+jg.kE./Ru..R.g.D...n.q..X-b...f...b.+.q......gD.Y.....q.....t..kA.."&j..Ru..."...j..D..4n.S.wD..gG.x..

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-180.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2699
                                                                                                                                                Entropy (8bit):7.8799233652993115
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:Is+9LgA+9fj19UhKwdgrviOztr/CrWbqCLRTFxFCEEgq0Ol81sqAGz:IlSN1gBTOztr/jbzdh1y0wl1+
                                                                                                                                                MD5:704D0A2693B350E7C463B0FF2143835B
                                                                                                                                                SHA1:0313AD4C3690A590AC54552D2C27806E73776600
                                                                                                                                                SHA-256:D6367DBC074E37F3488C26B0BAD229BFE99F5C6BB0E28D37B41906C436152B57
                                                                                                                                                SHA-512:4517B2FA911149885EC5549F3173D3C774716740826873E4B2199C804B17E776A5296565930E5ACDB8D5476710A391B21E6DA8941DF64C525A487DB4619A1EA7
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...~...~......#.....RIDATx......................f..`....6..m..j#fm.qm.Am.m......%_...q.i-.>dh.........q.o!!..]...LC.TF..D.o.8...8.O..|.iLC#$PO<..1P.....wX....J..<5...$`O1.YU..g.L....<.....h....K.4Aw.....[.I...yU)....D|..x......`f..................9f....Y...p..!..E..U%...]......l.#.....#gPB.5...^C4.G.........g...5R... ......W.~H@. .*....8.....G...N.U...c....J".....YQ.m0....b.5.V.Y....:.......(W1.E...yb.,..a.bT.^.O!a...6...+!:.*..|O1......ZQ9...M.6.....!.6..O.XI...#jF..w.o.#|c...%Y.h.m.m.m.m.m.......8.qog.N.....3.}...R.....8...P.M.....].....B......3xs...:M!...K.;.mL.7l.N..=..7......sfJ.;..|Q........}:m..08...y.+.5...D..:....|8.m.]........04Z..b.......c.r....|.....m.6/..!...Y..)4._..0KY.e.[.qL.!...X ..jk.....|.....Ki....q...28...-.....<....4.d`.Z{.-]|B..3 PJ.gP.iW-..]m..61c...8.b.,.. P?&.0........A..!_k`.\.s.>.......d..R...."*<.e../.A.S .+...O.Oq.&.B.Y.6...S.!W^....... ..3.A..*...GA.uX.|[..Oh..=..[..9....l-.l..+...mM..Xu_.#)..

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-180_contrast-white.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 126 x 126, 8-bit gray+alpha, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2334
                                                                                                                                                Entropy (8bit):7.8839656878677005
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:W/zeI9zj1u/VwgVNR+vEgxOfU99BpcZlp9uqRhq4eZDU0BMK:W/zn51gxN4RxH9hUlpkAMt/BT
                                                                                                                                                MD5:39E2FCF13C20103C5F449C06D3A4CF75
                                                                                                                                                SHA1:AE8E1BCE2BE17ED450D891864E6AA22642AF39AC
                                                                                                                                                SHA-256:5D46E4056F3915C279F1FA9EDF61D93529FBCAE5C59D616380EC5D9405B7763D
                                                                                                                                                SHA-512:8E4902262B064008804D49D1B5F27BB7B8F33ECEFB05181AA69534E1D21662719DD4F8E0677C58215F6C5CA9EB4FB92FCA54A89F9720230AFBF06A70216ABF26
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...~...~.....H*m.....IDATx...{p......1\0<.%.1<........L.(.0P....R.(Hkk.3.>(-.X.t...>.Q........#P.H.JECxZ.<...5...${.7......../...g........x<.....x<u.0.Y<.f.s.r..7..1.Q.#.#...X...C|.r.......h...b.e..D.[.H..RG.q..f\.9RhV.y....<.Z..0..K.9.c.s(.C9...d=.4..YJ.V....l2..Y,.....u..kH&........rFh.Na.k8A%J..<.-D...Wc.EL'..T~.......I.........N..F...<E.Q$.*.-N2..a.D..;H Jt..%q.....ml......3L$.n..-.Ha0SX..\.#..w..28..W...Z.......Y.......o.......v5.......|...xv.X.G5m.e....tzq.e.7.G.r..Q...D2l.^....E)J..14............~..HCg8...JZ..TN....id..l...3.Vz9...` ....%3.F..v.JG'....Y...,.lc"-.K.]y...h.m.0C.I....".(Gq....g.S>E#....C..+.....].u...+..I...g....b.H....3d.S =.O,.7[...q.|.6/..U.U(.ed.,....DX{.JA}.im;..)..ld.p.*?....QK.....H..i.....#.~&=.&....pZ..&.2....J.s....p..r...y.e.....c..3.g.H.z".#....C'M.h...?......v...&"...z.e(i.+Wz].....<....?....M+s.&....d....*.0n.....s...<Ws?I....?.{...`5z3..w8.........s.B.d..K..K....LLY.j..^...a.p.~.z....-......l.dM.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-80.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1096
                                                                                                                                                Entropy (8bit):7.755097954664401
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:TDh4JYYFMId219dZt07Zcglb4iS/cFEAAabL3/006Fs:B4JBMPVEbCe/006Fs
                                                                                                                                                MD5:32D3E390613CDDBD639E70DDB2511AC0
                                                                                                                                                SHA1:C96AC088E72D756F31896B16776EF100379F802C
                                                                                                                                                SHA-256:DC20E5AA2B500CD5B5C9F89647D3487810685C94268F22678E27820E2454BB3E
                                                                                                                                                SHA-512:7381CEB8FEE84F398082177F30DC01593BEEFA729C73B0166AF686BCD25D54312B202D9243834B754769DE41E9A1DEED74CA91A76DCDA918A749CDB4F08C124B
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...8...8.......;.....IDATx...S.,I....[k.m.m.m...k.f....0..Ag5..<.w.1...r:..g.+...+........MX.k`=l......\(...........,vDq>.......x..`wl.U...x..[.....(..p...@u..z...1M../.D>...z..'vJ..U..'C.......?c:..U........GQ...,.P.T<...-..|$~....q..n=L..iF....X....q.......p.6{q8.u'*.R..C...Qg..YCN.:........#g^.R...w.......U..j...H5..eF......iO`..4r.R.[.....0...9{....u.v....X6!>.F`*.Nk.....J...5.P..}..F.\..Lk._.`.#...od..7..4!V.......-...{r.P....9^5.2.(.G..OT..<9}1....A..Q...U.{C.....o..S.....S...b....z..T...o....z..Z.xv......O|.8.....u......c...?.....u.u........p4.v`......kQ..4.....jzf.^....F..4...j:.._K.;..z]..0.0>..........|..W..Z5!6.b?....2O.....,.>.Q.y..-...._..k..w.}.V....s.o....W*..._Q...X..=Tcmc{N.P..1..j..'...l.-.?j^2..*~}Zo.J..7..F....D.91.....#2^..7.}7........$.:P..oc"6I..)n...|A..G.....l'..x..bM#.|...e.yT...k..y.]9...2.ao.z~.g`4....e0L..........t....n*.....}D.>.O..Vv..vE.Qs.\.~...s..........v.....T..7..A.9.s.]zQ...Gb.q).2....e...

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Assets\70x70Logo.scale-80_contrast-white.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PNG image data, 56 x 56, 8-bit gray+alpha, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):901
                                                                                                                                                Entropy (8bit):7.682141855410327
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:x2BZqWXRHKkqILfEDtySHnb98XPA8KWstHNMufZ4jJO2C:xZQEC8BywBmPAGpC4jJa
                                                                                                                                                MD5:E6ADD5AFC73F7B06FC2348550595F8D6
                                                                                                                                                SHA1:4D658BDDB93FA6CB423EBC61BD20DB37E4D37DB6
                                                                                                                                                SHA-256:DD6F46D32C3E235508F9E4C7D7F993BD807D955BCA7E63CF3D57C6C4C102F46D
                                                                                                                                                SHA-512:55437DFEA7F68A4572DFC86B5428CBE9DB86C0D32D0B09BA6B7B1CF8E49E5F1BB94285BBDC97D8EE00D70BA75921DB59644787C1BE1672FE37CEE09441F249B6
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR...8...8...........LIDATx...mh.e...c....#.."aM..f!Dh....eFaa......0$3.a.bS.(!..$..@%1-+.,.ge..\.9..=<...}...=..7.\'7.-////...T.2.x.F...Ur.5.v..L...Iv..-..a.1&...Y!...U.S%..a......k.V!=....'..M.Pl.F!..s.V..B8g.n..9a......Z.k.....vH..i]V.Yx.....ve:R.I-.c.d...\......S.s<.?....`....).Ab.za^.s.1....~r4[...6a.......$6.o.I.z..A.Z.HG.:.r.C..E..<+.#Q..P.J.._.xYX-...[I.'l.o.{...Q.Y.E.'.V..3...H........i'.w...........:a<...W2.I..0P8(K...IL.V....).V......=". .....;.,....F&..U$6.....d...e.T.}aK...4I.!.(.U."...,}-\G.Rx[&..O...$Kk.I$.k.[&..c......S,.v.....(.Ao...,...K[&T..|.......G.G.6a.++t\..*.?...La......F.....r9..t.U.9.DG.8.o#..j.d..L.~..;B....e.f....*,.......b{./.....N.......`.e$npL.U..f.j.I..A....Oa.^.F.N8`...xU.........@?..t%$.,...l.n)._h0/U.d.....l.C...I....R..)..........3H...N....h.9j.2.{.n_...y..m.9.5.^...H7.i.A.....e.?..R....]....IEND.B`.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\CUESDK.x64_2017.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):485344
                                                                                                                                                Entropy (8bit):5.205905061365067
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:alTZkQQzVVTgmAffw5QTzL6+75I+qZojZdJ:azkQQzVVTgmAffMQTjO+xt
                                                                                                                                                MD5:943CFEC00D31592C1B09C1086CE5B39E
                                                                                                                                                SHA1:DE211386FC16BD90C5D0D9B2527495D36424A131
                                                                                                                                                SHA-256:D2C6E0E2E2C24A1AE11A8D638A5EB11D97F0279946874D13E893AFA520DBD2FE
                                                                                                                                                SHA-512:3728349851899E36EA6B1EAD07BBCCB651661D8B76BDBB199C6B42EF9D56DB4DE9A1F7BCE55DE2AA32A9ECAD44BCC00785519F1FC5BFCF5B6A1F50551B98CE9D
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.y...*...*...*.xE*...*.h.+...*.h.+...*.h.+...*.h.+...*.f.+...*...*p..*ci.+...*ci.+...*ci)*...*..A*...*ci.+...*Rich...*........PE..d....v|_.........." .....N...........L..............................................5.....`.............................................#............`..6.......,F..."...E...p..(...@...8...................`...(....................................................text...hM.......N.................. ..`.rdata...)...`...*...R..............@..@.data....*...........|..............@....pdata..TN.......P..................@..@.idata..X!......."..................@..@.tls.........@......................@....00cfg.......P......................@..@.rsrc...6....`......................@..@.reloc.......p......................@..B........................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\manifest.json

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:JSON data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):238
                                                                                                                                                Entropy (8bit):4.824253848576346
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:v5975JVSS18iMkh26VlcmutLwyAGI/zj//gQNMC:Bbt18l+LlMLqGU/gQNMC
                                                                                                                                                MD5:442699C95B20A60470421C6A4D29960F
                                                                                                                                                SHA1:C7317F2D2414C991C21205BA3C68A187B997E3C1
                                                                                                                                                SHA-256:44844CF3DDE6E80087AE0E6BF0D9326D7EF7D23326D24AC83AF0850BE26923D2
                                                                                                                                                SHA-512:C89CF089F7FEEB80C6DED11F1FCE84287ABE8216A6E05723D1A7FAF567C501C043CD1246FF8DBEE1240D2D79C41B698EF4CC3459589E68E5BFC5BED7FC3A150B
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:{. "name": "MEI Preload", . "icons": {}, . "version": "1.0.7.1652906823", . "manifest_version": 2, . "update_url": "https://clients2.google.com/service/update2/crx", . "description": "Contains preloaded data for Media Engagement".}.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\MEIPreload\preloaded_data.pb

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):8254
                                                                                                                                                Entropy (8bit):6.795641289553097
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:bTOpyeS7AOv6EVp/m3FPKk15jjKVcOmQppXavFbeLfzrLyp:bTOk7AdEugo5jjK+5QppXaBebzrLyp
                                                                                                                                                MD5:D5E4C2634EFF8A9B3FAF432BF406D6D1
                                                                                                                                                SHA1:A691F5C9877079193C1F7DFB16DBC30BB0372EC9
                                                                                                                                                SHA-256:C6070A157B4E28D16FBCCBD233E93846DDB070C85E1A1BC64469B7A5F1424FAD
                                                                                                                                                SHA-512:B264E28AC8F111DF01C553445AADC7BCDB3F32A38A1A19D3F9D458270DFEAF80EFA7144407BD999892022AF9DDE9DBF8A0E19E7212720E1C6511EA9125AFB166
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:..@5..0@...@y@o@.AK@X@.@w.!@.@.@.A.A.@.@B@.@.@.<A.A2A_..6strea.....kpo..anim..^...elo.tele..g....pan..bancidiz...don...Ikor........D...ap.cuem...ukleren.squl......ve..vco.. ....sten.tid..+v........dou...myvrs..=bb.jl..#streamfai..P2...nkk........10...f..R527......p...7............85.231.223....11.90.159.13...movie..w23serie...3tv.co...h...pla...00mg...bstrea..W93.178.172.11...49.56.24.2...........secure...|qo.....routk..nitetv.roge..}map...ndavide..ci.t...view.abc.ne..O...j....lianonlinenetw............r..'oora4liv......8.topgir..33.sogirl..rshow12...ayospor.......mc..s...k......sian..nime.c..n......prof..ba..Mtochk..Zkra..Tg...-....K............@.'..2.vos......m..rig...r.. ......@g..>..........perpl..)...tualpi...gintvgo.virginme...eo...mbox.skyen..@aplay.O.E0B...d....W......portal.jo.._...e...ma..........Lsearch.ya...frida......a..Qhnex..jvarzes..ey...........e....y...d.tv...stfr......l......seigr..U...d...q.....z....serial...r...cuevana..Amovistarplu..a.......f

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\Resources.pri

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3072
                                                                                                                                                Entropy (8bit):3.118957212117411
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:Whs+6rek/gF1A6Gbi+4eTy8iPTUucUITUuqQTUGUQTUsITU6UQTUQITUuUQTU0I0:WWnep/FFLxPoRJo+oGpoBo6po1oupop0
                                                                                                                                                MD5:400817D0A91767CB830767AA94383F31
                                                                                                                                                SHA1:73F36C895190223F94E4D52657F14454B2BCBA44
                                                                                                                                                SHA-256:35D92C86C1C054D1C03F4E58B83681BBFD8573143EE5E4CFB4CBD788A1FFC107
                                                                                                                                                SHA-512:2216DFC65E24961A18A4622FF6D8D8A1330283E64477A0E44BAC5B8F9A4CB5690FC90F598BBC152214EE6AA8770FE6608C4C809EC6F2CC73547D8166603B3E15
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:mrm_pri0........ ...............[mrm_decn_info].............8...[mrm_pridescex].........8...H...[mrm_hschema] .................[mrm_res_map__].............@...[mrm_decn_info].........8.......................................................................................................................................................................................................................................W.H.I.T.E...8.0...1.8.0...1.4.0...1.0.0.............8...[mrm_pridescex].........H...........................................H...[mrm_hschema] ...................................U^........m.s.-.a.p.p.x.:././.O.p.e.r.a./...O.p.e.r.a.....................L.......................F...........A...........O...........1.../.......7...!...................................F.i.l.e.s...A.s.s.e.t.s...O.p.e.r.a.P.R.I.C.o.n.f.i.g...x.m.l...7.0.x.7.0.L.o.g.o...p.n.g...1.5.0.x.1.5.0.L.o.g.o...p.n.g..........................................[mrm_res_map__].........@.......,.......................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\assistant_package

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2973528
                                                                                                                                                Entropy (8bit):7.995948649674358
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:49152:npr0nnDiGZgF23VzfajZEGXGt+TR5P/H2iYyhQivUa6Ta7q1nt89qtTme/dLnUgq:nKnDhZgqajZEqZHXWi7+Tau1ntuiVL9q
                                                                                                                                                MD5:128F7E7285E953D6EA26A318D7A7403A
                                                                                                                                                SHA1:6423142BE97D4719C8A0F775EA73569E233200DF
                                                                                                                                                SHA-256:550C9209EEA87801ECEC9B2435BA7C5BF333DF38BBFFEE4BBCF4CEF2D0F9FCBE
                                                                                                                                                SHA-512:0018FE73D26BB17877F69AEE8D480A3DD51A55C3B3E1904990889314A04D829D87E78381475EDD0BB23597DCB4323FA379A5395342EA9D117750D3E3693059CD
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................@.-......................................b.......................5-..)...........................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\cb3aa22f-8954-4c6a-8828-0b23d4eea54f.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):405802661
                                                                                                                                                Entropy (8bit):7.083358086913577
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:5A0409605B7CD1C21C44D2AC71C71610
                                                                                                                                                SHA1:D08FC7214FE9BCF860DC8ABEA9C7A0049263BFF4
                                                                                                                                                SHA-256:2BE333D303ED3E5FDE88637A5DFA0AF56E5047A7413B7E6B3D372A7DE7C8BEB5
                                                                                                                                                SHA-512:4D2BF9BB50C98F39CE5B4E116D2F73E33090037CC529121D445F66E90527C71D6FBE2C11EBDE36CF5F4AD49EB4500E2751AA273800F93F549458EECA30E3431F
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='107.0.5045.79'.. version='107.0.5045.79'.. type='win32'/>.. <file name='opera_elf.dll'/>..</assembly>...PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......g

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\d3dcompiler_47.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4927400
                                                                                                                                                Entropy (8bit):6.402970220950094
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:49152:VCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNh:0G2QCwmHPnog/pzHAo/A6
                                                                                                                                                MD5:DD88837D51ECE6061718CAE0A638BB60
                                                                                                                                                SHA1:02987B303D9F27C7FC8A093C0CCA32112E9ED1B0
                                                                                                                                                SHA-256:AB6FD3AB40931DFD337C5D4D34B95F44A0BDD44D56507D740D97278AB254139F
                                                                                                                                                SHA-512:B2C7F4FEB2D323DEC2455710F6B04EF9642803FEF02936DBE5A09FC00453F8CBE2CE2E93BA2E5CDE537DAF7342BB14D6C0D49D1700AE86C8C2310863E3FB338E
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.......L...`A........................................`%G.x....(G.P.....J.@.....H.......J..O....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxcompiler.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):21868960
                                                                                                                                                Entropy (8bit):6.5327904051612276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:393216:IkwXSvzEhmbfrZV+m2iG890hvCUD/GVJkshSB:KvN/GVJksAB
                                                                                                                                                MD5:B4B0BB9DC73D5D4B45E35B5CEBB46609
                                                                                                                                                SHA1:6CD3DE6BC604180F7E3BE7F052F0D1BC67ED7605
                                                                                                                                                SHA-256:AA5D6EBC4765063FBA4D02D24D9FC4B5845D5C8F86418EF7B8514B3C05EDA306
                                                                                                                                                SHA-512:44DA8661C4C6368FC046C99916B2109EB763B7D9EDBEA66B1EB70A651C018DEED91C8EE2F3269B10591ECFC082C85D43E6ECA555BEADBD1B83C898ABC1B2CCA5
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ..........F......M.......................................@N.......M...`A......................................... .p...H. .x.....M.......B.......M..)... M.....DD .8................... B .(.......@...........p. ..............................text............................... ..`.rdata...~;.......;.................@..@.data........@B..n...0B.............@....pdata........B.......B.............@..@.00cfg..8.....L......4L.............@..@.gxfg....0....L..2...6L.............@..@.retplne......L......hL..................tls..........L......jL.............@..._RDATA..\.....M......lL.............@..@.rsrc.........M......nL.............@..@.reloc....... M......rL.............@..B................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\dxil.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1519000
                                                                                                                                                Entropy (8bit):6.516243319485896
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkrT:LCfhbh3v3mtEAQrW41obCraeRhy9ou6p
                                                                                                                                                MD5:044B9B2A5E1CEA24BDEF3A3A81C9B9D6
                                                                                                                                                SHA1:E96670C0681507CC9926CB475AA28A8C9BB7D529
                                                                                                                                                SHA-256:3FAA3A0B1DD6AD2BA2855D6F82376E223B18A51A39159F5923F2AA33668211E4
                                                                                                                                                SHA-512:A1A41B79884A615D226F744960F666BD2991835A796117278C7D8426217F384A127DC6040C04B1F4BB2707B5BB4464C562CED3881A8FDED6C02263C23B358C1F
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@AC.. -.. -.. -.OX).1 -.OX... -.OX(.. -.VU(.. -..R,.. -.. ,.. -.OX$.. -.OX-.. -.OX.. -.. ... -.OX/.. -.Rich. -.................PE..d...'..}.........." ........."...............................................@............`A............................................l...l...P............`..t........O... .......o..p....................o..(....m..@............................................text...\........................... ..`.rdata..F...........................@..@.data....{.......T..................@....pdata..t....`......."..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4186
                                                                                                                                                Entropy (8bit):5.234993793603558
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:t0/Rtp7yTf85XZyITJhowbO7VtiORFnbwU:Gaf85XMbwbOHiORFnbwU
                                                                                                                                                MD5:2DC8E2607CA1F7C321FB559287B7CA22
                                                                                                                                                SHA1:C1C7BF3A567FD2D24C348C3C954FEC3E00F96AEE
                                                                                                                                                SHA-256:269738732DC4756D0955EF9BBA7DE3A4DD025C0A868EE84E3FFC486817F63672
                                                                                                                                                SHA-512:080FD30D024EC21B7E50BBDB2FFD69E7E700B2D923171BFC2E47C77E510D663F5DAAFD702017A61C6D399E17705678E182D5F0BF53505181D864F533EEA22FD1
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:107.0.5045.79.manifest..CUESDK.x64_2017.dll..MEIPreload\manifest.json..MEIPreload\preloaded_data.pb..d3dcompiler_47.dll..dxcompiler.dll..dxil.dll..fonts\Inter-Black.ttf..fonts\Inter-BlackItalic.ttf..fonts\Inter-Bold.ttf..fonts\Inter-BoldItalic.ttf..fonts\Inter-ExtraBold.ttf..fonts\Inter-ExtraBoldItalic.ttf..fonts\Inter-ExtraLight.ttf..fonts\Inter-ExtraLightItalic.ttf..fonts\Inter-Italic.ttf..fonts\Inter-Light.ttf..fonts\Inter-LightItalic.ttf..fonts\Inter-Medium.ttf..fonts\Inter-MediumItalic.ttf..fonts\Inter-Regular.ttf..fonts\Inter-SemiBold.ttf..fonts\Inter-SemiBoldItalic.ttf..fonts\Inter-Thin.ttf..fonts\Inter-ThinItalic.ttf..headless_command_resources.pak..headless_lib_data.pak..headless_lib_strings.pak..icudtl.dat..installer.exe..libEGL.dll..libGLESv2.dll..localization\bg.pak..localization\bn.pak..localization\ca.pak..localization\cs.pak..localization\da.pak..localization\de.pak..localization\el.pak..localization\en-GB.pak..localization\en-US.pak..localization\es-419.pak..localizatio

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\files_list.1711737405.old (copy)

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4186
                                                                                                                                                Entropy (8bit):5.234993793603558
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:t0/Rtp7yTf85XZyITJhowbO7VtiORFnbwU:Gaf85XMbwbOHiORFnbwU
                                                                                                                                                MD5:2DC8E2607CA1F7C321FB559287B7CA22
                                                                                                                                                SHA1:C1C7BF3A567FD2D24C348C3C954FEC3E00F96AEE
                                                                                                                                                SHA-256:269738732DC4756D0955EF9BBA7DE3A4DD025C0A868EE84E3FFC486817F63672
                                                                                                                                                SHA-512:080FD30D024EC21B7E50BBDB2FFD69E7E700B2D923171BFC2E47C77E510D663F5DAAFD702017A61C6D399E17705678E182D5F0BF53505181D864F533EEA22FD1
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:107.0.5045.79.manifest..CUESDK.x64_2017.dll..MEIPreload\manifest.json..MEIPreload\preloaded_data.pb..d3dcompiler_47.dll..dxcompiler.dll..dxil.dll..fonts\Inter-Black.ttf..fonts\Inter-BlackItalic.ttf..fonts\Inter-Bold.ttf..fonts\Inter-BoldItalic.ttf..fonts\Inter-ExtraBold.ttf..fonts\Inter-ExtraBoldItalic.ttf..fonts\Inter-ExtraLight.ttf..fonts\Inter-ExtraLightItalic.ttf..fonts\Inter-Italic.ttf..fonts\Inter-Light.ttf..fonts\Inter-LightItalic.ttf..fonts\Inter-Medium.ttf..fonts\Inter-MediumItalic.ttf..fonts\Inter-Regular.ttf..fonts\Inter-SemiBold.ttf..fonts\Inter-SemiBoldItalic.ttf..fonts\Inter-Thin.ttf..fonts\Inter-ThinItalic.ttf..headless_command_resources.pak..headless_lib_data.pak..headless_lib_strings.pak..icudtl.dat..installer.exe..libEGL.dll..libGLESv2.dll..localization\bg.pak..localization\bn.pak..localization\ca.pak..localization\cs.pak..localization\da.pak..localization\de.pak..localization\el.pak..localization\en-GB.pak..localization\en-US.pak..localization\es-419.pak..localizatio

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Black.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter BlackRegular4.000;git-a52131595;RSMS;Inter-BlackIn
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):414140
                                                                                                                                                Entropy (8bit):6.13273327924002
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:s3unFMi82w/+qnJWPziKSQSzzY6XqYQ0rBfmPbPGxGl36DNoAmFFhGj3k4yhP18:s3uV82wWqsPziK4zbBOPb96DNAV8
                                                                                                                                                MD5:4154321279162CEAC54088ECA13D3E59
                                                                                                                                                SHA1:5E5D8C866C2A7ABFD14A12DF505C4C419A2A56F7
                                                                                                                                                SHA-256:6BDEBEB76083E187C7AE59420BFC24E851EDB572E1A8D97C1C37B7B2DC26148C
                                                                                                                                                SHA-512:04CA175774CBE3F2D83543C01CC388E2715AB7B1378143DB41BACDC7E7EDDF05D3BEEF476F6ACBE7DDEB34861984EFB5FD7F299EC1820697C440B372D258AEE7
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEF.m.v........GPOS<.,... ..@.GSUB..B..F...]@OS/2 .....\...`cmapL.........d.cvt P.....A....&fpgmb/....B.....gasp......A.....glyf.3.J......U.head0%.a..^T...6hhea......^....$hmtxE.)...^...-.loca.;w....h..-.maxp.t.....$... name.i-....D....post}.........xprepldhL..P..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-BlackItalic.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter BlackItalic4.000;git-a52131595;RSMS;Inter-BlackIta
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):422324
                                                                                                                                                Entropy (8bit):6.159556140030877
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:PtBc7UQ0dNXWqSBQVUWrqIWqH70TVMYydoAF4N0ELhwnftLu+hNHzFxo5spvD3+p:Pt2+dRWqgVrwYygLhwnfhjh9fZ78
                                                                                                                                                MD5:C5C41F7587F272A4C43A265D0286F7BB
                                                                                                                                                SHA1:916224C963D04B93ED54CE7C201108F398E7E159
                                                                                                                                                SHA-256:D549110689CDDE0821CA2C7148F7B47A097166B4169786A4A9EDE675F5CE87F3
                                                                                                                                                SHA-512:D4B4D01088D9F506368DC19D709B4BA6BE764929B0DD05775841E14CBBEC674F216B81515AE529E95ABFD22ED2F3E2D2774363DD4284C8C8B57D203599555F76
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEFj.`i........GPOS2-........?4GSUB*|.@..D<..[.OS/2 .B...,...`cmap^.........d.cvt O._..a....&fpgmb/....b.....gasp......a|....glyf5.........|.head0;.`...4...6hhea.......l...$hmtx..4.......-$loca.........-(maxp.D......... name!.,.........postz.........}.prepldhL..p..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Bold.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 35 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInterBold4.000;git-a52131595;RSMS;Inter-BoldInter BoldVe
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):415072
                                                                                                                                                Entropy (8bit):6.167283324857092
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:k9zC2w597PziK+bSvkK3sgUN8HkC48AeIVMhQ/8:e4iK+6I/8
                                                                                                                                                MD5:8F2869A84AD71F156A17BB66611EBE22
                                                                                                                                                SHA1:0325B9B3992FA2FDC9C715730A33135696C68A39
                                                                                                                                                SHA-256:0CB1BC1335372D9E3A0CF6F5311C7CCE87AF90D2A777FDEEC18BE605A2A70BC1
                                                                                                                                                SHA-512:3D4315D591DCF7609C15B3E32BCC234659FCDBE4BE24AEF5DBA4AD248AD42FD9AB082250244F99DC801EC21575B7400AACE50A1E8834D5C33404E76A0CAAC834
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEF.m.v........GPOS\.N.... ..KhGSUB..B..P...]@OS/2 ..........`cmapL......(..d.cvt L.....E0...&fpgmb/....FX....gasp......E(....glyf(.........OXhead0|...bh...6hhea. ....b....$hmtxDt....b...-.loca.0.....|..-.maxp.t.....8... name.D.....X...Vpost}~.......xprepldhL..Td.............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-BoldItalic.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 34 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInterBold Italic4.000;git-a52131595;RSMS;Inter-BoldItali
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):420068
                                                                                                                                                Entropy (8bit):6.194498558176303
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:xg28OmWqgaGeWLF7k/oONd1P+yyZQl/xFiwRi98:SZG17k/oOX1PXyqCwRi98
                                                                                                                                                MD5:C4C47E3D7ED51A6BB67B7B8088A4B0E3
                                                                                                                                                SHA1:B190F4E4E8F838C46FFE9507D966EA4D8B37D8CE
                                                                                                                                                SHA-256:5E606F805A71432D4875DE7DAB737BF9DEA1187090F0A5190DA9B1BBAB09F57C
                                                                                                                                                SHA-512:B4251618479C52398CA71CFC61AD88230A14145771EF1085AB9288486D7BFC841F0EA222909F8BA6882DB6076DF26BFE37E1C23917569270C86D6E7ADEE7CF13
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEFj.`i........GPOSU..F......IFGSUB*|.@..NP..[.OS/2 ......@...`cmap^.........d.cvt L.....X....&fpgmb/....Y.....gasp......X.....glyf.L.K...0..i.head0....x....6hhea......y....$hmtx...T..y<..-$loca..OH...`..-(maxp.D........ name..........bpostz.........}.prepldhL..g..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ExtraBold.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ExtraBoldRegular4.000;git-a52131595;RSMS;Inter-Ext
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):416228
                                                                                                                                                Entropy (8bit):6.155971405270021
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:3VpTx/VCC2wfBsJWPziKSQVE58IqsfnHGR4tGX5/2nHTAl84RSnj3k4yhT18:3Vp+C2wfBDPziK+4suO49lfR98
                                                                                                                                                MD5:5061BD7701B1B3339F0C80E69A2136E4
                                                                                                                                                SHA1:4A028F1FA4DBD6B4BFBFEEC4A5B5E222A005B563
                                                                                                                                                SHA-256:3C13487B8F2EBA0A78CAD4CEFD19272B0F4E53D61C223E6B266DDF0B332E9F1C
                                                                                                                                                SHA-512:65875F9F205CD70D2E1B86FBDA2AC8875637E0B3E0BB37ADE9DA20717B0F17D2108A0CF2AA1B246AFFD73BEA233B510D37D13193801D94E5148D3EC4159653DC
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEF.m.v........GPOSB...... ..KzGSUB..B..P...]@OS/2 |.........`cmapL......<..d.cvt NY....I....&fpgmb/....J.....gasp......I.....glyf.B....$..S(head0R...fL...6hhea...X..f....$hmtx:4.7..f...-.loca.>b....`..-.maxp.t......... name(.2X...<....post}.....4...xprepldhL..X..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ExtraBoldItalic.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ExtraBoldItalic4.000;git-a52131595;RSMS;Inter-Extr
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):422904
                                                                                                                                                Entropy (8bit):6.1847822896243585
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:EMPffL+f3H4g6WqgDVHqLhDj+359q7z8O8:1khq9Dj+3vrO8
                                                                                                                                                MD5:CDEF819CDB20F81FEB8A2ABDEBE9CDA0
                                                                                                                                                SHA1:EB61A79464DE3932A2D892BF50AD0270BE5791E2
                                                                                                                                                SHA-256:6A2CF89B061033C76C3CD7451113F3D8D29CE2C2E80B273FD60F9474E3927CBC
                                                                                                                                                SHA-512:04DE3B444603887E130870DC9FFF2F6798D737EA77A376C0A6D62C9114709F7891C95FA1BDDAB70FF055EBF127C6584CAECC594659F2E8596E72DA9D62D625E5
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEFj.`i........GPOS..\>......I(GSUB*|.@..N0..[.OS/2 }..... ...`cmap^.........d.cvt N:....c....&fpgmb/....d.....gasp......c.....glyf..........t8head0h....H...6hhea...x.......$hmtx.)........-$loca..MD......-(maxp.D......... name+i1.........postz...... ..}.prepldhL..r..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ExtraLight.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ExtraLightRegular4.000;git-a52131595;RSMS;Inter-Ex
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):409996
                                                                                                                                                Entropy (8bit):6.169466966393304
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:XmzU22mZrPziKScOkpPSb+sv9wKKpuLpuSZAoM8:yiKcFyKK9SZ7M8
                                                                                                                                                MD5:B7E44012C53F3BCBF154C7C4784FCC14
                                                                                                                                                SHA1:101ABFE1C234D9E29504A55C7B5911F7E20E9425
                                                                                                                                                SHA-256:944F65A7C6CDA135C370559E9D7347BFDD45A579FE4DD1EF8BA5BC679BCD961D
                                                                                                                                                SHA-512:67808D6BDAFE9BCF5576DF234C93611BC827D868DD9F0D064E801DDA5EFE67883637746458B3A0E51B4B394913C3AC47F56C5C055B3FF013ABEBB66EC9A7716F
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEF.m.v........GPOS{...... ..<^GSUB..B..A...]@OS/2.$.........`cmapL...... ..d.cvt D.....1\...&fpgmb/....2.....gasp......1T....glyf.I........I.head1....M....6hhea......N ...$hmtx......ND..-.loca.M.x..{...-.maxp.t......... name+.3.........post}F.........xprepldhL..@..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ExtraLightItalic.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ExtraLightItalic4.000;git-a52131595;RSMS;Inter-Ext
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):415636
                                                                                                                                                Entropy (8bit):6.1951511440882685
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:327hgoK+yjo8AiWXWqSBCVUWR2kg4yODRVP8UPLumxDaAan+LHvKLMQyaInxFfmo:323K+tiqWqg3FkgdW3xDayLi78
                                                                                                                                                MD5:9E18D79ED628E74CA5E2EE3BFD6446BD
                                                                                                                                                SHA1:BF763C5CC7C91BFEC5E8E42499CA20AEF4C8B942
                                                                                                                                                SHA-256:BB5488DEFD018CF6CEA85B431A40991F0AB8939C39025E835E809160DCD912A6
                                                                                                                                                SHA-512:35A128E169D7CBC551C0337D78996E2061F8165E1B61870634A1EE6715199507F5FA140177C8A821401EAA765FC16FCC73E0180A21004803F6FC69EF512737F3
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEFj.`i........GPOS>.uG......:.GSUB*|.@..?...[.OS/2.%.........`cmap^......D..d.cvt D.....Gd...&fpgmb/....H.....gasp......G\....glyf*#:]......f.head1....f....6hhea.w....g....$hmtxe2.{..g4..-$loca...d...X..-(maxp.D......... name-.3z........postz[.<.....}.prepldhL..V..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Italic.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 34 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInterItalic4.000;git-a52131595;RSMS;Inter-ItalicInter It
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):412848
                                                                                                                                                Entropy (8bit):6.2017904291058406
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:C2vSKsOi+1iqWqgfYs0S2S7vWAlcBJPH8:1PqIS2S7v3lcB98
                                                                                                                                                MD5:118ABBE34A2979B66D6838805C56B7CD
                                                                                                                                                SHA1:7F320CB81660FC6DFF9CC5751F8FCC0134847C77
                                                                                                                                                SHA-256:D054D998AE12BE33820B100E0ED3923D513FA5C79C6D4E7CA1953AFEB262EA9B
                                                                                                                                                SHA-512:5BCAD4A03CED2CE76C5EBF78CD2C1328A4EE27019807F56A48BF8A0F936C57F351F10726C176952F0CF08776A5CE53D34C14D6A848925BE2789408A61678F381
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEFj.`i........GPOS.}.......7.GSUB*|.@..<...[.OS/2.........`cmap^.........d.cvt H.6..<....&fpgmb/....=.....gasp......<x....glyf........._Lhead0..i..\....6hhea.?....]....$hmtxF)...],..-$loca.k6....P..-(maxp.D.....x... name...........>postzz.{......}.prepldhL..K..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Light.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter LightRegular4.000;git-a52131595;RSMS;Inter-LightIn
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):408364
                                                                                                                                                Entropy (8bit):6.1740190502785195
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:oeroPfXwF22mZ8JWPziKSQYfW0LXYveHt+47O3YqF5nxeU2h8jjXVymj3k4yhb18:ovw22mZzPziKYW0jYves4I2n8
                                                                                                                                                MD5:FF5FDC6F42C720A3EBD7B60F6D605888
                                                                                                                                                SHA1:460C18DDF24846E3D8792D440FD9A750503AEF1B
                                                                                                                                                SHA-256:1936D24CB0F4CE7006E08C6EF4243D2E42A7B45F2249F8FE54D92F76A317DFD1
                                                                                                                                                SHA-512:D3D333B1627D597C83A321A3DACA38DF63EA0F7CAB716006935905B8170379EC2AAB26CB7FFC7B539CA272CF7FB7937198AEE6DB3411077BEDF3D2B920D078A3
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEF.m.v........GPOS,F.P... ..=<GSUB..B..B\..]@OS/2...2.......`cmapL.........d.cvt F..,..*....&fpgmb/....,$....gasp......*.....glyf:;........B.head0....G....6hhea......G....$hmtx..Zi..H ..-.loca.&9...u...-.maxp.t......... name..-.........post}U.7...|...xprepldhL..:0.............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-LightItalic.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter LightItalic4.000;git-a52131595;RSMS;Inter-LightIta
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):415024
                                                                                                                                                Entropy (8bit):6.199271793956543
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:BgWQyjI8Ai+XWqSBxVUW+EuzZKKH+XgoniJ2D5L2kZSVbnN90oGPP3+4yCT18:BgWQtiiWqgsR3n+XgZJ2xqu58
                                                                                                                                                MD5:4B1FFAD3C0075AF22674765FF1EE2F56
                                                                                                                                                SHA1:1F7B05D0ED1C6C15736115A59AD844ADEA5F1F66
                                                                                                                                                SHA-256:FE3714926082AC5764327E3B67AE52CB6F0CF6B8C4221C064A6CACF821079414
                                                                                                                                                SHA-512:427DB3FE5860676FAB65A9B895D205620A1EC0AA172F45AA9ECEF261820E25B84F3413BC5D0A9D0C1311422A8DA1F5706AC4F6211A60AACC82974CF00FF036A4
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEFj.`i........GPOS...C......;\GSUB*|.@..@d..[.OS/2...S...T...`cmap^.........d.cvt F..$..E....&fpgmb/....F(....gasp......D.....glyf..t....D..clhead1 ...d....6hhea.i....d....$hmtxU.b...e...-$loca.......0..-(maxp.D.....X... name!A-....x....postzj.\...X..}.prepldhL..T4.............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Medium.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter MediumRegular4.000;git-a52131595;RSMS;Inter-Medium
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):411500
                                                                                                                                                Entropy (8bit):6.179950752404769
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:D0RV3jlWkDOh9oC2wuhsJWPziKSQlRiFy34YmkCD9oI0+msvMlwt5BO2x28YzWDQ:D9SxC2wuhDPziK2yIYmkCCIPmsHI8F8
                                                                                                                                                MD5:A473E623AF12065B4B9CB8DB4068FB9C
                                                                                                                                                SHA1:126D31D9FBB0D742763C266A1C2ACE71B106E34A
                                                                                                                                                SHA-256:1BDA81124D6AE26ED16A7201E2BD93766AF5A3B14FAF79EEA14D191EBBD41146
                                                                                                                                                SHA-512:1FBC2841783140FE54F3AB1FA84E1DED2534BCEC3549ADE2F513491B32178DF515BD63A0A4A2C35017A6850FF9C3A24F8602357D912ACF8CA92B8D68BA846D3A
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:............GDEF.m.v........GPOS@@..... ..J.GSUB..B..O...]@OS/2.P.........`cmapL......d..d.cvt J"....7<...&fpgmb/....8d....gasp......74....glyf......L..A.head0....S....6hhea.c....T0...$hmtx......TT..-.loca..........-.maxp.t......... name ./.........post}m.g.......xprepldhL..Fp.............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-MediumItalic.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter MediumItalic4.000;git-a52131595;RSMS;Inter-MediumI
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):417780
                                                                                                                                                Entropy (8bit):6.206431815755074
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:/DRFemw/pjVeXWqSBpVUW8KOA8HiQ109P0GJrMfsVwGSkSdnMgVIwZp3+4yCr18:/DKmChCWqgkJKy6zMfsdUDv8
                                                                                                                                                MD5:9A21378C7E8B26BC0C894402BFD5108C
                                                                                                                                                SHA1:72BD9F3CA75CA691CE86FE1EBBDB269F5F737BAE
                                                                                                                                                SHA-256:0D34F9588400A586B774BE97E66AE8C076A8807B8455DF0587B39D2A4A1A3B42
                                                                                                                                                SHA-512:4A9D23A01F1A7474E0339D4D8B151D0269BFAF7D9E13FF6AA34D7F929002E8FF185F273E6F7AFD2D40DF3E0630A962DC7767D870DCF1766F3E04B8029A7B452E
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:............GDEFj.`i........GPOSNc........H2GSUB*|.@..M<..[.OS/2.Q.....,...`cmap^.........d.cvt J..}..O....&fpgmb/....P.....gasp......O.....glyf...Y......aLhead0....oh...6hhea......o....$hmtx......o...-$loca.l........-(maxp.D......... name#..y...0....postz.........}.prepldhL..^..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Regular.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 35 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInterRegular4.000;git-a52131595;RSMS;Inter-RegularInter
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):407056
                                                                                                                                                Entropy (8bit):6.1736927573676335
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:sSnv4lXwF22mZ8JWPziKSQUmeKGVOOxAdgwH9evDFDynor51EOO2UAGbzxSr1w7b:sSvJ22mZzPziKwLOOkvH9IQoUf7P08
                                                                                                                                                MD5:FDB50E0D48CDCF775FA1AC0DC3C33BD4
                                                                                                                                                SHA1:5C95E5D66572AECA303512BA41A8DDE0CEA92C80
                                                                                                                                                SHA-256:64F8BE6E55C37E32EF03DA99714BF3AA58B8F2099BFE4F759A7578E3B8291123
                                                                                                                                                SHA-512:20CE8100C96058D4E64A12D0817B7CE638CEC9F5D03651320EB6B9C3F47EE289CCC695BD3B5B6BF8E0867CDAB0EBB6E8CAE77DF054E185828A6A13F3733EDE53
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:............GDEF.m.v........GPOS,ta.... ..9.GSUB..B..>...]@OS/2..g.......`cmapL......p..d.cvt H.H..%....&fpgmb/....'.....gasp......%.....glyf..L...X..A.head0..j..C....6hhea...]..C8...$hmtx......C\..-.loca...X..q...-.maxp.t......... name...V.......npost}e.V...`...xprepldhL..5..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-SemiBold.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter SemiBoldRegular4.000;git-a52131595;RSMS;Inter-Semi
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):413976
                                                                                                                                                Entropy (8bit):6.169175161562876
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:SMPc0C2wQtzPziKFfAi2bNru42U5CB1c8:5hiK9AiENr/2UYc8
                                                                                                                                                MD5:4D24F378E7F8656A5BCCB128265A6C3D
                                                                                                                                                SHA1:D48310D2F04C57AF1BCE0851E053BE7B58B25DCA
                                                                                                                                                SHA-256:0DC98E8AA59585394880F25AB89E6D915AD5134522E961B046CA51FAD3A18255
                                                                                                                                                SHA-512:38B18D9786046633E4992308C88F11CA5CED325F805EB29B3000533459E85DFB6CD87655F1E285AF8DA22AC04722AB354DBDA24667297B56CCA824EF227373F1
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:............GDEF.m.v........GPOSd]..... ..KPGSUB..B..Pp..]@OS/2...........`cmapL.........d.cvt Kt....@....&fpgmb/....B.....gasp......@.....glyf.8........J.head0....]....6hhea.A.h..]....$hmtx{xJ...]...-.loca.!R.......-.maxp.t.....\... name%.1....|....post}v.w...h...xprepldhL..P..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-SemiBoldItalic.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter SemiBoldItalic4.000;git-a52131595;RSMS;Inter-SemiB
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):418520
                                                                                                                                                Entropy (8bit):6.2010032658690255
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:0UW00H2WqgwJA65hgQ0Yp9nyu8qIzoGS9U8:FWwJAuGQ0Yp9n5szrIU8
                                                                                                                                                MD5:04551623D1023398FD3DA941E920D727
                                                                                                                                                SHA1:92789CCC0D76C04D86685F9F0529731D2DC38852
                                                                                                                                                SHA-256:1E1289453D7A895CFB73569D4851634C8B0E49D150C4DD52D44BF5D206908272
                                                                                                                                                SHA-512:8017346110AEE84614FC0D9A9B39505F042E23659BE367C8A84301DC6E41C3DD93A464E88DCDF06F10B3B3AC85E975BC69EB464ED4CD784309564836289D412C
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:............GDEFj.`i........GPOS..j......I:GSUB*|.@..ND..[.OS/2.......4...`cmap^.........d.cvt K_....R....&fpgmb/....S.....gasp......R.....glyf.......$..c.head0....r4...6hhea......rl...$hmtx..Q...r...-$loca.n........-(maxp.D......... name(u0.........postz.........}.prepldhL..a..............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-Thin.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ThinRegular4.000;git-a52131595;RSMS;Inter-ThinInte
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):403404
                                                                                                                                                Entropy (8bit):6.15775244572357
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:FZbewyXwv22mZ8JWPziKSQQQbdiJNnL1qIPQyC4JRPeQQFgppInr/qwAWJBIF072:FZCU22mZzPziKPd6PQgcgpa/nMF07J8
                                                                                                                                                MD5:B97F16379B4C106616F60F702733F5C6
                                                                                                                                                SHA1:85C472FB9A7F256643BC4BBA10F158DFAA1D1E8B
                                                                                                                                                SHA-256:4C392DCC8AD916F0F9DF7559AB5563B01DD94F9F3B2DB34617FE392E00060339
                                                                                                                                                SHA-512:D124AF2C705B97CBB307497F88C47A5F7D320174D48626EA14AC27D42BCF8016F32810CF7ECB6AF1261297B8C331A6EA89E2E35C3E2536390D8D6E500ED8D61E
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:............GDEF.m.v........GPOS...... ..6.GSUB..B..;...]@OS/2..........`cmapL......L..d.cvt B..........&fpgmb/..........gasp............glyf5?.$...4..6<head1..i..4p...6hhea...-..4....$hmtx..6Y..4...-.loca......b...-.maxp.t.....@... name..,z...`....post}6.........xprepldhL..&..............................................................I...K...........................................J...L.Z...].f...i.w...z.|...~.................................................(...*.,.../.0...2.5...8.;...=.N...P.P...R.V...X.q...s.s...u.v...x.y...{........................................................................................... ...).).........0.3...5.5...:.:...<.?...A.C...K.K...M.M...Q.Q...S.T...[.[...].]...j.k...p.q...............%.%...).D...G.I...U.V...Z.b...d.u...x.z.......................................................................................P.P...i.............................................................`...c.............................................................!...#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\fonts\Inter-ThinItalic.ttf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 38 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter ThinItalic4.000;git-a52131595;RSMS;Inter-ThinItali
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):410232
                                                                                                                                                Entropy (8bit):6.191384356621797
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:nm0XOI8wiWXWqSBNVUWI9Wd4EZDSwKBUMimozkhBiv98svLAYP0wJShe3+4yCL18:nm1GiqWqgwbMd4EZDDpmokGllkYMdQ8
                                                                                                                                                MD5:12EC66B825B504D752E8C333BF81DACF
                                                                                                                                                SHA1:56896D3E6011466B7E6631C714C57E20EE8366D9
                                                                                                                                                SHA-256:5FC09AF94A447FAE6F82C00F15DFAEF9EAE7C560E6CBE46D3E84524019A574AA
                                                                                                                                                SHA-512:8CB838589AC4F9819B7E2204517445DF94663D3217297212973E8B2D9FECE162155130DDC783E7E89EF2832D38BACE731B2AE3B73AFF36AD782C707813BC52B4
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:............GDEFj.`i........GPOS.n.t......6RGSUB*|.@..;\..[.OS/2.......L...`cmap^.........d.cvt B.....2H...&fpgmb/....3p....gasp......2@....glyf.,....<..U.head1<.h..R....6hhea..._..R<...$hmtxt.<...R`..-$loca.?w.......-(maxp.D......... name..+.........postzK........}.prepldhL..A|.............................................................*...,.....................................;...>.H...J.X...[.]..._.`...b.y...{............................................................./...1.1...3.7...9.R...T.T...V.W...Y.Z...\.c...e.|...~............................................................................................................. ...".$...,.,.........2.2...4.5...<.<...>.>...K.L...Q.R.......................%...(.*...6.7...;.C...E.V...Y.[...g.h...m.n...q.s...........................................................................1.1...J.d...f.g...n.n...p.p.........................................A...D....................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\headless_command_resources.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2889
                                                                                                                                                Entropy (8bit):7.9306579237637775
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:IGAlAoYphRTc/LR6nfEGlsX+bW+eeyYsO5EtDF3a8MnXULZACcb/+0TKw8uYsyKF:EcphRItAs43bW+ee6OiFMXqnoLT0NYis
                                                                                                                                                MD5:1F9CCBBBFC1E065FCE62137DAB8630B3
                                                                                                                                                SHA1:D653C3F32C11155B9F0B7DA1B7FAD78F4D3A22F9
                                                                                                                                                SHA-256:27B61CF817E6274437C8F9D22E03F05F3D78DB32A29D0DE7E0C39E642E78EF3F
                                                                                                                                                SHA-512:D37972843971A0D2BB1B06B8D059323E35CE449CCD89F08A8A87E938781430CC6DBFFB5FFB5500FE530B544118769F5378B8343CFE135B7AD640525A16B1E045
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.............m.....m......I.............-.1k.0.....Kv....h........."=G*.^....Uqo9...R..1g.w..mqv..e.~.x...,+..[.<.8/...!..........6C..tTR.@..P.Xq....-_#O.........4`.P......|...J.5........~.8.6...p.:..l.].l.Y._EY...................N.H....H...4&.>...%@.F.P..V......].r.........6!.(mW....)..#.nh.X2......j....U...-..v....#R"..:.......^.d.i..t.A.z;?.....r...[f..Y.n1.T..)P..:Fg.G'..'..j...6.8:.<.+.0...Y..%....s.1...8.+HH.......c..:D/....w].h...;t..q..........4.)f=m...i....\...y_..3.0.....|fH...........%.0V.n...6c.......W.W...Dj...O.30....i.....8.....H..J.o.P.)2U.BC!M5..X.T...$.-..R...8C..j... . .fb9...Aa.....X.....v,.._4c.k..qJ.... .4Z^.*pe..@..g.]9..x..........n"......n..v!.'..[.. _4.^...YS.vS@-%..6!..r..4.1P....!.......5<......)....0.....B:.G,="..M..y..8".......q1C@7[u.tn......#...UE.o..P$...f.I."....f6...1.e.8..+B.N..Q. ..fQ...<$.)........D....kQ..m...K(.........sZ)...6-.C..<<DQ.n1...4..L/c+_.......Kr4.....Q:H....H=...-._>A..."h.(.....@.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\headless_lib_data.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1028288
                                                                                                                                                Entropy (8bit):7.978101123188429
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:3SHKqVVG7/dOMJlcFDAh1y+cBtoO0TOxuGtY1waxNU:CHKyG7/dR2ZpHBKOxA1C
                                                                                                                                                MD5:03F57C15087DB4F21D3F1CA51A2D26D3
                                                                                                                                                SHA1:74F44C7870F87CA82B670D8EE3B4F891D6390F3D
                                                                                                                                                SHA-256:281152795AC7FF1993729468D45EED78B724F886AFAD24528DE2EED240A66C4F
                                                                                                                                                SHA-512:FD728E9A8E988F01AF5999AC165CD0745A1F605F217D81FFE7A338FC0EDA60C8D76E572E6945DB16409D355085C7EC00F341DAA032C4204EFC789E169F129BB8
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........u...f.0...........C..................)....%...............<.................4...........-.......................w....n.....n.....nZ....n.....n,....n.....n.....n.....n.....n.....n....n....n6....n\....n.....n.....n.....n.....n(....n]....n.o...n,....n}....n....n.....n....n....n....n.....n.....n[....pR....p.....p.....p.....q.....r.....r9....r.....r.....r.....r.....r.....r.....r.....rX....r.....r.....rX....r.....r.....r.!...r #...ra%...rK&...r_*...r.0...r.6...r.6...rs;...r$>...rH?...r.@...r.A...r.B...r.D...rkK...r.L...rKP...r9\...r.^...r.j...r....r.....s.....s.....s\....s.....s&....sR....s.....s.....s.....s.....s.*...s.+...sx;...s.u...s2v...s.w...s.x...s.y...s.z...s0{...s.... s.....}.....}.....}.....}&....}.....}w....}^....}H....}=....}.....}.....}.....}.....}v....}P....}%....}.....}.....}w....}.....}U....}.....}.....}.....}.....}K....}.....}.....}U....})....}.....}.....} ....}.....}.....}W....}.....}.....}_....}.....}.....}.....}.....}?....}.....}.....}.....}K....}H....}..

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\headless_lib_strings.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3148964
                                                                                                                                                Entropy (8bit):7.9797214008707
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:49152:gubH3aVcrwso1yyrwz3yCo7X6sFiSMLbivc8qJKIRQ/u8SDEIHjcW/99w:gubH3aGRogyrwry9w9L2UYI2mB6
                                                                                                                                                MD5:A2A88F134B6A41245A7FD6881F2BFDA6
                                                                                                                                                SHA1:C55C6DA16E04AF692D39587C5F11BED31BF1EA07
                                                                                                                                                SHA-256:6F74802AF7F9F435D8853AA2131131751DE19FE7FFE91AFC7E203543D4E718C5
                                                                                                                                                SHA-512:D7BE69FCDFFD56FBFCC0C208AE5EA8A19FACF2E3A5AA1896A49155221A38D74A3C4441BDFDA9901FEEEBBE0B4231DF4D6B0DEE999D9D7F41858B5C3FD35EC071
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........b.}...Rn...._n....qn.....n.....n.....o....fo.....o.....o.....p....dp.....p.....p.....q....dq.....q.....q.....r....Zr.....r.....r.....r..../s....Xs....fs.....s.....s.....t....&t....wt.....t.....t.....t....Vu.....u.....u.....u....Hv.....v.....v.....v....$w....kw.....w.....w.....w....:x....fx....qx.....x....:y....|y.....y.....y.....z....!z....0z....nz.....z.....z.....z.....{....Q{....r{....~{.....{....&|....X|....k|.....|.....}..../}....;}.....}.....}.....}.....}....E~.....~.....~.....~..........J.....s.....~...........9.....w......................<.....R............................\......................,.....s......................J.....e.....t................=.....M................*.....B.................\.....j..........&.....].....z................H.....W............................i......................X...........................................................................$...../.....3.....:.....D.....l.....w..............................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\icudtl.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):10750576
                                                                                                                                                Entropy (8bit):6.281341985010261
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:196608:oQPBhORiuQwCliXUxbblHa93Whli6ZU6WOH:oMwkDliXUxbblHa93Whli6ZkI
                                                                                                                                                MD5:5784C2B7CA4736D45F771838D3DDA6E2
                                                                                                                                                SHA1:82A1CD2E1221044773ADDF27A32575DF6C06ADF1
                                                                                                                                                SHA-256:3A04D42D8C3149F2FC9350A16BDF2354FDDA46D68E3BA1ACE727E6DA2D98D17B
                                                                                                                                                SHA-512:5E465A22EA41658A9A910FDBCE276E805A2D6FD4D042750E96F3AB95A5C92C5EEAA76A160F745AA66B44AB8EB3FCC37FCFE5907AE19E16EE2FBB2C10CB82104B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......F......,F...0..?F...1..RF...1..bF...9..uF...9...F...j...F..0k...F...k...F.......F.......F..0....F.......G......G......+G......>G..`...QG......dG..p...wG......G.......G.......G.. ....G.......G..@....G..0....G.......H..@..."H......5H......HH......[H.. ...nH.......H.......H..0....H.......H..@....H.......H.......H..@....I.......I......%I..0...8I......MI......eI..@...zI.......I.......I..0....I.......I.......I..0....I.......I.......J...3..$J..`3..7J...3..GJ...g..ZJ...h..mJ..Pk..}J...k...J...k...J...M...J.......J...$'..J...0'..K..01'.+K.. 8'.EK..p8'.\K...@'.sK...A'..K..@F'..K...H'..K.. K'..K...X'..K....(..L....(.$L....).=L....).\L...Y*.~L....*..L.. -+..L....+..L....+..M...W,.7M..@.,.NM..0.,.lM....,..M....,..M....,..M....-..M..`g-..M...h-..N...T/..N.. ./.>N..p.0.UN....0.qN....0..N....0..N..P.0..N....0..N.. /0..N..p/0..N.../0..N...[0..O..@\0.$O..

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):6949792
                                                                                                                                                Entropy (8bit):6.814706947908496
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:+g3JY5poHR/dVh6txfG1loZO4FSrn2vTjg:L3JY5pmR/sfGzoZ1Fs2I
                                                                                                                                                MD5:21AD4599ABD2E158DB5128F32D3CC4EE
                                                                                                                                                SHA1:64B4A4E84AB7E68BAD798643162B88CA4678338B
                                                                                                                                                SHA-256:F7CB5A7A18FE1102A2F591B6AD7B79C68C972742DE2F34691771C1E9BA6BD82D
                                                                                                                                                SHA-512:52F5F1B39F4887BA4EC31593F4392D0F8381CDBBD233A22CA2A326F34DFF446477334ED7D8F4C9DBD3462D60BB7021C52F4CE9920530BD7AE21C40BCFAEEBC17
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."...........d................@.............................pj.......j...`.....................................................P.........b......;....i..)...`j.(...|...8...................`...(.......@............................................text............................... ..`.rdata...d.......f..................@..@.data...PJ....... ...h..............@....pdata...;.......<..................@..@.00cfg..8...........................@..@.gxfg...P&... ...(..................@..@.retplne.....P...........................tls.........`......................@..._RDATA..\....p......................@..@.rsrc.....b.......b.................@..@.reloc..(....`j.......i.............@..B................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer_helper_64.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):616864
                                                                                                                                                Entropy (8bit):6.224717035550476
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:N+AWKhweCwL/Xn5lKDdbJRgbOmAR7/XvNk1I/KY2Oiul8ohseUWdZT:N+AwwLvnPKDdYgRLvi1IJt8oudWdZT
                                                                                                                                                MD5:298D95DFE54364E5D864916D8B42B57B
                                                                                                                                                SHA1:9714235D3D26B46B35CE1F7FFEBC4D280591BB52
                                                                                                                                                SHA-256:03D73AF7132EB077586ECA4E0E6AF7BC60A04A01D241A3960093C290E302E73F
                                                                                                                                                SHA-512:629CAE4CF987EA91DA82B5CEE7AFED55B3D7FDA71ECBB12614FE4B3211B1F4B3321AE596D5F5C8A9A2C611320181ADED7A50690A6E5875DC73E5977C7FE64AD5
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."......(...........x.........@..........................................`..................................................a..x.......P.......0E...@...)...........Z..8...................pY..(....A..@...........`f...............................text....&.......(.................. ..`.rdata..\....@.......,..............@..@.data...............................@....pdata..0E.......F..................@..@.00cfg..8...........................@..@.gxfg...p$... ...&..................@..@.retplne.....P.......(...................tls....1....`.......*..............@..._RDATA..\....p.......,..............@..@.rsrc...P...........................@..@.reloc...............2..............@..B................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2304416
                                                                                                                                                Entropy (8bit):6.440570911194646
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:49152:bCbc+v3neoFjYL1yOWK6NAxq8N0+cP27KIE:0v21yyxhI/
                                                                                                                                                MD5:D737A64C835D918DBE53B2C7724488FF
                                                                                                                                                SHA1:E5C7003AB10328E95D015AA75C08479B4CC1005F
                                                                                                                                                SHA-256:E8ACDD3FDF21ACE7F2A5A1A82CE5655A18FC52FC81D354A5FF685AA868FE1A98
                                                                                                                                                SHA-512:D6E90B9B32B2C5D3FEB0012E3A5BE5AA6E27801FECDE87BEF64D7BB8A23FC5BBDDE2A60A42F001B7515188B8BF23F8C959308C465F88FB62798814611021BAAA
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@..............................$.....x*#...`.........................................`...b.......h.....". ....P!.......#..)....$.H.......8.......................(....S..@............(..x............................text....,.......................... ..`.rdata..0....@.......2..............@..@.data....A..........................@....pdata.......P!.....................@..@.00cfg..0....@"....... .............@..@.gxfg..../...P"..0.... .............@..@.retplne......"....... ..................tls.........."....... .............@...LZMADEC......."....... ............. ..`_RDATA..\.....".......!.............@..@malloc_h......".......!............. ..`.rsrc... .....".......!.............@..@.reloc..H.....$.......".............@..B................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.exe.1711737406.old (copy)

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2304416
                                                                                                                                                Entropy (8bit):6.440570911194646
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:49152:bCbc+v3neoFjYL1yOWK6NAxq8N0+cP27KIE:0v21yyxhI/
                                                                                                                                                MD5:D737A64C835D918DBE53B2C7724488FF
                                                                                                                                                SHA1:E5C7003AB10328E95D015AA75C08479B4CC1005F
                                                                                                                                                SHA-256:E8ACDD3FDF21ACE7F2A5A1A82CE5655A18FC52FC81D354A5FF685AA868FE1A98
                                                                                                                                                SHA-512:D6E90B9B32B2C5D3FEB0012E3A5BE5AA6E27801FECDE87BEF64D7BB8A23FC5BBDDE2A60A42F001B7515188B8BF23F8C959308C465F88FB62798814611021BAAA
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@..............................$.....x*#...`.........................................`...b.......h.....". ....P!.......#..)....$.H.......8.......................(....S..@............(..x............................text....,.......................... ..`.rdata..0....@.......2..............@..@.data....A..........................@....pdata.......P!.....................@..@.00cfg..0....@"....... .............@..@.gxfg..../...P"..0.... .............@..@.retplne......"....... ..................tls.........."....... .............@...LZMADEC......."....... ............. ..`_RDATA..\.....".......!.............@..@malloc_h......".......!............. ..`.rsrc... .....".......!.............@..@.reloc..H.....$.......".............@..B................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\launcher.visualelementsmanifest.xml

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):317
                                                                                                                                                Entropy (8bit):4.996593526126476
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:ejHyaVic4subiL/bWHMjizddDhkQwYZXXKmJfFmkQwYEbghuPYEpwhugVFQ:eF8iDbWHMjizd2O/fbrghuP5whuQFQ
                                                                                                                                                MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libEGL.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):480672
                                                                                                                                                Entropy (8bit):6.407077061099877
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:7AIY0X8PU5lauzzHfkgJvPAFrmFNVcPif2csfraP3qHH:7AIhsPUjauzzHfNVFNVcPO2cq+P3qHH
                                                                                                                                                MD5:F4CD4AC3B97BFECC0B1B204BB02A6D44
                                                                                                                                                SHA1:246FDEB112A0CD651C23D455232EB7F8D31ED41D
                                                                                                                                                SHA-256:42089A9C43D4715413A971F3E9B0F01B718A5FC7DC220A87608297635E2758D2
                                                                                                                                                SHA-512:3574CC3C24BEC63523D5B70158AFFFF720C40E9E62266F113A69B4C11AC9308F27B6A87D39555C0AB546111019667936D54AADF929C55EA225DB7A28A260A8A2
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .........$......................................................6`....`A............................................h...x...(.......H........A...,...)......H.......8.......................(...@!..@............!...............................text...z........................... ..`.rdata....... ......................@..@.data....K....... ..................@....pdata...A.......B..................@..@.00cfg..8....@......................@..@.gxfg... &...P...(..................@..@.retplne.................................tls....!...........................@..._RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..H...........................@..B................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\libGLESv2.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):7640992
                                                                                                                                                Entropy (8bit):6.489540842464174
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:r/5OeM37DfzKVyOzyWblxFz4t/BpTSE+b6rlTDYP1TSU3Xm3y4t1FDe:r/1MLzmVNzB6rZG1TVCy4t1F6
                                                                                                                                                MD5:0948651B610250144369FB114E0A1597
                                                                                                                                                SHA1:662165F38925C712024D36847FAFC55F705E9C8A
                                                                                                                                                SHA-256:D98F9E4FA6DEE9EA08E8760C594600E280C5A7AF5E552BA65446081FBBCD4966
                                                                                                                                                SHA-512:5DAE8D0C597FDA5D62F2D2A3437EFFCE415457EFD9DB3D842ADC4AEB3BFE08D48151F14AECE25D81824268BDCFAA0069A4A74F5319393D49624060C13831E391
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......Y..T......P}F......................................pu......^u...`A..........................................k.......l.d.....t.......q..Y...nt..)....t.....\vk.8...................0uk.(....1Y.@.............l.......k.@....................text.....Y.......Y................. ..`.rdata...]...0Y..^....Y.............@..@.data.........m......vm.............@....pdata...Y....q..Z....q.............@..@.00cfg..8.....t......`s.............@..@.gxfg....,... t......bs.............@..@.retplne.....Pt.......s..................tls....B....`t.......s.............@..._RDATA..\....pt.......s.............@..@.rsrc.........t.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\bg.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):809086
                                                                                                                                                Entropy (8bit):4.792072887577772
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:JOEtuS31gRhcQ7E6N/fhIhIK6g2HK2JwZLvY2zQkECEUiVbMqqulWKVDVLts37Nz:JOpSs7xAI5K2JwZLvYT9UiVbbqxKVDV8
                                                                                                                                                MD5:069435B6240FD89EBDC05353CEFE1ADF
                                                                                                                                                SHA1:62CACFD36CC03F692E37BDB285873D02653C5020
                                                                                                                                                SHA-256:09A3501A3332D4609353C57C23F8A27BB1A215A9E07B52BC65E819C261DD6CDB
                                                                                                                                                SHA-512:D65C8439D88440A85D5FC78581B506A7461DFBD0463F8538870C016FFD90C3D4A728E6666CD05BF72363B45647065783CC10CD3BBDE0DEC3EE63F89DD2E01907
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........y%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.2...w.?...y.E...z.T...|.Z...}.l.....t.....y...................................................................................,.............................W...........................................................b.........................................j...........|.....*.............................2.....z.....d.....).......................X...................................U.....h.....A...........$...........Q.................^...........A.....i...................................K ..... ..... ....t!.....!....H"....g"....."....z#.....#.....#....s$.....$..../%....U%.....%.....&.....&.....'.....'.....(.....).....)....e*.....*....3+....c+.....+....k,.....,.....,.....-................./.....0.....0....<1.....1....X2.....2.....3....M3.....4.....4.....5....D5....26.....6....G7....|7....l8....G9.....9.....:.....;.....;....C<.....<....X=.....=....K>.....>....'?.....?.....?....#@.....A.....A

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\bn.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1039857
                                                                                                                                                Entropy (8bit):4.3831224078899185
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:kbt+7m0FhX/ShdYH1/RFb/sHFe1XCqoEgFM:o+7pWghbyFK9dF
                                                                                                                                                MD5:EA60EE4E0F963ACEB074A516B2D6ADFB
                                                                                                                                                SHA1:7B053259B20E300ED7DA840C50742DEFE3123193
                                                                                                                                                SHA-256:65916DEDD8DF9C32471C2FBDFD368F4EA4AD6FA69CB7DF129BCA130481793DBD
                                                                                                                                                SHA-512:F9683D4C4CC33D9EB2DD2101DD547A405AB8B62448D0C950E9578F3677248D3303C232948EA25341A0AE7DCA86C2E20AC5B2194A97E93D1BAC07BB67FCAA1B25
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%..e.....g.....h.....i.....j.....k.....l.*...n.2...o.8...p.E...q.K...r.W...s.h...t.q...v.....w.....y.....z.....|.....}...............................................................................+.....`.....................................................I.......................d.............................2................. .....X.......................5.....\.....:...........&.................h.............................;.......................O.....J.....4.................".............................u.................. ....&!....j!.....!....%".....".....".....#.....#.....$.....%....D%.....&.....&.....&....*'.....'.....(.....(.....(.....)....C*.....*.....*....b+.....,....V,....|,.....-.........../...../.....0.....1.....2....[2.....2....}3.....3.....3.....4....s5.....5.....6.....6.....7....h8.....8.....9....-:....y:.....:.....;....?<.....<.....<.....=.....>....-?....f?.....@.....A.....B.....C....JD....LE.....E....VF....8G.....G....aH.....H....gI.....J.....J.....J.....K

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ca.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):513027
                                                                                                                                                Entropy (8bit):5.432519176352726
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:JQFmiLH+7C6ybGbf1bCCrz+W58rmUUkcvKOl3nRWgZO5F5i3RoCQrGyTSHNBe935:yHJ/8atIRF1kJd0njPYX
                                                                                                                                                MD5:18326F23AA856DC640E52CF3118C9B8E
                                                                                                                                                SHA1:8546BBFB20FDB9D385724B838C6B5F2D320F615F
                                                                                                                                                SHA-256:ACD7EA2DC2A510147CF37405194FCB95113E0A51EF2EC962C2E428EE8E2B0115
                                                                                                                                                SHA-512:7F6689389423A850009199EBEBE364A0360D9A39FAAFEDC51F9D4BE7E75142F498536B4F585AD55BB655571875DC6BEB73D562A0CFCFEE443640832A99A5F3D6
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........q%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v."...w./...y.5...z.D...|.J...}.\.....d.....i.....q.....y.............................................................................F.................@...................................{.................].......................a.......................X.................!.......................{...........1.....W...........).....k.................9.....p.................b.................^...........B.....h.................I.....e.................%.....5.......................(.................-.....B.................*.....>.............................h.......................K.......................k...........!.....=.................!.....@.......................c...................................,.....g.................+.....D................. .....5.................C....._.........................................= ....g ..... ....6!....i!.....!.....!....""....J"....]"....."....5#....u#

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\cs.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):507732
                                                                                                                                                Entropy (8bit):5.86532539438707
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:IfAC3uuuNLX9rbVQnmVzYSUNOfs8SB08QJs+mLJ1XiLqvL4OQp:C/yBNrbVDVzYSUNOU8SVfC
                                                                                                                                                MD5:B41A26054D8E72602A9AB7C697678F96
                                                                                                                                                SHA1:8BCF77844B545F9AC8CED0D86F3F6B0416C5F5A2
                                                                                                                                                SHA-256:174AC36585B8F6C2C1822AEE05E1FB4EC73E984846D5DE29F2B849F7900EAB65
                                                                                                                                                SHA-512:18E6B530CFC63F4AABD29DBE0D69F71514673706A5E997A67E5EB3AA26AD482FB50B736F92BF8781A7C5951D64CAB89368DDD84B4054EB86AA8DC78BF72AB078
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%H.e.....g.....h.....i.....j.....k.....l.!...n.)...o.....p.;...q.A...r.M...s.^...t.g...v.|...w.....y.....z.....|.....}.....................................................................................,.....A...........o.................M.......................z...........R.....k...........P.......................f.......................U.....}.................e.................K.................<...........#.....\.....t...........G.....|.................|.................K.................(............................._.......................@......................./.......................C.......................>.......................3.......................K.......................w...........:.....Q.............................b.......................h.......................n...........#.....Z......................./.................B.....W...........1.....r.................x.................V...........'.....H...........+ ....U ....j ..... .... !....E!....Y!.....!....3"

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\da.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):470889
                                                                                                                                                Entropy (8bit):5.495569110921885
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:t0boyL+ytCnoN90zVWilNMzPZJTd46RGw2wEzZhxqENiB3n47A7De+AHpsMclpHr:tfyLNHNCMzxR7SqENil/AKdTHr
                                                                                                                                                MD5:CBE27BAC580522BB951F8BBAFFBCAD3B
                                                                                                                                                SHA1:5668179351E705F10A24EF9464382BA6152C8B10
                                                                                                                                                SHA-256:9793C9F49DE1B1362C0DA4618BFFBDC5FACE9942E301A0B7FCF0E4E9E72D5535
                                                                                                                                                SHA-512:912408F1CD830E7BFF3AF1D7568FBC419DFC07A6FDFE15769632F7CCEBA7837380D71F6D84009C756044950005D050ADAA704B6925D2EC510E5874715798AA47
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........T%..e.R...g.Z...h._...i.p...j.|...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.+.....3.....8.....@.....H.....P.....W.....^.....e.....f.....g.....i.....w.......................+.......................`.................'...........3.......................l......................._.......................G.....q.................H.....w.................}.................F.......................m.................&.........../.................,.................*.............................g.......................@.......................+.......................1.......................*.............................i.......................R.........................................C.......................'.....{.......................X.....u.................m.................=.......................=.......................U.......................Q.............................(.....^.................Y.......................3 ....O ....\ ..... .....!

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\de.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):512947
                                                                                                                                                Entropy (8bit):5.526944497993563
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:SqDFDzwXNn6LeN5U2ztCaXdzlbBtCS94LlS5lmkVQAUDM:S+DzwjUWCatdCS91eRM
                                                                                                                                                MD5:9326997FFB3A1039FB8BFE9D66DE9917
                                                                                                                                                SHA1:EE70119DE4FB4C5385DA1D0F79CACB77D43CFBA2
                                                                                                                                                SHA-256:D8A2DDACEA96640CBC7144F662282DC2B0CF0A8B7DACE957BEE32C69D31830DE
                                                                                                                                                SHA-512:97E69AC95BF078647220935A76882728F9C9410513CBABFDAD3A2CB990C7B6C47DE62591A41A77048636DA8A070E5786AAC0B8044097A1C0255BA2A031F957F5
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........$l.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.......................................................................................................................n.................C...........;.........................................X...................................-.....A...........G.....~...........0...................................O.....`...........b.................I.........../.....I.............................m.......................~.................*.................).....:...........G.........................................F.......................o.................(.................R.....d.............................j.......................d.......................b...................................U.................V.....t.................p.................; ..... ..... ..... ....}!....."....U"...._"....."....|#.....#.....#....X$.....$.....$.....%....t%.....%.....&.....&.....&.....'

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\el.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):875935
                                                                                                                                                Entropy (8bit):4.880943970317316
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:2ykN6BN08fjsCKG9w+ZzD2xEEbvL7Ffrk+mIeJFlmfPPpqpWbIzK0Yt2cd8ZKoMZ:2EBN08fjsCKG9w+ZzD7EbvL7Ffrk+mIL
                                                                                                                                                MD5:6F6CCD956162C7BC4C9A38AB6B036370
                                                                                                                                                SHA1:C7D3EA4F2C5DCE0169E01FDC90AF07B991BD76BE
                                                                                                                                                SHA-256:6C9BA5EBF7A1047858350D08FB108C6A47F413B97F716999C38AD04C50429667
                                                                                                                                                SHA-512:952BC5E564FA88F808A5FD9E13B38D82034E4C89C027E8AE1D39B9938B9846CA4FC576912F58E5574C2500D9FE84158C14AC70A50C49785C0A64DD463B22B4CB
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........B%$.e.....g.6...h.;...i.C...j.M...k.\...l.g...n.o...o.t...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....a.......................8...................................Y.................k...........I.....l.......................~...........d...........*.................).......................P.....X.....R...........!.................2.....M.....4...........b...........~.....9.................#.............................j.......................?.................M...........; ....w ....R!....,".....".....".....#....X$.....$.....$.....%.....&.....&.....'.....'.....(.....(.....).....).....*.....*.....+.....,.....-.....-.....-.........../...../.....0.....0....>1....w1.....1....P2.....2....>3....k3....X4.....5.....5.....5.....6....;7....w7.....7....i8....+9.....9.....9.....:....V;.....;.....<....9=....T>.....?....C?....D@....+A.....A.....A.....B.....C....rD.....D....^E....(F.....F.....F.....G.....H

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\en-GB.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):414723
                                                                                                                                                Entropy (8bit):5.552932998647449
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:U0929nnBblkE8JSQr6BcGRgwCfDyv2QKus46d92WR2:U4Qw3JFrQGii46lR2
                                                                                                                                                MD5:99B9B49CAE689E3561C827EA02635F9D
                                                                                                                                                SHA1:2CAF079F32362D22D68BE858159F265409D18E32
                                                                                                                                                SHA-256:7063979166F0B1A0ABA5B4E090D702808BB62D9326A518BE86EA4BBB2E6E96A2
                                                                                                                                                SHA-512:73D74789E4CE260F0D5C370AB22F3ABC2804B60D4EE9E3FCF2BD85C761DAD135E08EFC4316583FB82A03821B364313996380653C4699192749063AD0EA259141
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.!...q.'...r.3...s.D...t.M...v.b...w.o...y.u...z.....|.....}.............................................................................................................7.....J......................./.................+.....A.......................*.....v.......................<.............................J.....o.................=.....r.................+.....\.....j.................,.....<.............................r.................&.....e.............................?.....^.....h.............................n.......................O............................._.............................G.....R.............................t.......................m......................./.....k......................./.....P....._.................8.....^.............................b.......................Q.......................L.......................s.......................x.......................B.............................^.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\en-US.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):417185
                                                                                                                                                Entropy (8bit):5.550011130613742
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:uEI84cHEA33RyrZngn/OsiwYzSyvepwG326O9bUR2:uN8BpcrIiwSlC26PR2
                                                                                                                                                MD5:E41F1594692F65CF99502F40582C82D7
                                                                                                                                                SHA1:7787AE80BBC73CC16E8E8118838DE2A3971AF2AC
                                                                                                                                                SHA-256:4FD95212B6ECBDC1C58388148EA2314CE5EA5BCD11BDDF05E51B14404D2746A6
                                                                                                                                                SHA-512:80047E2312B48ECF68BD3A7AF1D38F23ACB390293F8B31656D5DE72F9DD71A574D17DAB3656B34DFD513673CC876E2BA464BDA58BF420D5D9B7E5B8F049077D5
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%..e.....g.....h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...q._...r.k...s.|...t.....v.....w.....y.....z.....|.....}.........................................................................".....4.....D.....U...........).....q.................'.....X.....h...........'.....c.....y.................L.....a.......................).....r.......................:.....{.......................j.......................X.............................Y.....i.................).....4.................?.....S.............................1.....l.............................5.....A.............................|.......................G.............................L.....t.......................6.....A.................:.....O............................._.............................a.......................6.....k.......................(.....7.............................u.......................q.................-................. .....=.............................a.......................,.....y.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\es-419.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):502335
                                                                                                                                                Entropy (8bit):5.40727042571361
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:Dd4SYg2R2cJwZCXizXu2ndN/Bm+LJgwbYf+cwdyEcG2Bj1B3F9iBHKvI4:54SYgg5izuINx3cwdyzYqvd
                                                                                                                                                MD5:2966795E0B931BADB32374A6244B7868
                                                                                                                                                SHA1:7744C5801BAEC1B76EDE8A9429CA35C6E3BF55FE
                                                                                                                                                SHA-256:720014CD29A97B1C911DD887BC69D3833178211C882E72109FDF391CC6C2C499
                                                                                                                                                SHA-512:85D263AC49D7E3280CE14C9E614A10AB666F5BA3AE8EAAEB1228356DDA11D38A5A84A7CC30272D5A9012E305A797F4BBCE987D72AF4E811A072F30C90EB92BEE
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........v%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.-...w.:...y.@...z.O...|.U...}.g.....o.....t.....|...........................................................................................................r.................c...........@.....^...........K.......................K.....u.................E.....m.....~...........x.................w...........+.....U...........2.....w................._.................2...................................s.................1.....`.....{...........&.....T.....c...........%.....[.....q...........N.......................j.......................`.......................E.....u.................M.........................................b.......................l.................S.......................{...........2.....s...........".....H.....b...........#.....X.....q...........>.................3............ ....1 ..... ....7!.....!.....!....,"....."....."....."....>#.....#.....#.....#....@$.....$.....$

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\es.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):498817
                                                                                                                                                Entropy (8bit):5.394334592286179
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:tkh0VbOA9k8812cjsjiHa/HJTP6PZOk8jOwgcXg1+y183yOY+KnTzP1X7jHUoEWh:tkh0VbOA9k8Li6/H3Dz683yp7jXXI9E
                                                                                                                                                MD5:7C3587F68CC1E3984A6604B26E746759
                                                                                                                                                SHA1:5DBCDC4804311429C2CE463CD9F59EA0810C38C3
                                                                                                                                                SHA-256:8F984030BCE1792A4C6AAA7813A12B25DE55018741EE0B4A8A684247B08C4753
                                                                                                                                                SHA-512:918CECAD97C3DBE3E6FF93E3132CEB94231F23C7694B6C5AD9B92E9D2C93B5067C9F006D0FEF791F63E53BD7EC2C73EC4B37C6A057520CAEE486EC9FF653A5C6
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........j%..e.~...g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.!...y.'...z.6...|.<...}.N.....V.....[.....c.....k.....s.....z...........................................................w...........o.................l.................X...........H.....b...........E.......................W.......................X.....................................................8.....V.................q.................R................."...................................S.....x...........-.....`.....v...........".....J.....Y.................R.....h...........4.....g.....z.........../.....c.....o.................M.....X.................0.....:.................'.....7...........%.....l.................<.....h.................6.....].....|...........c.................#.......................u.......................i................................... .....:...........N.................Q ..... .....!....E!.....!....("....i"....}"....."...."#....H#....[#.....#....,$

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\fi.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):467188
                                                                                                                                                Entropy (8bit):5.475064085956737
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:RV1s819a+fI/2BEqWaVufYfZhuQ/bOYd2YlVtcKXrGkc1JQ:ly2GmrEIr
                                                                                                                                                MD5:A9ACAB0B24DFACE9A64E78369836F851
                                                                                                                                                SHA1:FF2A3BF13F3F79056591D557CC229E0F3F2FFE5E
                                                                                                                                                SHA-256:5658D14A4754922E98CBC9017FB90E013CE9B1FF2EB87C58419ED3E98AA00178
                                                                                                                                                SHA-512:B509174CF0C7D9AA74778CC529B48D1B2512F553E680180A22036150436238EB8D01243ED3D7165F8159DC107984F3C8788B44815E5E68E0170CB2FEF150BA74
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%Y.e.....g.....h.....i.....j.....k.....l.....n.....o.....p."...q.(...r.4...s.E...t.N...v.c...w.p...y.v...z.....|.....}.........................................................................................../...........4.......................b.........................................>.......................H.......................&.....o.......................K.....q.................n.................(.....|.................$.....~.................'.......................G.......................p.......................J.............................Z.....{.................*.....T.....^.................=.....J.............................w.......................[.......................P.......................m.......................:.......................0...............................................8.....x.......................U.......................M.................&.......................t.................!............................._.......................&.....~.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\fil.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):521436
                                                                                                                                                Entropy (8bit):5.300414613948606
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:o8xZxWpc9B4FqwCGUoufaPNDtnJsy5WBE2bKUfm4:oNLIoTHWBlKL4
                                                                                                                                                MD5:FCBA6E51F1608B1F8C20A53228F7A0E3
                                                                                                                                                SHA1:E6A96AACD82B9559FD1895F3FB436CC1FA9E68D8
                                                                                                                                                SHA-256:6190A1353D3B59A3954082AD42CCEDF474D9493A816E4C33C7BF70357C266822
                                                                                                                                                SHA-512:835F3E462C6A200BE54AEFC7E2A09ABB218F1411C376E3390C49A5A64B3EDB99AB503C8C845F4EE7556FA3E78375AC6CC4D194C1D44A1B9F9A007CE7675F2750
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%..e.^...g.f...h.k...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....}.............................r...........a.................v.................x...........e...................................?.......................L...................................@.....o.............................t...........2.....H...........2.....o...................................}...........i.................J.....u.................@.....h.....u...........).....S.....b...........?.....z.................\.......................d.......................e.......................g.................$.......................y.................$.....s.......................c...................................E.....|...........C.....m.................e.................A ..... ..... .....!.....!....L"....."....."....[#.....#....*$....[$.....$....;%....q%.....%.....%....A&....i&.....&.....&....u'

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\fr.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):533204
                                                                                                                                                Entropy (8bit):5.42656536496862
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:bTlsXvu432L72zNvxcgw1IaSVATiwsn8Zw4rMYnYbGBA3z8GABqXJRCxB2gTSWel:bTO0N1GAMf
                                                                                                                                                MD5:299FDEC5C529F686A75CA8DD249C28DB
                                                                                                                                                SHA1:BFBE364AF58B9C4A967F5A8CE826DA5EB2AF6AD9
                                                                                                                                                SHA-256:78C7BB9624B063607896C34122469F849BD49C24962863BB31CF1D971D885050
                                                                                                                                                SHA-512:BD34415842DF72127CDC05ABE58F9C73CD90F5C2C5AF0AF32B514066FD32F0A57DA05E01DA8A531E36F28F3E164BAB945D96CF7592489630051474F17C2A394B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........h%..e.z...g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.&...y.,...z.;...|.A...}.S.....[.....`.....h.....p.....x.................................................................x.......................,...................................n.................e.................7.......................<.........................................\...........G.........................................D.......................z...........2.....K...........o.................M.......................N.......................H.......................`.......................y.................(.....|.......................i.......................b...................................q.................N.....|.................2.....R.....p...........9.....v...........*................. .....y.......................y...........#.....?...........+.....x............ ..... ..... ..... .....!.....!....5"....\"....."....g#.....#.....#....($....|$.....$.....$....;%.....%

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\hi.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1067175
                                                                                                                                                Entropy (8bit):4.410832963989589
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:3UtowpoUCbp2+NpqOV/BB0ZV1d1EGZDS7WexEWUt2bhtWi2V8nC5kbLAbqmbeget:WoHUCHkwsLlqdd
                                                                                                                                                MD5:9907AB6C963DB1613E3811104F3DDD9C
                                                                                                                                                SHA1:549D59E22ABF5D80B5690EFE85B27438ACAA5A00
                                                                                                                                                SHA-256:0A485C447311495D55B8EAC8D4F00356A0250F95B44FD8C549DE59357084AA11
                                                                                                                                                SHA-512:9AA2986CA627158B6ECD23D65166D2E8B5B5E23DA8103FD27DB6C4212B61610BF73FD94CB68F028280D045CA78B4BF131CEFBC23BEE23FB2ABD911032E7E3F4A
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........{%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.!...t.*...v.?...w.L...y.R...z.a...|.g...}.y.................................................................................../.....h.................L.................j.........../.....]...........l.............................B.................#.....S.......................).......................P.....u.....Y...................................D.....+...........Y.................x...........C.................@...........T...........Z...........> ..... ....B!....m!.....".....".....".....".....#.....$.....$.... %.....%.....&.....&.....'.....'....o(.....(.....(.....)..../*.....*.....*....W+.....,....i,.....,.....-.........../....I/.....0.....0.....0....)1.....1....E2....x2.....2....]3.....3.....4.....4.....5....N6.....6....(7.....7....n8.....8.....8.....9.....:....H;....z;....}<.....=.....=.....>....e?.....@.....A.....A.....B.....C.....D....ZD.....E....wF.....G....aG....UH.....I.....I.....I.....J.....K

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\hr.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):497570
                                                                                                                                                Entropy (8bit):5.5613731809737335
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:E/ryT/5LWXUGXkAPKRpjqIGaBV08LQFvBAGC7ZqVwcsRqH7c2Dn3LWO6AHshClBY:qw/5LU7X8Rp+ALqwAjSihswJKaSyCiZw
                                                                                                                                                MD5:09431A45311A97E2B598A26741AC3BC6
                                                                                                                                                SHA1:96D26E3D9217028A5A6900B1EF51E354442FEEE7
                                                                                                                                                SHA-256:E04D8A13FBC1B372D7C1FAD6F7A47BFC3CB4FB768B7BE66B1CD52191DBBECA76
                                                                                                                                                SHA-512:8ECACA63D58BC1849948DBC5A2833CFE605E9F36A47E5AD5CECED3AC040A9400156829CD13619A11B14AED4FE5237CE021F935FABEDBE669A0A5204697FA1195
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.....o.#...p.0...q.6...r.B...s.S...t.\...v.q...w.~...y.....z.....|.....}..........................................................................................."...........N.................;.......................n.................M...........!.....].....s...........-....._.....o.................=.....M........... .....R.....w...........t.................O.......................v.................!.................W.....r.............................p.......................N.............................`.......................T.......................O.....}.................W.......................L.....w.................2....._.....o..........._.......................e.......................K.....j.................3.....`.....w...........V.................).....x.................$.......................R.............................'.......................y.................D ..... ..... ..... ....2!....{!.....!.....!....."....."

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\hu.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):531019
                                                                                                                                                Entropy (8bit):5.672617115733098
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:YWkE356hC5WRIHGDHbtGSmeFkQ9XmBdpEN/3ICEqPHyNwkatTD5HvGTZfp6GcMAG:YWkcWL4ckaUsD5HvGys+4f
                                                                                                                                                MD5:06C8057DF87662E4AF3B693A88D04A9F
                                                                                                                                                SHA1:C2C1ECD1CF9AB7A1C5F56096F915B052684712AD
                                                                                                                                                SHA-256:A73FE543AE2EA5EA42CBF357EA58184E78FF561C29F61B4F52FB17C7B7D5F185
                                                                                                                                                SHA-512:161C8101D3FF8FA39F877E2752E3B5BD9DB6FF4200ECB5A1C45CEDBB6BFD014BF93B8593BF678BD3D0E8BF67DBB943B880F8528F5B690A82BB55FC0D79A32102
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........"%D.e.....g.....h.....i.....j.....k.%...l.0...n.8...o.=...p.J...q.P...r.\...s.m...t.v...v.....w.....y.....z.....|.....}.....................................................................................C.....W.................&.....D...........;.....................................................E.....^...........8....._.....p...........F.................,.............................6.................$.......................X.................$...........'.....m.............................'.................G.....d...........<.....c.....{...........S.....~..........."...................................b.....x.............................:.............................#.....e.....y.............................Z.........................................6.................<.....T...........P.................<.......................2 ..... ..... ..... ...._!.....!....."....5"....."....c#.....#.....#.....$.....%....Y%.....%....$&.....&.....&.....'....o'.....'.....(...."(.....(.....)

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\id.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):450780
                                                                                                                                                Entropy (8bit):5.4223529482397606
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:A+gAIJgCRdcpJwkK563SzTHEjSEnmFBEiuUTn:A+sgqcpsEHnmFWUT
                                                                                                                                                MD5:AADFC73804D0AF347FF2406F8EA17327
                                                                                                                                                SHA1:BDCBD96015311F636FA4A1883AE9F7745F7C642D
                                                                                                                                                SHA-256:30ED0454488349AAE35E2023F6E04CBFBAD39DCCC9149C54FA8BD4C5C5058486
                                                                                                                                                SHA-512:F578EB1C6C20A9FDC302F36F2154ADA3DE28E065E3936E985CE28563D5B2C67E91AA46607A919AA06D983302B6C816401357339655415C7F350295B3BD1EE970
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........c%..e.p...g.x...h.}...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y."...z.1...|.7...}.I.....Q.....V.....^.....f.....n.....u.....|.....................................................D.......................d.......................U.......................q.......................t.......................R.......................<.......................D.......................8.............................c.......................c.................%.......................,.....i.......................(.....M.....Y.......................%.............................g.......................B.............................i.......................P.......................C.....y.......................,.....=.............................f.......................G.......................+.....g.......................A.....o.....~...........:.....v...................................].......................p.......................F.............................u.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\it.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):499094
                                                                                                                                                Entropy (8bit):5.328817560077638
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:15N/m7eMRmzh8YYQDLIefGgAFK54qG0e3qqzKpwLlBy5kxAjNuRtEmYS9lcZujgP:15N/2Ri8wRwLCZGd8JadT+
                                                                                                                                                MD5:158CCD4881619B7E465794335BC15ED9
                                                                                                                                                SHA1:8C17B1064BD34E6CA82CB5753ED24316E6C73EF5
                                                                                                                                                SHA-256:08DB2F75AB5815EF2CB54F27E75C507B0FDAB8089E59441ED0BFEE43EB3AC2E6
                                                                                                                                                SHA-512:851AB3B7D3B259FFAD9D30B65B1227E79B95662CB34E8D1CD6B5960D1665F456C78265D952C94B929008FBEE5D26E065B5CB04A2E1B2404BCB8FBF677188061A
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........W%..e.X...g.`...h.e...i.v...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.1.....9.....>.....F.....N.....V.....].....d.....k.....l.....m.....o.............................W...........E.....a...........&.....h.....y...........q.............................5.....^.......................+.....}.........................................D...........<.................&.......................G.......................d.................&........... .....u.................A.....m.................%.....O.....]....................... .................*.....<.......................#.....r.......................F.............................p.................(.......................T.......................#.....X.....n.................2.....^.....s...........O.................1.....t.......................J.....u.................m.................u...........e.....|...........v.................m...........% ....; ..... ..... ..... ..... ....j!.....!

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ja.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):599830
                                                                                                                                                Entropy (8bit):5.8281706210617825
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:32dINrcpX83p2UKGTuLuGrL13dAxXFIGxgK0usjSy+QUJNt4DYKVS7b0X7HZBFBV:3l2BjUFTq/flVqeVQdljYYNau34
                                                                                                                                                MD5:1B5D982CFC66F02F8AF503780ACA5176
                                                                                                                                                SHA1:B064393D8B059F5DAA48161DB720756F464C5AD1
                                                                                                                                                SHA-256:F4E00BC9855771706065E837D8085DDF52BCD47488A189209A7547D14DF40EDA
                                                                                                                                                SHA-512:A19A1C706D1B159B7904F7DA454FAF6F0B4A6D13210F52BACEAD7AFF17280B9FE7C23A168AACA32A869C52819BF5921182010878AA3F90A226F28F3A77677196
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........$..e.....g.....h.#...i.....j.7...k.H...l.Q...m.Y...o.n...p.{...q.....v.....w.....y.....z.....|.....}................................................................... .....".....'.....@.....j.................F...........$.....B...........8.....u...........(.................&.......................3...........#.....T.....f...........4.....a.....q...........m.................[.................@........... .....S.....c...........>.....o.....~..........._.................N...........P.....k.........../.....Q.....m...........n.................\...........$.....E.............................{...........M.....\...........X.................".......................k...........7.....L.........................................3.....U...........:.....l.................y.............................E.................7 ....Y ....h ..... ....m!.....!.....!....B".....".....".....".....#....4$.....$.....$....I%.....%.....&....8&.....&....L'.....'.....'....2(.....(.....(.....(.....).....*....O*

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ko.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):501964
                                                                                                                                                Entropy (8bit):6.169334467010321
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:lINpoGuV39uqp7VKixMGLtlq7Hh1mrOerIi1HNGc36xKpVdKV2WBQL:lgpoGuV3WGm0I2z
                                                                                                                                                MD5:282C517076CBBC464595B5A04BCCDB14
                                                                                                                                                SHA1:51CED44010BFCFFB320B632CF27548855FAFAA02
                                                                                                                                                SHA-256:22489C861BCEF0D79A2FC03FB5A1C55E1176922FFBE89C05BC7C54C6C6F847B3
                                                                                                                                                SHA-512:424595BC00FFCCF77E8EE561634F14793CB8D539681BA6672EA224785C62010C8DBA798A2F4D2B721E9CB960D774591EF5C260BF0B74FF053AFC55F784F0A315
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........$..e.....g.....h.....i.....j.....k.....l.....m.....o.....p.....q.!...r.-...s.>...t.G...y.\...z.k...|.q...}.............................................................................................................V.....t...........M.........................................H.......................f.......................k.......................z...................................,.....@.................).....6.......................&.................0.....@...........C.......................Y.....}.................:....._.....o.................:.....J.................l.................L.......................W.......................Z.......................X.........................................O.......................?.......................J.......................d.................8.............................T.......................W.......................j...........-.....;.................E.....\...........$.....S.....f.................9.....L.................=.....P.

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\lt.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):532287
                                                                                                                                                Entropy (8bit):5.6618162413155915
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:72fvn4ETX/XPIx7iGyyXaGcGYDj/T2If6SxtCs1TsRaVKx52O:CfvJfIdiGyjDj/76SxssmR/j2O
                                                                                                                                                MD5:587FEF1B576042E1D3918915FEC494B3
                                                                                                                                                SHA1:D957FFC8F7EBBB3245837E501A2CD790BA788569
                                                                                                                                                SHA-256:8D13CCA2F6BD9E51FDC7F919E41C9A4EA01C0BF78C780C1AD75BA0FBF47AA134
                                                                                                                                                SHA-512:E12AD4E4186321DF04EB6CF570094A5B5986C36027A44CF71738AA8467EE270DF8C9C77234D16102F6DCE286ECB52CBA0953EAB7E38ACEBDBD625E5F4187F12E
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........^%..e.f...g.n...h.y...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................h...........V.....q.........................................[.....u...........l.................6.......................u...........1.....H...........B.....v...........%...................................6.....G...........5.....o...............................................f.................f.........................................@.......................y...........7.....J...........>.....x...................................Q...................................5.....C...........v.................Z.............................+.....e..................................._.................O...........& ....H ....[ ..... .....!.....!.....!....u"....."....<#....`#.....#.....$.....$.....%.....%.....&....Z&....z&.....'.....'.....'.....(....\(.....(.....(.....(....|).....*

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\lv.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):530446
                                                                                                                                                Entropy (8bit):5.669799465505182
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:G4MYLxpFOV+yzyqU28c9ssRmK7Bp57YXQGBi5nbrNk8zptNctVFL8qRB5mhDssZm:TMy3OVPzr7f5XG8Nk8ai2x
                                                                                                                                                MD5:1E08EA238ABF7AAB7F23F1BAB5EE7F6C
                                                                                                                                                SHA1:D1C619187ABBF793BB10C6F8E275B098C65E37CE
                                                                                                                                                SHA-256:B59B19BA5920293FB0A8C6B5420904B47632E97A7A00FF8CF779EAC1783FB645
                                                                                                                                                SHA-512:595CBC15E7C694C5A17024B573E69F6297F170DC60BB4647D9D1F509247E32955BE90632896463FE02ED5041422EC43439657CD4C991F7D9BFDD982EB79FB23A
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.*...s.;...t.D...v.Y...w.f...y.l...z.{...|.....}...........................................................................................0.............................y...........D.....W.............................x...........I.....h...........G.........................................?.............................U.................8...................................O.....b.............................t...........j.................V.....|................._.......................m.................%.......................y...........*.....<...........*.....a.....p...........Y.........................................r...........e.....}...........@.....[.....p...........o.................%.......................Z...........*.....d...........1 ....Q ....j ..... ....n!.....!.....!....:".....".....".....#.....#....l$.....$.....$....j%.....%....%&....K&.....&....F'.....'.....'.....'....b(....}(.....(....$).....)

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ms.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):465066
                                                                                                                                                Entropy (8bit):5.319654799734954
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:+1ZzO7mJZnRcE4ZzPtfcIQx89sQocTlqu:OZzC0nWE4hQxBW5/
                                                                                                                                                MD5:D38EA19CB1C529A5284F8C70E05601B2
                                                                                                                                                SHA1:54CAD7FA9CD399485056AD79A02AFCF90D25CB9B
                                                                                                                                                SHA-256:B2D6777CEA095DB001D5F8D861C6889DD9618B1365DA6CAC866DA82F514ACF4E
                                                                                                                                                SHA-512:8AFF259DE73A9440D61AD095CF6E842372606B047DD1A54B1B23D11463467D34F57C24C139DC1BAE096D6C98B9D4FCF5E6625DB20A08FCEA3A11298F338740A8
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........]%..e.d...g.l...h.q...i.y...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....o.....p.....u.............................Y...........+.....G.................:.....J...........(.....i.................V.......................^.......................S.......................X.................'.......................H.......................%.....y.......................q.................0.......................W.............................l.......................?.....f.....r...........9.....s.................A.....v.................7.....i.....s...........%.....U.....^.................K.....V...........9.....~.................:....._.....w.................>.....X................. .....1.......................8.............................M.......................]...................................W.....e...........4.....o.................A.....o.....|.................3.....C.............

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\nb.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):455316
                                                                                                                                                Entropy (8bit):5.4739564830342475
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:2rl6DGqTc8jrGw6yyMrr+8f1SLqxs/Pryi6x1xljtCM:2rEDo8jrL6f8f1SmxMPnExljtCM
                                                                                                                                                MD5:B91F4826DC081EBC7791FB0837EF3A4F
                                                                                                                                                SHA1:7D00E2D5661E55A935236F52540ADC85DA433EF2
                                                                                                                                                SHA-256:3C787E535389FADD70ADB97E275A6C53850CCC09CBFEA15B8BB7EB9B35DF56F4
                                                                                                                                                SHA-512:698318CD1F911B4B44735BDA618CBF7010FE2ED32A69FEAE8D2636B46D72BFB6D3A4608D89D5AD93FC9C73A633A8887E7B35887CED65F8EA741B6AF98AAEFC62
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........Y%..e.\...g.d...h.i...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.#...|.)...}.;.....C.....H.....P.....X.....`.....g.....n.....u.....v.....w.....y.............................Z...........M.....b...........+.....d.....w.............................W.......................X.......................F.......................G.......................s.................;...........H.................".......................^...........#.....=...........].......................h.......................=.....b.....r........... .....E.....U.................T.....h...........(.....V.....f.................`.....p...........#.....L.....\.................H.....V...........@.......................N.....t.................2.....Q.....j.................9.....K...........8.....w.................b.......................n.................$.....u.................2...................................E.....n...........6 ....b ....u ..... .....!.....!....<!.....!....."

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\nl.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):468815
                                                                                                                                                Entropy (8bit):5.414013572567173
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:wge90JwO/GpXgcoQ6oTcRP65XDpIK4m/ucy:q0JwO/GpXgconoTcRS5TpIo/uB
                                                                                                                                                MD5:D2F3D7B4FA4AD57F773AE15EB3E70222
                                                                                                                                                SHA1:A1F217C981B38AC46CE18E4374374DE0FAB39997
                                                                                                                                                SHA-256:44E08FE6BF7F10DA6F94A81E7BB659A9238E5988E1907C34B999353FD07DAE21
                                                                                                                                                SHA-512:13B00CE1496BB2C1FB2CA26385FCCE612FF11BFA28FE8B59798DFBEEE9E60AFCFB59549BE0707C5C6FAC8BBBA1D97B1697C234CEA7A1E85EA74E0E93C3677431
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........m%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.#...w.0...y.6...z.E...|.K...}.].....e.....j.....r.....z.......................................................................r...........<.....Q........... .....].....q...........X.........................................!.....x.......................\.......................j.................:.......................Q.......................Z.......................|.........../.....E...........9.......................<.....`.....t.................3.....A....................... ......................./.............................l.......................I.......................6.......................I.......................k.......................\.......................?.......................C......................._.......................A.......................`...................................m.....~...........l.................@.......................7.......................% ....}

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\pl.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):514993
                                                                                                                                                Entropy (8bit):5.7844368274597
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:AmtOK56Qa4eCQ08WoOBCEtfQfM6HCOb6/PQCUd79e3mFR/TYYdeMsucZr1iguIw:99lrJDMt
                                                                                                                                                MD5:AEAD81008645D092C0D4498C845D7A5B
                                                                                                                                                SHA1:A1B1CCF4250C20234C8D48A681666C77646FCA4A
                                                                                                                                                SHA-256:8D767C47DB1494BC90A7B98E98680DD60B246636275032E5EC00C119E9595F8E
                                                                                                                                                SHA-512:E0D5A15A57A08E70BA0181C95292920D740A6117E244C9BC7BD2160729A04E1DCD118A9D40CB23C4C95B442460EB0CE86C5E7DDE86F1A71CA1687DE7C2B67A83
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........[%..e.`...g.h...h.m...i.~...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.%...}.7.....?.....D.....L.....T.....\.....c.....j.....q.....r.....s.....u.............................d..........._.....{...........I.................(.......................u.................*...............................................0.................=.....c...........Y.................6.......................L.......................x...........<.....X...........i.................E.............................Q.....t.......................8.....F.................H.....\.................J.....\.................B.....R.................).....9.................).....:...........$.....q.................#.....@.....W.................!.....G.................7.....L.................m.................7.....U.....l.................E.....a...........>................. ...................................3.....^............ ....E ....V ..... ..... .....!.....!.....!.....!

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\pt-BR.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):490961
                                                                                                                                                Entropy (8bit):5.462948787832137
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:NKT/ngth9TSzp8XR6BJv2cQ74WesRYcTzINBXBLTUpnDk/eds7:NigdXRosceesRRTy
                                                                                                                                                MD5:3BA421A36A38A2596C3EE23161D602BF
                                                                                                                                                SHA1:62D09596040F1B59AD0CB786A7B26166F4F57503
                                                                                                                                                SHA-256:23FFC508EF4C74DBECFD2EABFB74B48AEF082C51B0B436F83C7553EC4CECE580
                                                                                                                                                SHA-512:1E1E0616578D4BB4ACD4508B69784EA8E033A030A4EC4D4148D2603E7D27A9B953EE385AD9C128486C261BCA3124B780D4C6C08A03F7F55776C84CD28AD5964D
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........p%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.)...w.6...y.<...z.K...|.Q...}.c.....k.....p.....x.........................................................................................x.................[.................7...........#.....@.................?.....T.................$.....4.......................,........... .....f...................................f.................#.................(.....<...........*.....w...........".......................a.......................A.......................?.......................B.......................E.......................'.....{.......................U.......................J.........................................L.............................g.................>.....i.................z.................^.......................d.........................................i...........=.....S...........T.................- ....{ ..... ..... .....!....S!....y!.....!....."....f"....."....."

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\pt-PT.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):496752
                                                                                                                                                Entropy (8bit):5.441144108166814
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:IsacpqKed3ar/HSSREbKdB4JVJJxhcXNa7o54Cm:EPKekrPSSREfR
                                                                                                                                                MD5:753B1B692756F0FE53B6DEDE8D1888CE
                                                                                                                                                SHA1:B094C3487235C313339E83F008F0B75FAC7765D6
                                                                                                                                                SHA-256:EF8114B2580AA4E7B521874314A41F2976F25B4C0386AD60913611111B5CB7AB
                                                                                                                                                SHA-512:8FBF6A429265817FFE1A986F761FF51A92949B780155ED206623292081AAB3B191DED036F47CAAE8A41009B62720B802179E52C3ECC84B802EADB66E53D08859
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.....o.!...p.....q.4...r.@...s.Q...t.Z...v.o...w.|...y.....z.....|.....}.....................................................................................&.....8...........L.................*.......................y...........Y.....t..........._.......................j.......................K.....x.................x.................^.................6.................O.....\.................[.....k...........=.........................................i.......................T.......................L.......................\.......................d.......................O.......................(.....~.......................l.................".......................L.......................$.....d.....~.................S.......................s.................B.......................#.....s.........................................m...........H.....`...........P.................5 ..... ..... ..... ....D!.....!.....!.....!....7"....."

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ro.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):509817
                                                                                                                                                Entropy (8bit):5.49849407979343
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:EPdYjuEEcVjt7NgMs2bh61buj6rXEZK4N8AZqhYpGWKHCAuwooUL:ECyEBVhN1h6DrX3S8AEupG/HwJo2
                                                                                                                                                MD5:005A99E11F7476A646A3DC3BCCE7A584
                                                                                                                                                SHA1:2ABC00C2EE2A8BDC70110C582535C47AFD4B3F4A
                                                                                                                                                SHA-256:0E451350162A38118281FFF76BBDD3CD12A3B5A04EC8B3EAA259AFABF312E687
                                                                                                                                                SHA-512:B72DAFCC5183ADF310F36DA0A13AED24C88CED9227484DDDDA8CBEB851CDB1B0C2B53D547D178841AC8455A283109FE423C55594769A7DE49B2834C8ECDBFA8D
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........}%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{...........................................................................................................p.................K.................%...................................;.....Z.................0.....<.........................................9.....j...........X.................5.......................g.......................~........... .....:...........J.................%.....l.......................=.....b.....v.................;.....K.................6.....K.................-.....B....................... .....p.......................O.......................j...........2.....L.............................n.......................m...................................3.....s.................%.....;.................R.....m...........1.....q...................................x...........&.....N...........$ ....] ....u ..... .....!....7!....M!.....!....3"

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\ru.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):812569
                                                                                                                                                Entropy (8bit):4.945155816034797
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:IGlU9XBlJfQjRo4YVepEaX+jhvYDfcwwgfhdxDkDtTKAYK2T5rqnjfRQjIvj3jDe:IGlUHlk56HlI
                                                                                                                                                MD5:056C018007AD175D0CDF09C405309A20
                                                                                                                                                SHA1:DED584292EE8F9E468F9352BA75AD1FE6285A1A5
                                                                                                                                                SHA-256:F8FA2BA7A9FD9F64BA80C6CB3CDE2CCB72D3823081037AFA50CEAB9880F479BE
                                                                                                                                                SHA-512:78D38FD514BC7BFCC8D0A7FB109D2B9AA509FF05428DC2E09F6E2758EAE14BF0E69EA6CCA1F59DA85FEE099884A18897E235077CDEBF46F9CC4147ADC62437B5
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........$|.e.~...g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.*...y.0...z.?...|.E...}.W....._.....d.....l.....t.....|........................................................... .................&.....E.........................................6.....d...........r.......................N.................+.....}.......................#.....~.................p...........1...........}.......................<.................i.....7............................._...........0...................................0.....O...........<.....m...............................................m...................................o.................:.................X.....q...... ....N!.....!.....!....."....."....*#....N#.....#.....$....F$....a$.....$....|%.....%.....&.....'.....'.....'....g(.....(....N)....v).....)....;*.....*.....*....2+.....+....o,.....,.....-.....-.........../....4/....?0.....1.....1.....1.....2.....3....E3....d3.....3....]4.....4.....4.....5....:6

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\sk.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):515841
                                                                                                                                                Entropy (8bit):5.8288592928168645
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:Lf3JM+wEc0amAgCb7HBoh55fLwxdjJ6VcGyJXIk6BCle2cFBt4Ds:Lf3++dcD9FvHBozlLwxd9seXIk6xvt4Y
                                                                                                                                                MD5:1C8221907D216D783B70D3C3C0A2D77A
                                                                                                                                                SHA1:D2DC893FC7109DC4560869BB6BD8CE9102FE279C
                                                                                                                                                SHA-256:5CF9F0D880DEEA644A6BADA0FCD46C8B695F5194A0D85AE06B6468F064080631
                                                                                                                                                SHA-512:9F03754615D5B47B732C797703B3B1EA43E8E35E2248AA251DFE7072A02C70198D2ABDCBF6F3E71A7C2F52BF6713D0E0B7E75F31FA50906FF3101018CDD1DD35
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........t%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.4...w.A...y.G...z.V...|.\...}.n.....v.....{.........................................................................................R.................V.............................%.....t................._.......................~.......................y.................5...................................P.....s...........j.................0.......................t.................E...........j.................8.....................................................{.........................................R.......................g.......................x...........&.....9.................E.....X...........r.................'.....u.......................Y.....u.................T.................,.......................n.......................r...................................?.....Y............ ..... .....!.....!.....!....7"....X"....."....)#....X#....l#.....#.....$....=$....Q$.....$....H%

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\sr.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):761766
                                                                                                                                                Entropy (8bit):4.890722517206804
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:dVvHT/9jexqeumgG37m8/k/nZ57LrXZasIfG+10B4snQgkCvCeeD74DMXWvAbvX:b93nbe
                                                                                                                                                MD5:0EC6F31A25588AD019FF0CCAD579E876
                                                                                                                                                SHA1:56768A15DD92532FD9EFECEBF106E567FD010A18
                                                                                                                                                SHA-256:6C784E3E3F95F970B3901B41F8114A411DBA3FEE6671F02AB5EC87502373895C
                                                                                                                                                SHA-512:1D37E60F41EB89E5FE5161207C98F1923C6637658001011B7F07990EFA3B9E4242EB34C0EA1074A7B7288DBFD64400B6DDE1D80AD91B6AF1AE0C69688FA59C78
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.........%..e.....g.....h.....i.....j.....k.....l.....n.&...o.+...p.8...q.>...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}...............................................................................@.....e.................D.......................a.............................J.....~.....U...........o...........K...........&.....E...........H.................x...........g.................`...........-...................................h...................................?.....K.....#.............................8.....Z..........._.................H.............................q.......................+.....y...........2 ..... ..... .....!.....!....3"....x"....."....?#.....#.....$....9$.....%.....%....0&....Z&.....&....`'.....'.....'...._(.....(.....)....;).....).....*.....*.....*.....+....J,.....,.....-.....-..........F.....s.....5/...../.....0....C0...."1.....1....#2....T2....A3.....4.....4.....4.....5....\6.....6.....7.....7....[8.....8.....8....Y9.....9.....:.....:.....:.....;

                                                                                                                                                C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\localization\sv.pak

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):460956
                                                                                                                                                Entropy (8bit):5.577281591773483
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:LyYzXk8Bn6V9l0p6zigMFIp4gfaVvZWtFi1cVKUI16wxg7mpO6Un/4i054nQUnBS:mYzVp6zt55W
                                                                                                                                                MD5:2B3638E67085D8280EC7ACB3E2F77AAA
                                                                                                                                                SHA1:925A502688A8235D6EE9F43E543E87E1EA9D466B
                                                                                                                                                SHA-256:CB98C2EE6C18D69310752F2223C626B445F80B1435C37247D26579DEB14E0292
                                                                                                                                                SHA-512:79B60208B4A80CFC4D2D47A9B8366397EC591A57215E95A5770D655D3CCABE17618165BB157B7F1D77B1F50DA67EC311EA3BD091241AAFE0375DAB1895C84B41
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:........`%..e.j...g.r...h.w...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.+...|.1...}.C.....K.....P.....X.....`.....h.....o.....v.....}.....~.........................................S.................4.................E.....V...........U.................*.......................7.......................7.......................Q...................................G.....g...........".....P....._...........=.....{...............................................q.................3.....R.....e.................9.....G.......................'.......................@.................).....8.......................'.............................w...................................*.....?.......................#.....p.......................B.......................:.......................g.......................V.......................T.......................o...........Q.....e...........Q.......................~.................. ....[ ....y ..... ..... ....E!

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Entropy (8bit):7.609503436410413
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                • InstallShield setup (43055/19) 0.42%
                                                                                                                                                • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                File name:SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
                                                                                                                                                File size:2'182'176 bytes
                                                                                                                                                MD5:dbb69ee00786bed3e12a04518e0f469a
                                                                                                                                                SHA1:40a82d88b06e6be8ba82fab34b4a29305466202a
                                                                                                                                                SHA256:dbc32537a29f5eba5406aa3f2ae409eb52ea904e76c19a74bfb480a8c8c63d69
                                                                                                                                                SHA512:e367614faeebe4af063634b911c3591c7c5b0e8c07a843753d809ce27c050b298ec5d1777ab2aa7c194810a45e4788ea98e93bf5b053beb375f8cc5a65cbcfae
                                                                                                                                                SSDEEP:24576:Y7FUDowAyrTVE3U5F/E3dwMzD3mseUwgjvKwX901alI4qKxKic6QL3E2vVsjECUG:YBuZrEU8FTleUTKae2KIy029s4C1eH92
                                                                                                                                                TLSH:4CA5DF3FF268A13EC5AA1B3205B39310997BBA51A81A8C1F47FC344DCF765601E3B656
                                                                                                                                                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:0c0c2d33ceec80aa

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x4b5eec
                                                                                                                                                Entrypoint Section:.itext
                                                                                                                                                Digitally signed:true
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                Time Stamp:0x63ECF218 [Wed Feb 15 14:54:16 2023 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:6
                                                                                                                                                OS Version Minor:1
                                                                                                                                                File Version Major:6
                                                                                                                                                File Version Minor:1
                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                Import Hash:e569e6f445d32ba23766ad67d1e3787f

                                                                                                                                                Authenticode Signature

                                                                                                                                                Signature Valid:true
                                                                                                                                                Signature Issuer:CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                                Error Number:0
                                                                                                                                                Not Before, Not After
                                                                                                                                                • 22/09/2023 14:18:31 03/12/2024 13:05:00
                                                                                                                                                Subject Chain
                                                                                                                                                • CN=OOO NBZ, O=OOO NBZ, L=Saint Petersburg, S=Saint Petersburg, C=RU
                                                                                                                                                Version:3
                                                                                                                                                Thumbprint MD5:644D93EB2A924788DC9F5A261B15A128
                                                                                                                                                Thumbprint SHA-1:8FF463CEC205068C449EBE08BC5EADB1E8BEF78D
                                                                                                                                                Thumbprint SHA-256:A0C6E99ECA1E36FBCEE4434A33A8862414BE13C68E7464DAE8CB84914EEF564E
                                                                                                                                                Serial:01181B5DC7EF7467C6035C60

                                                                                                                                                Entrypoint Preview

                                                                                                                                                Instruction
                                                                                                                                                push ebp
                                                                                                                                                mov ebp, esp
                                                                                                                                                add esp, FFFFFFA4h
                                                                                                                                                push ebx
                                                                                                                                                push esi
                                                                                                                                                push edi
                                                                                                                                                xor eax, eax
                                                                                                                                                mov dword ptr [ebp-3Ch], eax
                                                                                                                                                mov dword ptr [ebp-40h], eax
                                                                                                                                                mov dword ptr [ebp-5Ch], eax
                                                                                                                                                mov dword ptr [ebp-30h], eax
                                                                                                                                                mov dword ptr [ebp-38h], eax
                                                                                                                                                mov dword ptr [ebp-34h], eax
                                                                                                                                                mov dword ptr [ebp-2Ch], eax
                                                                                                                                                mov dword ptr [ebp-28h], eax
                                                                                                                                                mov dword ptr [ebp-14h], eax
                                                                                                                                                mov eax, 004B14B8h
                                                                                                                                                call 00007FCB60EC7115h
                                                                                                                                                xor eax, eax
                                                                                                                                                push ebp
                                                                                                                                                push 004B65E2h
                                                                                                                                                push dword ptr fs:[eax]
                                                                                                                                                mov dword ptr fs:[eax], esp
                                                                                                                                                xor edx, edx
                                                                                                                                                push ebp
                                                                                                                                                push 004B659Eh
                                                                                                                                                push dword ptr fs:[edx]
                                                                                                                                                mov dword ptr fs:[edx], esp
                                                                                                                                                mov eax, dword ptr [004BE634h]
                                                                                                                                                call 00007FCB60F69C07h
                                                                                                                                                call 00007FCB60F6975Ah
                                                                                                                                                lea edx, dword ptr [ebp-14h]
                                                                                                                                                xor eax, eax
                                                                                                                                                call 00007FCB60EDCBB4h
                                                                                                                                                mov edx, dword ptr [ebp-14h]
                                                                                                                                                mov eax, 004C1D84h
                                                                                                                                                call 00007FCB60EC1D07h
                                                                                                                                                push 00000002h
                                                                                                                                                push 00000000h
                                                                                                                                                push 00000001h
                                                                                                                                                mov ecx, dword ptr [004C1D84h]
                                                                                                                                                mov dl, 01h
                                                                                                                                                mov eax, dword ptr [004238ECh]
                                                                                                                                                call 00007FCB60EDDD37h
                                                                                                                                                mov dword ptr [004C1D88h], eax
                                                                                                                                                xor edx, edx
                                                                                                                                                push ebp
                                                                                                                                                push 004B654Ah
                                                                                                                                                push dword ptr fs:[edx]
                                                                                                                                                mov dword ptr fs:[edx], esp
                                                                                                                                                call 00007FCB60F69C8Fh
                                                                                                                                                mov dword ptr [004C1D90h], eax
                                                                                                                                                mov eax, dword ptr [004C1D90h]
                                                                                                                                                cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                jne 00007FCB60F6FEAAh
                                                                                                                                                mov eax, dword ptr [004C1D90h]
                                                                                                                                                mov edx, 00000028h
                                                                                                                                                call 00007FCB60EDE62Ch
                                                                                                                                                mov edx, dword ptr [004C1D90h]

                                                                                                                                                Data Directories

                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xfdc.idata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x11000.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x2109000x4320
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0xc22f40x254.idata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                Sections

                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x10000xb39e40xb3a0043af0a9476ca224d8e8461f1e22c94daFalse0.34525867693110646data6.357635049994181IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                .itext0xb50000x16880x1800185e04b9a1f554e31f7f848515dc890cFalse0.54443359375data5.971425428435973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                .data0xb70000x37a40x3800cab2107c933b696aa5cf0cc6c3fd3980False0.36097935267857145data5.048648594372454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .idata0xc20000xfdc0x1000e7d1635e2624b124cfdce6c360ac21cdFalse0.3798828125data5.029087481102678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .didata0xc30000x1a40x2008ced971d8a7705c98b173e255d8c9aa7False0.345703125data2.7509822285969876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .edata0xc40000x9a0x2008d4e1e508031afe235bf121c80fd7d5fFalse0.2578125data1.877162954504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .rsrc0xc70000x110000x110007f89b554871894884a2a46b5f7d43d5aFalse0.18597771139705882data3.6934546558404633IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                Resources

                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                RT_ICON0xc76780xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2048EnglishUnited States0.1174924924924925
                                                                                                                                                RT_ICON0xc80e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.15792682926829268
                                                                                                                                                RT_ICON0xc87480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.23387096774193547
                                                                                                                                                RT_ICON0xc8a300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.39864864864864863
                                                                                                                                                RT_ICON0xc8b580x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colorsEnglishUnited States0.08339210155148095
                                                                                                                                                RT_ICON0xca1800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.1023454157782516
                                                                                                                                                RT_ICON0xcb0280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.10649819494584838
                                                                                                                                                RT_ICON0xcb8d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.10838150289017341
                                                                                                                                                RT_ICON0xcbe380x12e5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8712011577424024
                                                                                                                                                RT_ICON0xcd1200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.05668398677373642
                                                                                                                                                RT_ICON0xd13480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.08475103734439834
                                                                                                                                                RT_ICON0xd38f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.09920262664165103
                                                                                                                                                RT_ICON0xd49980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2047872340425532
                                                                                                                                                RT_STRING0xd4e000x360data0.34375
                                                                                                                                                RT_STRING0xd51600x260data0.3256578947368421
                                                                                                                                                RT_STRING0xd53c00x45cdata0.4068100358422939
                                                                                                                                                RT_STRING0xd581c0x40cdata0.3754826254826255
                                                                                                                                                RT_STRING0xd5c280x2d4data0.39226519337016574
                                                                                                                                                RT_STRING0xd5efc0xb8data0.6467391304347826
                                                                                                                                                RT_STRING0xd5fb40x9cdata0.6410256410256411
                                                                                                                                                RT_STRING0xd60500x374data0.4230769230769231
                                                                                                                                                RT_STRING0xd63c40x398data0.3358695652173913
                                                                                                                                                RT_STRING0xd675c0x368data0.3795871559633027
                                                                                                                                                RT_STRING0xd6ac40x2a4data0.4275147928994083
                                                                                                                                                RT_RCDATA0xd6d680x10data1.5
                                                                                                                                                RT_RCDATA0xd6d780x2c4data0.6384180790960452
                                                                                                                                                RT_RCDATA0xd703c0x2cdata1.2045454545454546
                                                                                                                                                RT_GROUP_ICON0xd70680xbcdataEnglishUnited States0.6170212765957447
                                                                                                                                                RT_VERSION0xd71240x584dataEnglishUnited States0.26345609065155806
                                                                                                                                                RT_MANIFEST0xd76a80x7a8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3377551020408163

                                                                                                                                                Imports

                                                                                                                                                DLLImport
                                                                                                                                                kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                comctl32.dllInitCommonControls
                                                                                                                                                version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                Exports

                                                                                                                                                NameOrdinalAddress
                                                                                                                                                TMethodImplementationIntercept30x4541a8
                                                                                                                                                __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                dbkFCallWrapperAddr10x4be63c

                                                                                                                                                Possible Origin

                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                EnglishUnited States

                                                                                                                                                Network Behavior

                                                                                                                                                Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                Statistics

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Target ID:0
                                                                                                                                                Start time:19:35:14
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:2'182'176 bytes
                                                                                                                                                MD5 hash:DBB69EE00786BED3E12A04518E0F469A
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:1
                                                                                                                                                Start time:19:35:14
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-6G7J7.tmp\SecuriteInfo.com.Adware.Elemental.22.28512.27778.tmp" /SL5="$2040C,1055917,832512,C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.28512.27778.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:3'199'488 bytes
                                                                                                                                                MD5 hash:668D5368DEF8B65631C43EECBD50EA48
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:5
                                                                                                                                                Start time:19:35:50
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --silent --allusers=0
                                                                                                                                                Imagebase:0x1000000
                                                                                                                                                File size:3'581'600 bytes
                                                                                                                                                MD5 hash:1033B8A679409AAE694776CF2FDD3E8D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:6
                                                                                                                                                Start time:19:35:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x6bc5623c,0x6bc56248,0x6bc56254
                                                                                                                                                Imagebase:0x1000000
                                                                                                                                                File size:3'581'600 bytes
                                                                                                                                                MD5 hash:1033B8A679409AAE694776CF2FDD3E8D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:7
                                                                                                                                                Start time:19:35:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
                                                                                                                                                Imagebase:0x9e0000
                                                                                                                                                File size:3'581'600 bytes
                                                                                                                                                MD5 hash:1033B8A679409AAE694776CF2FDD3E8D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:8
                                                                                                                                                Start time:19:35:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5424 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240329193551" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000
                                                                                                                                                Imagebase:0x1000000
                                                                                                                                                File size:3'581'600 bytes
                                                                                                                                                MD5 hash:1033B8A679409AAE694776CF2FDD3E8D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:9
                                                                                                                                                Start time:19:35:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\is-U02B5.tmp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x6afc623c,0x6afc6248,0x6afc6254
                                                                                                                                                Imagebase:0x1000000
                                                                                                                                                File size:3'581'600 bytes
                                                                                                                                                MD5 hash:1033B8A679409AAE694776CF2FDD3E8D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:10
                                                                                                                                                Start time:19:36:12
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:1'499'104 bytes
                                                                                                                                                MD5 hash:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:11
                                                                                                                                                Start time:19:36:13
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --version
                                                                                                                                                Imagebase:0x2e0000
                                                                                                                                                File size:1'853'592 bytes
                                                                                                                                                MD5 hash:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:12
                                                                                                                                                Start time:19:36:13
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x494f48,0x494f58,0x494f64
                                                                                                                                                Imagebase:0x2e0000
                                                                                                                                                File size:1'853'592 bytes
                                                                                                                                                MD5 hash:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:14
                                                                                                                                                Start time:19:36:45
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --backend --initial-pid=5424 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403291935511" --session-guid=e8c1f83b-82a0-4cf5-8d29-c848e8638bca --server-tracking-blob=ZmUxNWFlNzQyYjk1NzA4ZTljODEyOGM4ZDY1NDg0M2YyNmVhN2MxNjg3MDQ5YmEyMGNjNzFjMzEyNjU5MGZjZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNF8zNzQyJnV0bV9pZD04NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSZ1dG1fY29udGVudD0zNzQyX3NldHVwaW8iLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MzczMjMuMDMxNCIsInVzZXJhZ2VudCI6Iklubm8gU2V0dXAgNi4yLjIiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfUEI0XzM3NDIiLCJjb250ZW50IjoiMzc0Ml9zZXR1cGlvIiwiaWQiOiI4NmE3YmY5NzI1Yjk0NDYxYjMzYzMzMGM3ZTA5NDUwMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU1ZWJhZDA2LTcxY2MtNDg4Ny1hOGRmLTdlYTdjNzkwMzhhYSJ9 --silent --desktopshortcut=1 --install-subfolder=107.0.5045.79
                                                                                                                                                Imagebase:0x7ff709740000
                                                                                                                                                File size:6'949'792 bytes
                                                                                                                                                MD5 hash:21AD4599ABD2E158DB5128F32D3CC4EE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                • Detection: 0%, Virustotal, Browse
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:15
                                                                                                                                                Start time:19:36:45
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x7ffdfb93d180,0x7ffdfb93d18c,0x7ffdfb93d198
                                                                                                                                                Imagebase:0x7ff709740000
                                                                                                                                                File size:6'949'792 bytes
                                                                                                                                                MD5 hash:21AD4599ABD2E158DB5128F32D3CC4EE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:18
                                                                                                                                                Start time:19:36:48
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                Imagebase:0x7ff72b770000
                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:19
                                                                                                                                                Start time:19:36:50
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:20
                                                                                                                                                Start time:19:36:50
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:21
                                                                                                                                                Start time:19:36:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:22
                                                                                                                                                Start time:19:36:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:23
                                                                                                                                                Start time:19:36:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:24
                                                                                                                                                Start time:19:36:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:25
                                                                                                                                                Start time:19:36:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:26
                                                                                                                                                Start time:19:36:51
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:27
                                                                                                                                                Start time:19:36:52
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:28
                                                                                                                                                Start time:19:36:52
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:29
                                                                                                                                                Start time:19:36:52
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
                                                                                                                                                Imagebase:0x7ff6ed480000
                                                                                                                                                File size:2'304'416 bytes
                                                                                                                                                MD5 hash:D737A64C835D918DBE53B2C7724488FF
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:30
                                                                                                                                                Start time:19:36:52
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:31
                                                                                                                                                Start time:19:36:53
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0
                                                                                                                                                Imagebase:0x7ff6ed480000
                                                                                                                                                File size:2'304'416 bytes
                                                                                                                                                MD5 hash:D737A64C835D918DBE53B2C7724488FF
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:32
                                                                                                                                                Start time:19:36:54
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_gx_splash.exe" --instance-name=0e78e69c624cbcf87c7f299659eb65c0
                                                                                                                                                Imagebase:0x7ff7e8be0000
                                                                                                                                                File size:2'231'200 bytes
                                                                                                                                                MD5 hash:706FE814240C22A6CB09FBF48CB86020
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:33
                                                                                                                                                Start time:19:36:55
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040
                                                                                                                                                Imagebase:0x7ff602c00000
                                                                                                                                                File size:1'508'256 bytes
                                                                                                                                                MD5 hash:F452A15BC7E4392149F6BB2675EAAA59
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:34
                                                                                                                                                Start time:19:36:56
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:35
                                                                                                                                                Start time:19:36:56
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:36
                                                                                                                                                Start time:19:36:56
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\107.0.5045.79\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.79 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffdf2ce9628,0x7ffdf2ce9638,0x7ffdf2ce9648
                                                                                                                                                Imagebase:0x7ff677700000
                                                                                                                                                File size:2'019'744 bytes
                                                                                                                                                MD5 hash:26DF88B2E68E23B60C0EEAB3E29496BB
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:37
                                                                                                                                                Start time:19:36:57
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:38
                                                                                                                                                Start time:19:36:57
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --ran-launcher --instance-name=0e78e69c624cbcf87c7f299659eb65c0 --splash-handle=1040 --lowered-browser
                                                                                                                                                Imagebase:0x7ff602c00000
                                                                                                                                                File size:1'508'256 bytes
                                                                                                                                                MD5 hash:F452A15BC7E4392149F6BB2675EAAA59
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:39
                                                                                                                                                Start time:19:36:57
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
                                                                                                                                                Imagebase:0x7ff631f00000
                                                                                                                                                File size:6'949'792 bytes
                                                                                                                                                MD5 hash:21AD4599ABD2E158DB5128F32D3CC4EE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:40
                                                                                                                                                Start time:19:36:57
                                                                                                                                                Start date:29/03/2024
                                                                                                                                                Path:C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\jxonYJeoGHBcEBBtArQrvhEwKtVoDVDAGPqvUohUoVEGcPnsXlHYZHnvjNxJfSEodCXJXYDjNppAXMAN\rrcsBizXUHISSeck.exe"
                                                                                                                                                Imagebase:0x5a0000
                                                                                                                                                File size:140'800 bytes
                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                Disassembly

                                                                                                                                                No disassembly