Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Analysis ID:	1542661
MD5:	dd700295c9b6ed7ad2962242a699915a
SHA1:	3120ce49211546057dbe9a5af85a29bc34960df6
SHA256:	58ffd6f76e096265ee9600b91fc453493cdda4545d8df939761b24f941947528
Tags:	exe
Infos:

Detection

Score:	42
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	63
Range:	0 - 100

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	ReversingLabs: Detection: 39%
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Virustotal: Detection: 35%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.0% probability

Compliance

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232814717.log			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232816125.log			Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000002.4162875448.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000000.1819406096.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162590590.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000000.1822723889.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831197645.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000004.00000002.1834407152.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000002.4162695690.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000000.1835949486.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162699031.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000000.1839075688.00000000007C8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdbIvcv Uv_CorExeMainmscoree.dll source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr

Spreading

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA8D20 FindFirstFileW,		1_2_00EA8D20
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ECFF9C FindFirstFileExW,FindNextFileW,FindClose,FindClose,		1_2_00ECFF9C

Networking

Yara detected Generic Downloader

Source: Yara match	File source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, type: SAMPLE
Source: Yara match	File source: 0.0.SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe.8e0000.0.unpack, type: UNPACKEDPE

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 82.145.216.20 82.145.216.20
Source: Joe Sandbox View	IP Address: 82.145.217.121 82.145.217.121
Source: Joe Sandbox View	IP Address: 188.130.153.32 188.130.153.32
Source: Joe Sandbox View	IP Address: 104.18.24.17 104.18.24.17

Source: setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp

String found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MainWindow.xaml
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MainWindow.xamld
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://eu.net.opera.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://eu.net.opera.comd
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/MainWindow.xaml
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/MainWindow.xamld
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/mainwindow.baml
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/mainwindow.bamld
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr, Opera_installer_2410260328142573128.dll.3.dr	String found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://net.geo.opera.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://net.geo.opera.comd
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.az-partners.net
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.az-partners.netd
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://www.opera.com0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.savinist.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.savinist.comd
Source: Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.config.opr.gg/
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.config.opr.gg/U
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://api.config.opr.gg/v0/config
Source: setup.exe, 00000002.00000002.4169524441.000000002B630000.00000004.00001000.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB5_3849&utm_medium=pa&utm_source=PWNgames&p
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://api.config.opr.gg/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&cha
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000003.1848610472.000000000108D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://autoupdate.geo.opera.com/
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.opera.com/me/OperaDesktopGXhttps://crashstats-co
Source: setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: setup.exe, 00000002.00000002.4164872783.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64vB
Source: setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.opera.com/A
Source: setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.opera.com/J
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000003.1848610472.000000000108D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.000000000104E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4169524441.000000002B630000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://autoupdate.opera.com/me/
Source: setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.opera.com/me/9406d3c57aa7de97f93900760b88b1cc50a7d676ba9d29c865bf5befe72936eabdd7
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://crashpad.chromium.org/
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: setup.exe, 00000006.00000002.4165080209.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000002.4166670373.000000003C214000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4165036788.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://crashstats-collector-2.opera.com/
Source: setup.exe, 00000003.00000002.4165394585.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4166867459.000000004C614000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4165080209.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4166670373.000000003C214000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--annotation=channel=Stable--annotation=plat=Win32--annotat
Source: setup.exe, 00000006.00000002.4165080209.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--annotatp
Source: setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--database=C:
Source: setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--initial-client-data=0x320
Source: setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--initial-client-data=0x340
Source: setup.exe, 00000003.00000002.4167512042.000000004C66C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167385847.000000003C264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/32--url=https://crashstats-collector-2.opera.com/
Source: setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/https://crashstats-collector-2.opera.com/
Source: setup.exe, 00000006.00000002.4167385847.000000003C264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/s
Source: setup.exe, 00000002.00000003.1848225453.000000000105E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/1x
Source: setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/5y
Source: setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/SysWOW64
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/d
Source: setup.exe, 00000002.00000003.1848225453.000000000105E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryT
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryh
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryy
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/z
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/0
Source: setup.exe, 00000002.00000002.4169469456.000000002B626000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1847911951.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=10000
Source: setup.exe, 00000002.00000002.4170267335.000000002B68C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1pera
Source: setup.exe, 00000002.00000002.4170112555.000000002B678000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4171117599.000000002B718000.00000004.00001000.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://download.opera.com/download/get/?id=68353&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: setup.exe, 00000002.00000002.4170484350.000000002B6B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4170535966.000000002B6B8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1714144780-custom_partner_cont
Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/
Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/114.0.5282.123/win/Opera_GX_114.0.5282.1
Source: setup.exe, 00000002.00000002.4170484350.000000002B6B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/114.0.5282.123/win/Opera_GX_114.0.5282.123_Autoupdat
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/p
Source: setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/
Source: Opera_installer_2410260328142573128.dll.3.dr	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=701b5ff5-b736-4d66-a0
Source: setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/q
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://gamemaker.io
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://gamemaker.io)
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://gamemaker.io/en/education.
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://gamemaker.io/en/get.
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://help.opera.com/latest/
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/eula/computers
Source: setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/privacy
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/privacy.
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/terms
Source: setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/terms.
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-2?utm_source=PWNgames&utm_medium=pa&utm_campai
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://opera.com/privacy
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://policies.google.com/terms;
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: setup.exe, 00000002.00000002.4170848105.000000002B6F4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4171117599.000000002B718000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opg
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://sourcecode.opera.com
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://telegram.org/tos/
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://twitter.com/en/tos;
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.az-partners.net
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.az-partners.net/s/3XgyP
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.az-partners.net/s/dPr71
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.az-partners.net/s/rXLVP
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.az-partners.net/s/rXLVPKO
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.az-partners.net/s/rXLVPcorlib
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.az-partners.net/s/rXLVPlBfq
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://www.opera.com
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://www.opera.com..
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://www.opera.com/gx/
Source: Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://www.opera.com/privacy
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.savinist.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.savinist.com/77PRQFB/KMZXBTT/
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.savinist.com/77PRQFB/KMZXBTT/?sub1=opgx90
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.savinist.com/77PRQFB/KMZXBTT/d
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://www.whatsapp.com/legal;

System Summary

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Process Stats: CPU usage > 49%

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EBEE57	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EAE24E	1_2_00EAE24E
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA4606	1_2_00EA4606
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EAF039	1_2_00EAF039
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA115B	1_2_00EA115B
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA55BB	1_2_00EA55BB
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ED555C	1_2_00ED555C
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69215B50	2_2_69215B50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6923ADE0	2_2_6923ADE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69222E10	2_2_69222E10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69215EB0	2_2_69215EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69288970	2_2_69288970
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F895D	2_2_692F895D
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6923C1A0	2_2_6923C1A0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692FC804	2_2_692FC804
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69279040	2_2_69279040
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692B1880	2_2_692B1880
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692A08E0	2_2_692A08E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692B08E0	2_2_692B08E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69294B60	2_2_69294B60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6928FA00	2_2_6928FA00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6928F2B0	2_2_6928F2B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69295290	2_2_69295290
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69161D10	2_2_69161D10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69286D00	2_2_69286D00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6926FD60	2_2_6926FD60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F3D70	2_2_692F3D70
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6923ADA0	2_2_6923ADA0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692935B0	2_2_692935B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6928D5F0	2_2_6928D5F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69258C40	2_2_69258C40
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F7CCC	2_2_692F7CCC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6931EF6A	2_2_6931EF6A
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692B5620	2_2_692B5620
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6926D650	2_2_6926D650
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69275EB0	2_2_69275EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692FBE80	2_2_692FBE80
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692A8E90	2_2_692A8E90
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6931CEF9	2_2_6931CEF9
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_690876C0	2_2_690876C0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69295EE0	2_2_69295EE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692506D0	2_2_692506D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692896D0	2_2_692896D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A35B50	3_2_68A35B50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A5ADE0	3_2_68A5ADE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A35EB0	3_2_68A35EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A42E10	3_2_68A42E10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A76E50	3_2_68A76E50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AD1880	3_2_68AD1880
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AC08E0	3_2_68AC08E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AD08E0	3_2_68AD08E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B1C804	3_2_68B1C804
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A99040	3_2_68A99040
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A5C1A0	3_2_68A5C1A0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AA8970	3_2_68AA8970
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B1895D	3_2_68B1895D
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AAF2B0	3_2_68AAF2B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AB5290	3_2_68AB5290
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AAFA00	3_2_68AAFA00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AB4B60	3_2_68AB4B60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B17CCC	3_2_68B17CCC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A78C40	3_2_68A78C40
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A5ADA0	3_2_68A5ADA0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AB35B0	3_2_68AB35B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AAD5F0	3_2_68AAD5F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68981D10	3_2_68981D10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AA6D00	3_2_68AA6D00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B13D70	3_2_68B13D70
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A8FD60	3_2_68A8FD60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A95EB0	3_2_68A95EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B1BE80	3_2_68B1BE80
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AC8E90	3_2_68AC8E90
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B3CEF9	3_2_68B3CEF9
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_688A76C0	3_2_688A76C0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AB5EE0	3_2_68AB5EE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A706D0	3_2_68A706D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AA96D0	3_2_68AA96D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AD5620	3_2_68AD5620
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A8D650	3_2_68A8D650
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B3EF6A	3_2_68B3EF6A
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_683F5B50	5_2_683F5B50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6841ADE0	5_2_6841ADE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68402E10	5_2_68402E10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_683F5EB0	5_2_683F5EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68459040	5_2_68459040
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684DC804	5_2_684DC804
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684808E0	5_2_684808E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684908E0	5_2_684908E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68491880	5_2_68491880
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D895D	5_2_684D895D
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68468970	5_2_68468970
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6841C1A0	5_2_6841C1A0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6846FA00	5_2_6846FA00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68475290	5_2_68475290
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6846F2B0	5_2_6846F2B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68474B60	5_2_68474B60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68438C40	5_2_68438C40
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D7CCC	5_2_684D7CCC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68341D10	5_2_68341D10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6844FD60	5_2_6844FD60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D3D70	5_2_684D3D70
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68466D00	5_2_68466D00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6846D5F0	5_2_6846D5F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6841ADA0	5_2_6841ADA0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684735B0	5_2_684735B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6844D650	5_2_6844D650
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68495620	5_2_68495620
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684306D0	5_2_684306D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684696D0	5_2_684696D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68475EE0	5_2_68475EE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684FCEF9	5_2_684FCEF9
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684DBE80	5_2_684DBE80
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68488E90	5_2_68488E90
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_682676C0	5_2_682676C0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68455EB0	5_2_68455EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684FEF6A	5_2_684FEF6A
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DD5EB0	6_2_67DD5EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E16E50	6_2_67E16E50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DE2E10	6_2_67DE2E10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DFADE0	6_2_67DFADE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DD5B50	6_2_67DD5B50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EDEF6A	6_2_67EDEF6A
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67C476C0	6_2_67C476C0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EDCEF9	6_2_67EDCEF9
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E106D0	6_2_67E106D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E496D0	6_2_67E496D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E35EB0	6_2_67E35EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EBBE80	6_2_67EBBE80
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E2D650	6_2_67E2D650
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E75620	6_2_67E75620
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E4D5F0	6_2_67E4D5F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E535B0	6_2_67E535B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DFADA0	6_2_67DFADA0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E2FD60	6_2_67E2FD60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67D21D10	6_2_67D21D10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EB7CCC	6_2_67EB7CCC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E18C40	6_2_67E18C40
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E54B60	6_2_67E54B60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E4F2B0	6_2_67E4F2B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E55290	6_2_67E55290
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E4FA00	6_2_67E4FA00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DFC1A0	6_2_67DFC1A0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EB895D	6_2_67EB895D
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E608E0	6_2_67E608E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E708E0	6_2_67E708E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E71880	6_2_67E71880

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: String function: 00ED9103 appears 91 times
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: String function: 00EC13D0 appears 58 times

PE file contains executable resources (Code or Archives)

Source: setup.exe.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: setup.exe.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4164602573.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000000.1710715399.00000000008E2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameinstaller.exe4 vs SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Binary or memory string: OriginalFilenameinstaller.exe4 vs SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal42.troj.evad.winEXE@13/15@0/10

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 3_2_68B73A80 FormatMessageW,LocalFree,GetLastError,

3_2_68B73A80

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

File created: C:\Users\user\AppData\Roaming\Opera Software

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

File created: C:\Users\user\AppData\Local\Temp\Setup

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: Title	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: BeginPrompt	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: Progress	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: yes	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: RunProgram	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: ExecuteFile	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: InstallPath	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: %%T	1_2_00EBEE57

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	ReversingLabs: Detection: 39%
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Virustotal: Detection: 35%

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: I/installer;component/mainwindow.xaml
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdbIvcv Uv_CorExeMainmscoree.dll

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe -silent --allusers=0 --server-tracking-blob=NDgxZTU0NzEzZjM5NTJlNzM3MzgwMjAyNDc1ZjEwMjFlMTQ2N2E4ZmI3MWNmNDJkYjA0YmQzZTA5MWEzODdhZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInRpbWVzdGFtcCI6IjE3Mjk5MTMyODguOTIxNCIsInVzZXJhZ2VudCI6IkRyaXZlckh1Ykluc3RhbGxlci8zLjQuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g5MCIsImlkIjoiYmI1ZDI3ZDRkZGRmNGZkNTk1NjQ0Mzg3NGNkMWI1MTMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxMTg4ZDNmMi1lMzk2LTRhNzctOTRiOC1jZjBkMGFmMzAxMTMifQ==
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe -silent --allusers=0 --server-tracking-blob=NDgxZTU0NzEzZjM5NTJlNzM3MzgwMjAyNDc1ZjEwMjFlMTQ2N2E4ZmI3MWNmNDJkYjA0YmQzZTA5MWEzODdhZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInRpbWVzdGFtcCI6IjE3Mjk5MTMyODguOTIxNCIsInVzZXJhZ2VudCI6IkRyaXZlckh1Ykluc3RhbGxlci8zLjQuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g5MCIsImlkIjoiYmI1ZDI3ZDRkZGRmNGZkNTk1NjQ0Mzg3NGNkMWI1MTMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxMTg4ZDNmMi1lMzk2LTRhNzctOTRiOC1jZjBkMGFmMzAxMTMifQ==	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000002.4162875448.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000000.1819406096.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162590590.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000000.1822723889.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831197645.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000004.00000002.1834407152.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000002.4162695690.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000000.1835949486.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162699031.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000000.1839075688.00000000007C8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdbIvcv Uv_CorExeMainmscoree.dll source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr

Data Obfuscation

Binary contains a suspicious time stamp

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: 0xEA7751BC [Thu Aug 26 19:10:52 2094 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_69264D90 LoadLibraryW,GetProcAddress,CreateSemaphoreW,

2_2_69264D90

PE file contains an invalid checksum

Source: OperaGXSetup.exe.0.dr

Static PE information: real checksum: 0x32b459 should be: 0x330afd

PE file contains sections with non-standard names

Source: Opera_installer_2410260328139673260.dll.2.dr	Static PE information: section name: .rodata
Source: Opera_installer_2410260328139673260.dll.2.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2410260328139673260.dll.2.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2410260328142573128.dll.3.dr	Static PE information: section name: .rodata
Source: Opera_installer_2410260328142573128.dll.3.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2410260328142573128.dll.3.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2410260328151326808.dll.4.dr	Static PE information: section name: .rodata
Source: Opera_installer_2410260328151326808.dll.4.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2410260328151326808.dll.4.dr	Static PE information: section name: malloc_h
Source: Opera_installer_241026032815625796.dll.5.dr	Static PE information: section name: .rodata
Source: Opera_installer_241026032815625796.dll.5.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_241026032815625796.dll.5.dr	Static PE information: section name: malloc_h
Source: Opera_installer_241026032815935792.dll.6.dr	Static PE information: section name: .rodata
Source: Opera_installer_241026032815935792.dll.6.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_241026032815935792.dll.6.dr	Static PE information: section name: malloc_h

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Code function: 0_2_00F32CB3 pushad ; iretd	0_2_00F32CC1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Code function: 0_2_00F30DE5 pushfd ; iretd	0_2_00F30DE9
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ED90E0 push ecx; ret	1_2_00ED90F3
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ED96C8 push ecx; ret	1_2_00ED96DD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F2E7B push ecx; ret	2_2_692F2E8E
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B12E7B push ecx; ret	3_2_68B12E8E
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D2E7B push ecx; ret	5_2_684D2E8E
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EB2E7B push ecx; ret	6_2_67EB2E8E

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: section name: .text entropy: 7.075629122694568

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	File created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328142573128.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328139673260.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815935792.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328151326808.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815625796.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_package

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232814717.log			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232816125.log			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Memory allocated: F10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Memory allocated: 2D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Memory allocated: 2BB0000 memory reserve \| memory write watch	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_6926B0D0 rdtsc

2_2_6926B0D0

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599780	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598766	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598641	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598516	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598406	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598296	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598063	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597688	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597556	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597203	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596969	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596859	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596641	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596313	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596078	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595969	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595844	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595734	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595516	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595297	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595063	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594843	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594624	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594514	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594406	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Window / User API: threadDelayed 8276			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Window / User API: threadDelayed 1559			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328142573128.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328139673260.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815935792.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328151326808.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815625796.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_package	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	API coverage: 7.9 %
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	API coverage: 7.4 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -29514790517935264s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4856	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599780s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598296s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597813s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597688s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597556s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597438s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594843s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594624s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594514s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594406s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\7zS4052A199 FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\7zS4052A199 FullSizeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA8D20 FindFirstFileW,		1_2_00EA8D20
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ECFF9C FindFirstFileExW,FindNextFileW,FindClose,FindClose,		1_2_00ECFF9C

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EAA419 GetSystemInfo,

1_2_00EAA419

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599780	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598766	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598641	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598516	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598406	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598296	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598063	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597688	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597556	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597203	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596969	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596859	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596641	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596313	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596078	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595969	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595844	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595734	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595516	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595297	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595063	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594843	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594624	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594514	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594406	Jump to behavior

Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWt
Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4164602573.000000000101E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_6926B0D0 rdtsc

2_2_6926B0D0

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EC67CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_00EC67CB

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_69264D90 LoadLibraryW,GetProcAddress,CreateSemaphoreW,

2_2_69264D90

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00ED0FB7 GetProcessHeap,

1_2_00ED0FB7

Enables debug privileges

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EC67CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00EC67CB
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EC0D2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00EC0D2C
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EC162A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00EC162A
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EC17B7 SetUnhandledExceptionFilter,	1_2_00EC17B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69305274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_69305274
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F2738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_692F2738
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B25274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_68B25274
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B12738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_68B12738
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684E5274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_684E5274
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D2738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_684D2738
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EB2738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_67EB2738
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EC5274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_67EC5274

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe -silent --allusers=0 --server-tracking-blob=ndgxztu0nzezzjm5ntjlnzm3mzgwmjayndc1zjewmjflmtq2n2e4zmi3mwnmndjkyja0ymqzzta5mwezoddhztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinrpbwvzdgftcci6ije3mjk5mtmyodguotixncisinvzzxjhz2vudci6ikryaxzlckh1ykluc3rhbgxlci8zljqunsisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g5mcisimlkijoiymi1zdi3zdrkzgrmngzkntk1njq0mzg3ngnkmwi1mtmilcjtzwrpdw0ioijwysisinnvdxjjzsi6ilbxtmdhbwvzin0sinv1awqioiixmtg4zdnmmi1lmzk2ltrhnzctotrioc1jzjbkmgfmmzaxmtmifq==
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "c:\users\user\appdata\local\temp\7zs4052a199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=ndvlnznlogrkoguxodflnzy4mwe0nwmymjc2mmi4mmfimdfimjyzmzq0nwnjm2e1y2uymtg2ota1y2uznwnhndp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtcyotkxmzi4oc45mje0iiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc41iiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bnedkwiiwiawqioijiyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijexodhkm2yylwuzotytnge3ny05ngi4lwnmmgqwywyzmdexmyj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=fc05000000000000
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe -silent --allusers=0 --server-tracking-blob=ndgxztu0nzezzjm5ntjlnzm3mzgwmjayndc1zjewmjflmtq2n2e4zmi3mwnmndjkyja0ymqzzta5mwezoddhztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinrpbwvzdgftcci6ije3mjk5mtmyodguotixncisinvzzxjhz2vudci6ikryaxzlckh1ykluc3rhbgxlci8zljqunsisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g5mcisimlkijoiymi1zdi3zdrkzgrmngzkntk1njq0mzg3ngnkmwi1mtmilcjtzwrpdw0ioijwysisinnvdxjjzsi6ilbxtmdhbwvzin0sinv1awqioiixmtg4zdnmmi1lmzk2ltrhnzctotrioc1jzjbkmgfmmzaxmtmifq==	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "c:\users\user\appdata\local\temp\7zs4052a199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=ndvlnznlogrkoguxodflnzy4mwe0nwmymjc2mmi4mmfimdfimjyzmzq0nwnjm2e1y2uymtg2ota1y2uznwnhndp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtcyotkxmzi4oc45mje0iiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc41iiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bnedkwiiwiawqioijiyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijexodhkm2yylwuzotytnge3ny05ngi4lwnmmgqwywyzmdexmyj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=fc05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74	Jump to behavior

Source: setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: gCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: hCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: iCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: 7hCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EC144A cpuid

1_2_00EC144A

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoEx,FormatMessageA,	1_2_00EC239E
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ECCA14
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,	1_2_00ECCF23
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ED33C1
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ED33C3
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ED34A9
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ED340E
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	1_2_00ED3534
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,	1_2_00ED3787
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	1_2_00ED38B0
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,	1_2_00ED39B6
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	1_2_00ED3A8C
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	2_2_69316910
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_693169B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	2_2_693129ED
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	2_2_693168C5
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_69316237
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	2_2_69316ABD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_69316530
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	2_2_693124AC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	2_2_69316488
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	2_2_69316783
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	2_2_693167F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	3_2_68B368C5
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_68B369B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	3_2_68B329ED
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	3_2_68B36910
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	3_2_68B36ABD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_68B36237
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	3_2_68B324AC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	3_2_68B36488
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	3_2_68B36530
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	3_2_68B36783
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	3_2_68B367F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	5_2_684F68C5
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	5_2_684F6910
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	5_2_684F29ED
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_684F69B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_684F6237
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	5_2_684F6ABD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	5_2_684F6488
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	5_2_684F24AC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	5_2_684F6530
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	5_2_684F67F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	5_2_684F6783
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	6_2_67ED67F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	6_2_67ED6783
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	6_2_67ED6530
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	6_2_67ED24AC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	6_2_67ED6488
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	6_2_67ED6ABD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	6_2_67ED6237
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	6_2_67ED29ED
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	6_2_67ED69B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	6_2_67ED6910
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	6_2_67ED68C5

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EC1821 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

1_2_00EC1821

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_693092BA GetTimeZoneInformation,

2_2_693092BA

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EA1C57 GetVersion,GetModuleHandleW,GetProcAddress,GetSystemDirectoryW,LoadLibraryExW,

1_2_00EA1C57

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
82.145.216.20	unknown	United Kingdom	39832	NO-OPERANO	false
82.145.217.121	unknown	United Kingdom	39832	NO-OPERANO	false
188.130.153.32	unknown	Russian Federation	204846	ROSTPAY-ASRU	false
104.18.24.17	unknown	United States	13335	CLOUDFLARENETUS	false
185.26.182.111	unknown	Norway	39832	NO-OPERANO	false
185.26.182.123	unknown	Norway	39832	NO-OPERANO	false
104.18.10.89	unknown	United States	13335	CLOUDFLARENETUS	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
185.26.182.106	unknown	Norway	39832	NO-OPERANO	false
82.145.216.23	unknown	United Kingdom	39832	NO-OPERANO	false

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	ReversingLabs: Detection: 39%
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Virustotal: Detection: 35%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.0% probability

Compliance

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232814717.log			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232816125.log			Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000002.4162875448.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000000.1819406096.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162590590.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000000.1822723889.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831197645.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000004.00000002.1834407152.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000002.4162695690.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000000.1835949486.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162699031.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000000.1839075688.00000000007C8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdbIvcv Uv_CorExeMainmscoree.dll source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr

Spreading

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA8D20 FindFirstFileW,		1_2_00EA8D20
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ECFF9C FindFirstFileExW,FindNextFileW,FindClose,FindClose,		1_2_00ECFF9C

Networking

Yara detected Generic Downloader

Source: Yara match	File source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, type: SAMPLE
Source: Yara match	File source: 0.0.SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe.8e0000.0.unpack, type: UNPACKEDPE

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 82.145.216.20 82.145.216.20
Source: Joe Sandbox View	IP Address: 82.145.217.121 82.145.217.121
Source: Joe Sandbox View	IP Address: 188.130.153.32 188.130.153.32
Source: Joe Sandbox View	IP Address: 104.18.24.17 104.18.24.17

Source: setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MainWindow.xaml
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MainWindow.xamld
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://eu.net.opera.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://eu.net.opera.comd
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/MainWindow.xaml
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/MainWindow.xamld
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/mainwindow.baml
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/mainwindow.bamld
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr, Opera_installer_2410260328142573128.dll.3.dr	String found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://net.geo.opera.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://net.geo.opera.comd
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.az-partners.net
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.az-partners.netd
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F38000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814509951.0000000004330000.00000004.00001000.00020000.00000000.sdmp, OperaGXSetup.exe, 00000001.00000003.1814357154.0000000004170000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1829140067.0000000003B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: http://www.opera.com0
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.savinist.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.savinist.comd
Source: Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.config.opr.gg/
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.config.opr.gg/U
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://api.config.opr.gg/v0/config
Source: setup.exe, 00000002.00000002.4169524441.000000002B630000.00000004.00001000.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB5_3849&utm_medium=pa&utm_source=PWNgames&p
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://api.config.opr.gg/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&cha
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000003.1848610472.000000000108D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://autoupdate.geo.opera.com/
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.opera.com/me/OperaDesktopGXhttps://crashstats-co
Source: setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: setup.exe, 00000002.00000002.4164872783.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64vB
Source: setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.opera.com/A
Source: setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.opera.com/J
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4164872783.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000003.1848610472.000000000108D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.000000000104E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4169524441.000000002B630000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://autoupdate.opera.com/me/
Source: setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.opera.com/me/9406d3c57aa7de97f93900760b88b1cc50a7d676ba9d29c865bf5befe72936eabdd7
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://crashpad.chromium.org/
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: setup.exe, 00000006.00000002.4165080209.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000002.4166670373.000000003C214000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4165036788.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://crashstats-collector-2.opera.com/
Source: setup.exe, 00000003.00000002.4165394585.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.4166867459.000000004C614000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4165080209.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4166670373.000000003C214000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--annotation=channel=Stable--annotation=plat=Win32--annotat
Source: setup.exe, 00000006.00000002.4165080209.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--annotatp
Source: setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--database=C:
Source: setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--initial-client-data=0x320
Source: setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/--initial-client-data=0x340
Source: setup.exe, 00000003.00000002.4167512042.000000004C66C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167385847.000000003C264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/32--url=https://crashstats-collector-2.opera.com/
Source: setup.exe, 00000003.00000002.4167794728.000000004C6A4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.4167646845.000000003C2A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/https://crashstats-collector-2.opera.com/
Source: setup.exe, 00000006.00000002.4167385847.000000003C264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector-2.opera.com/s
Source: setup.exe, 00000002.00000003.1848225453.000000000105E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/1x
Source: setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/5y
Source: setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/SysWOW64
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/d
Source: setup.exe, 00000002.00000003.1848225453.000000000105E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848225453.000000000108A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryT
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.00000000010D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryh
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryy
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/z
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/0
Source: setup.exe, 00000002.00000002.4169469456.000000002B626000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1847911951.00000000010BE000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: setup.exe, 00000002.00000002.4170191233.000000002B67C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=10000
Source: setup.exe, 00000002.00000002.4170267335.000000002B68C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1pera
Source: setup.exe, 00000002.00000002.4170112555.000000002B678000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4171117599.000000002B718000.00000004.00001000.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://download.opera.com/download/get/?id=68353&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: setup.exe, 00000002.00000002.4170484350.000000002B6B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4170535966.000000002B6B8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1714144780-custom_partner_cont
Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/
Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/114.0.5282.123/win/Opera_GX_114.0.5282.1
Source: setup.exe, 00000002.00000002.4170484350.000000002B6B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/114.0.5282.123/win/Opera_GX_114.0.5282.123_Autoupdat
Source: setup.exe, 00000002.00000002.4168960721.0000000004980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/p
Source: setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/
Source: Opera_installer_2410260328142573128.dll.3.dr	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: setup.exe, 00000002.00000003.1878164849.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, opera_installer_20241025232814717.log.2.dr	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=701b5ff5-b736-4d66-a0
Source: setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/q
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://gamemaker.io
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://gamemaker.io)
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://gamemaker.io/en/education.
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://gamemaker.io/en/get.
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://help.opera.com/latest/
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/eula/computers
Source: setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/privacy
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/privacy.
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/terms
Source: setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://legal.opera.com/terms.
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-2?utm_source=PWNgames&utm_medium=pa&utm_campai
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://opera.com/privacy
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://policies.google.com/terms;
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: setup.exe, 00000002.00000002.4170848105.000000002B6F4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4171117599.000000002B718000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opg
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://sourcecode.opera.com
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://telegram.org/tos/
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://twitter.com/en/tos;
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002E9A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.az-partners.net
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.az-partners.net/s/3XgyP
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.az-partners.net/s/dPr71
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.az-partners.net/s/rXLVP
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.az-partners.net/s/rXLVPKO
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.az-partners.net/s/rXLVPcorlib
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.az-partners.net/s/rXLVPlBfq
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://www.opera.com
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://www.opera.com..
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://www.opera.com/gx/
Source: Opera_installer_2410260328151326808.dll.4.dr	String found in binary or memory: https://www.opera.com/privacy
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.savinist.com
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.savinist.com/77PRQFB/KMZXBTT/
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.savinist.com/77PRQFB/KMZXBTT/?sub1=opgx90
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4166284480.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.savinist.com/77PRQFB/KMZXBTT/d
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://www.whatsapp.com/legal;

System Summary

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Process Stats: CPU usage > 49%

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EBEE57	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EAE24E	1_2_00EAE24E
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA4606	1_2_00EA4606
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EAF039	1_2_00EAF039
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA115B	1_2_00EA115B
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA55BB	1_2_00EA55BB
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ED555C	1_2_00ED555C
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69215B50	2_2_69215B50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6923ADE0	2_2_6923ADE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69222E10	2_2_69222E10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69215EB0	2_2_69215EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69288970	2_2_69288970
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F895D	2_2_692F895D
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6923C1A0	2_2_6923C1A0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692FC804	2_2_692FC804
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69279040	2_2_69279040
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692B1880	2_2_692B1880
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692A08E0	2_2_692A08E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692B08E0	2_2_692B08E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69294B60	2_2_69294B60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6928FA00	2_2_6928FA00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6928F2B0	2_2_6928F2B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69295290	2_2_69295290
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69161D10	2_2_69161D10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69286D00	2_2_69286D00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6926FD60	2_2_6926FD60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F3D70	2_2_692F3D70
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6923ADA0	2_2_6923ADA0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692935B0	2_2_692935B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6928D5F0	2_2_6928D5F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69258C40	2_2_69258C40
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F7CCC	2_2_692F7CCC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6931EF6A	2_2_6931EF6A
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692B5620	2_2_692B5620
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6926D650	2_2_6926D650
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69275EB0	2_2_69275EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692FBE80	2_2_692FBE80
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692A8E90	2_2_692A8E90
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_6931CEF9	2_2_6931CEF9
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_690876C0	2_2_690876C0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69295EE0	2_2_69295EE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692506D0	2_2_692506D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692896D0	2_2_692896D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A35B50	3_2_68A35B50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A5ADE0	3_2_68A5ADE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A35EB0	3_2_68A35EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A42E10	3_2_68A42E10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A76E50	3_2_68A76E50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AD1880	3_2_68AD1880
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AC08E0	3_2_68AC08E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AD08E0	3_2_68AD08E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B1C804	3_2_68B1C804
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A99040	3_2_68A99040
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A5C1A0	3_2_68A5C1A0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AA8970	3_2_68AA8970
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B1895D	3_2_68B1895D
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AAF2B0	3_2_68AAF2B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AB5290	3_2_68AB5290
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AAFA00	3_2_68AAFA00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AB4B60	3_2_68AB4B60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B17CCC	3_2_68B17CCC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A78C40	3_2_68A78C40
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A5ADA0	3_2_68A5ADA0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AB35B0	3_2_68AB35B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AAD5F0	3_2_68AAD5F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68981D10	3_2_68981D10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AA6D00	3_2_68AA6D00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B13D70	3_2_68B13D70
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A8FD60	3_2_68A8FD60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A95EB0	3_2_68A95EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B1BE80	3_2_68B1BE80
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AC8E90	3_2_68AC8E90
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B3CEF9	3_2_68B3CEF9
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_688A76C0	3_2_688A76C0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AB5EE0	3_2_68AB5EE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A706D0	3_2_68A706D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AA96D0	3_2_68AA96D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68AD5620	3_2_68AD5620
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68A8D650	3_2_68A8D650
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B3EF6A	3_2_68B3EF6A
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_683F5B50	5_2_683F5B50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6841ADE0	5_2_6841ADE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68402E10	5_2_68402E10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_683F5EB0	5_2_683F5EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68459040	5_2_68459040
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684DC804	5_2_684DC804
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684808E0	5_2_684808E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684908E0	5_2_684908E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68491880	5_2_68491880
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D895D	5_2_684D895D
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68468970	5_2_68468970
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6841C1A0	5_2_6841C1A0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6846FA00	5_2_6846FA00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68475290	5_2_68475290
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6846F2B0	5_2_6846F2B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68474B60	5_2_68474B60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68438C40	5_2_68438C40
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D7CCC	5_2_684D7CCC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68341D10	5_2_68341D10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6844FD60	5_2_6844FD60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D3D70	5_2_684D3D70
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68466D00	5_2_68466D00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6846D5F0	5_2_6846D5F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6841ADA0	5_2_6841ADA0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684735B0	5_2_684735B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_6844D650	5_2_6844D650
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68495620	5_2_68495620
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684306D0	5_2_684306D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684696D0	5_2_684696D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68475EE0	5_2_68475EE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684FCEF9	5_2_684FCEF9
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684DBE80	5_2_684DBE80
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68488E90	5_2_68488E90
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_682676C0	5_2_682676C0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_68455EB0	5_2_68455EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684FEF6A	5_2_684FEF6A
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DD5EB0	6_2_67DD5EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E16E50	6_2_67E16E50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DE2E10	6_2_67DE2E10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DFADE0	6_2_67DFADE0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DD5B50	6_2_67DD5B50
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EDEF6A	6_2_67EDEF6A
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67C476C0	6_2_67C476C0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EDCEF9	6_2_67EDCEF9
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E106D0	6_2_67E106D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E496D0	6_2_67E496D0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E35EB0	6_2_67E35EB0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EBBE80	6_2_67EBBE80
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E2D650	6_2_67E2D650
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E75620	6_2_67E75620
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E4D5F0	6_2_67E4D5F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E535B0	6_2_67E535B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DFADA0	6_2_67DFADA0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E2FD60	6_2_67E2FD60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67D21D10	6_2_67D21D10
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EB7CCC	6_2_67EB7CCC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E18C40	6_2_67E18C40
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E54B60	6_2_67E54B60
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E4F2B0	6_2_67E4F2B0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E55290	6_2_67E55290
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E4FA00	6_2_67E4FA00
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67DFC1A0	6_2_67DFC1A0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EB895D	6_2_67EB895D
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E608E0	6_2_67E608E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E708E0	6_2_67E708E0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67E71880	6_2_67E71880

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: String function: 00ED9103 appears 91 times
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: String function: 00EC13D0 appears 58 times

PE file contains executable resources (Code or Archives)

Source: setup.exe.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: setup.exe.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4164602573.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000000.1710715399.00000000008E2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameinstaller.exe4 vs SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Binary or memory string: OriginalFilenameinstaller.exe4 vs SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal42.troj.evad.winEXE@13/15@0/10

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 3_2_68B73A80 FormatMessageW,LocalFree,GetLastError,

3_2_68B73A80

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

File created: C:\Users\user\AppData\Roaming\Opera Software

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

File created: C:\Users\user\AppData\Local\Temp\Setup

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: Title	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: BeginPrompt	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: Progress	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: yes	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: RunProgram	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: ExecuteFile	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: InstallPath	1_2_00EBEE57
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Command line argument: %%T	1_2_00EBEE57

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	ReversingLabs: Detection: 39%
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Virustotal: Detection: 35%

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: I/installer;component/mainwindow.xaml
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	String found in binary or memory: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdbIvcv Uv_CorExeMainmscoree.dll

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe -silent --allusers=0 --server-tracking-blob=NDgxZTU0NzEzZjM5NTJlNzM3MzgwMjAyNDc1ZjEwMjFlMTQ2N2E4ZmI3MWNmNDJkYjA0YmQzZTA5MWEzODdhZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInRpbWVzdGFtcCI6IjE3Mjk5MTMyODguOTIxNCIsInVzZXJhZ2VudCI6IkRyaXZlckh1Ykluc3RhbGxlci8zLjQuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g5MCIsImlkIjoiYmI1ZDI3ZDRkZGRmNGZkNTk1NjQ0Mzg3NGNkMWI1MTMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxMTg4ZDNmMi1lMzk2LTRhNzctOTRiOC1jZjBkMGFmMzAxMTMifQ==
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe -silent --allusers=0 --server-tracking-blob=NDgxZTU0NzEzZjM5NTJlNzM3MzgwMjAyNDc1ZjEwMjFlMTQ2N2E4ZmI3MWNmNDJkYjA0YmQzZTA5MWEzODdhZTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInRpbWVzdGFtcCI6IjE3Mjk5MTMyODguOTIxNCIsInVzZXJhZ2VudCI6IkRyaXZlckh1Ykluc3RhbGxlci8zLjQuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g5MCIsImlkIjoiYmI1ZDI3ZDRkZGRmNGZkNTk1NjQ0Mzg3NGNkMWI1MTMiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIxMTg4ZDNmMi1lMzk2LTRhNzctOTRiOC1jZjBkMGFmMzAxMTMifQ==	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdb source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000002.4162875448.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000002.00000000.1819406096.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162590590.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000000.1822723889.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000004.00000000.1831197645.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000004.00000002.1834407152.00000000006B8000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000002.4162695690.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000000.1835949486.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4162699031.00000000007C8000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000006.00000000.1839075688.00000000007C8000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\Projects\misleading-installer\dynamic installer\obj\Release\installer.pdbIvcv Uv_CorExeMainmscoree.dll source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4162693969.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp, setup.exe, 00000004.00000000.1831251552.00000000006CA000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000005.00000000.1836004623.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000005.00000002.4165759347.0000000003010000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000006.00000002.4162907839.00000000007DA000.00000002.00000001.01000000.00000008.sdmp, Opera_installer_2410260328151326808.dll.4.dr

Data Obfuscation

Binary contains a suspicious time stamp

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: 0xEA7751BC [Thu Aug 26 19:10:52 2094 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_69264D90 LoadLibraryW,GetProcAddress,CreateSemaphoreW,

2_2_69264D90

PE file contains an invalid checksum

Source: OperaGXSetup.exe.0.dr

Static PE information: real checksum: 0x32b459 should be: 0x330afd

PE file contains sections with non-standard names

Source: Opera_installer_2410260328139673260.dll.2.dr	Static PE information: section name: .rodata
Source: Opera_installer_2410260328139673260.dll.2.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2410260328139673260.dll.2.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2410260328142573128.dll.3.dr	Static PE information: section name: .rodata
Source: Opera_installer_2410260328142573128.dll.3.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2410260328142573128.dll.3.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2410260328151326808.dll.4.dr	Static PE information: section name: .rodata
Source: Opera_installer_2410260328151326808.dll.4.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2410260328151326808.dll.4.dr	Static PE information: section name: malloc_h
Source: Opera_installer_241026032815625796.dll.5.dr	Static PE information: section name: .rodata
Source: Opera_installer_241026032815625796.dll.5.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_241026032815625796.dll.5.dr	Static PE information: section name: malloc_h
Source: Opera_installer_241026032815935792.dll.6.dr	Static PE information: section name: .rodata
Source: Opera_installer_241026032815935792.dll.6.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_241026032815935792.dll.6.dr	Static PE information: section name: malloc_h

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Code function: 0_2_00F32CB3 pushad ; iretd	0_2_00F32CC1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Code function: 0_2_00F30DE5 pushfd ; iretd	0_2_00F30DE9
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ED90E0 push ecx; ret	1_2_00ED90F3
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ED96C8 push ecx; ret	1_2_00ED96DD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F2E7B push ecx; ret	2_2_692F2E8E
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B12E7B push ecx; ret	3_2_68B12E8E
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D2E7B push ecx; ret	5_2_684D2E8E
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EB2E7B push ecx; ret	6_2_67EB2E8E

Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Static PE information: section name: .text entropy: 7.075629122694568

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	File created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328142573128.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328139673260.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815935792.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328151326808.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	File created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815625796.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_package

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232814717.log			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232816125.log			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Memory allocated: F10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Memory allocated: 2D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Memory allocated: 2BB0000 memory reserve \| memory write watch	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_6926B0D0 rdtsc

2_2_6926B0D0

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599780	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598766	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598641	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598516	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598406	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598296	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598063	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597688	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597556	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597203	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596969	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596859	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596641	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596313	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596078	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595969	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595844	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595734	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595516	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595297	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595063	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594843	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594624	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594514	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594406	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Window / User API: threadDelayed 8276			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Window / User API: threadDelayed 1559			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328142573128.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328139673260.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815935792.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328151326808.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815625796.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_package	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	API coverage: 7.9 %
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	API coverage: 7.4 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -29514790517935264s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4856	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599780s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -599094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598296s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -598063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597813s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597688s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597556s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597438s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -597094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -596078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -595063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594843s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594624s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594514s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe TID: 4412	Thread sleep time: -594406s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\7zS4052A199 FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\7zS4052A199 FullSizeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EA8D20 FindFirstFileW,		1_2_00EA8D20
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00ECFF9C FindFirstFileExW,FindNextFileW,FindClose,FindClose,		1_2_00ECFF9C

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EAA419 GetSystemInfo,

1_2_00EAA419

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599780	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599672	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599203	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598766	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598641	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598516	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598406	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598296	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 598063	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597813	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597688	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597556	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597438	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597313	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597203	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 597094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596969	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596859	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596750	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596641	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596531	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596313	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 596078	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595969	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595844	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595734	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595516	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595297	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 595063	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594843	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594624	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594514	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Thread delayed: delay time: 594406	Jump to behavior

Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWt
Source: setup.exe, 00000002.00000002.4164872783.00000000010A1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4164872783.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1848610472.00000000010A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe, 00000000.00000002.4164602573.000000000101E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_6926B0D0 rdtsc

2_2_6926B0D0

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EC67CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_00EC67CB

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_69264D90 LoadLibraryW,GetProcAddress,CreateSemaphoreW,

2_2_69264D90

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00ED0FB7 GetProcessHeap,

1_2_00ED0FB7

Enables debug privileges

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EC67CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00EC67CB
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EC0D2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00EC0D2C
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EC162A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00EC162A
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: 1_2_00EC17B7 SetUnhandledExceptionFilter,	1_2_00EC17B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_69305274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_69305274
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 2_2_692F2738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_692F2738
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B25274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_68B25274
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 3_2_68B12738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_68B12738
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684E5274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_684E5274
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 5_2_684D2738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_684D2738
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EB2738 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_67EB2738
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: 6_2_67EC5274 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_67EC5274

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe	Process created: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe "C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe" -silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=NDVlNzNlOGRkOGUxODFlNzY4MWE0NWMyMjc2MmI4MmFiMDFiMjYzMzQ0NWNjM2E1Y2UyMTg2OTA1Y2UzNWNhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1iYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyZ1dG1fY29udGVudD0zODQ5X29wZ3g5MCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyOTkxMzI4OC45MjE0IiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDkwIiwiaWQiOiJiYjVkMjdkNGRkZGY0ZmQ1OTU2NDQzODc0Y2QxYjUxMyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjExODhkM2YyLWUzOTYtNGE3Ny05NGI4LWNmMGQwYWYzMDExMyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=FC05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe -silent --allusers=0 --server-tracking-blob=ndgxztu0nzezzjm5ntjlnzm3mzgwmjayndc1zjewmjflmtq2n2e4zmi3mwnmndjkyja0ymqzzta5mwezoddhztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinrpbwvzdgftcci6ije3mjk5mtmyodguotixncisinvzzxjhz2vudci6ikryaxzlckh1ykluc3rhbgxlci8zljqunsisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g5mcisimlkijoiymi1zdi3zdrkzgrmngzkntk1njq0mzg3ngnkmwi1mtmilcjtzwrpdw0ioijwysisinnvdxjjzsi6ilbxtmdhbwvzin0sinv1awqioiixmtg4zdnmmi1lmzk2ltrhnzctotrioc1jzjbkmgfmmzaxmtmifq==
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "c:\users\user\appdata\local\temp\7zs4052a199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=ndvlnznlogrkoguxodflnzy4mwe0nwmymjc2mmi4mmfimdfimjyzmzq0nwnjm2e1y2uymtg2ota1y2uznwnhndp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtcyotkxmzi4oc45mje0iiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc41iiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bnedkwiiwiawqioijiyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijexodhkm2yylwuzotytnge3ny05ngi4lwnmmgqwywyzmdexmyj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=fc05000000000000
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe -silent --allusers=0 --server-tracking-blob=ndgxztu0nzezzjm5ntjlnzm3mzgwmjayndc1zjewmjflmtq2n2e4zmi3mwnmndjkyja0ymqzzta5mwezoddhztp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinrpbwvzdgftcci6ije3mjk5mtmyodguotixncisinvzzxjhz2vudci6ikryaxzlckh1ykluc3rhbgxlci8zljqunsisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g5mcisimlkijoiymi1zdi3zdrkzgrmngzkntk1njq0mzg3ngnkmwi1mtmilcjtzwrpdw0ioijwysisinnvdxjjzsi6ilbxtmdhbwvzin0sinv1awqioiixmtg4zdnmmi1lmzk2ltrhnzctotrioc1jzjbkmgfmmzaxmtmifq==	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x69478c5c,0x69478c68,0x69478c74	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe "c:\users\user\appdata\local\temp\7zs4052a199\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3260 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20241025232815" --session-guid=b3083e74-a52a-4920-aa0f-d32d81e99406 --server-tracking-blob=ndvlnznlogrkoguxodflnzy4mwe0nwmymjc2mmi4mmfimdfimjyzmzq0nwnjm2e1y2uymtg2ota1y2uznwnhndp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1iyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyz1dg1fy29udgvudd0zodq5x29wz3g5mcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtcyotkxmzi4oc45mje0iiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc41iiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bnedkwiiwiawqioijiyjvkmjdkngrkzgy0zmq1otu2ndqzodc0y2qxyjuxmyisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6ijexodhkm2yylwuzotytnge3ny05ngi4lwnmmgqwywyzmdexmyj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=fc05000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe c:\users\user\appdata\local\temp\7zs4052a199\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x340,0x344,0x348,0x308,0x34c,0x68658c5c,0x68658c68,0x68658c74	Jump to behavior

Source: setup.exe, 00000006.00000002.4169522959.0000000067F9C000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: gCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: OperaGXSetup.exe, 00000001.00000003.1814552874.00000000034D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.4166177103.0000000003020000.00000002.00000001.00040000.00000008.sdmp, setup.exe, 00000002.00000000.1819454363.00000000007DA000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: setup.exe, 00000003.00000002.4169268470.0000000068BFC000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: hCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: setup.exe, 00000002.00000002.4172397313.00000000693DC000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: iCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: setup.exe, 00000005.00000002.4171138400.00000000685BC000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: 7hCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EC144A cpuid

1_2_00EC144A

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoEx,FormatMessageA,	1_2_00EC239E
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ECCA14
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,	1_2_00ECCF23
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ED33C1
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ED33C3
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ED34A9
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: EnumSystemLocalesW,	1_2_00ED340E
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	1_2_00ED3534
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,	1_2_00ED3787
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	1_2_00ED38B0
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetLocaleInfoW,	1_2_00ED39B6
Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	1_2_00ED3A8C
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	2_2_69316910
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_693169B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	2_2_693129ED
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	2_2_693168C5
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_69316237
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	2_2_69316ABD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_69316530
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	2_2_693124AC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	2_2_69316488
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	2_2_69316783
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	2_2_693167F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	3_2_68B368C5
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_68B369B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	3_2_68B329ED
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	3_2_68B36910
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	3_2_68B36ABD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_68B36237
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	3_2_68B324AC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	3_2_68B36488
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	3_2_68B36530
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	3_2_68B36783
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	3_2_68B367F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	5_2_684F68C5
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	5_2_684F6910
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	5_2_684F29ED
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_684F69B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_684F6237
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	5_2_684F6ABD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	5_2_684F6488
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	5_2_684F24AC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	5_2_684F6530
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	5_2_684F67F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	5_2_684F6783
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	6_2_67ED67F0
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	6_2_67ED6783
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	6_2_67ED6530
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	6_2_67ED24AC
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	6_2_67ED6488
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	6_2_67ED6ABD
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	6_2_67ED6237
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	6_2_67ED29ED
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	6_2_67ED69B7
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: GetLocaleInfoW,	6_2_67ED6910
Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	Code function: EnumSystemLocalesW,	6_2_67ED68C5

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EC1821 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

1_2_00EC1821

Source: C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe

Code function: 2_2_693092BA GetTimeZoneInformation,

2_2_693092BA

Source: C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe

Code function: 1_2_00EA1C57 GetVersion,GetModuleHandleW,GetProcAddress,GetSystemDirectoryW,LoadLibraryExW,

1_2_00EA1C57

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1542661
Product:	CloudBasic
Start time:	05:27:07
Start date:	26.10.2024
Sample:	SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	dd700295c9b6ed7ad2962242a699915a
SHA1:	3120ce49211546057dbe9a5af85a29bc34960df6
SHA256:	58ffd6f76e096265ee9600b91fc453493cdda4545d8df939761b24f941947528
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\features[1].json	JSON data	E297CF33FDD2A49EB648484FEA3912A4	BF313E34E9B33731EBA607CE8AE0762BA6BE8EE9	B9D5DB235003326AEAA41D3ACCBD9F7137A0CDDDC7A19CCA6729A937E3DBE796
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	0CE2684434D35F00B4573D4FE617CAA3	75F4C579247DB37EAD5F714C739936632C9D50CB	2D7B815D995FEEA965E11E0A3BC0A82D6BC12751B954247FCF521891E148F261
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410252328151\opera_package	PE32 executable (GUI) Intel 80386, for MS Windows	0CE2684434D35F00B4573D4FE617CAA3	75F4C579247DB37EAD5F714C739936632C9D50CB	2D7B815D995FEEA965E11E0A3BC0A82D6BC12751B954247FCF521891E148F261
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	A910474AAD1EEA96921D359E1763D2FD	8F663C05861CE93A1418607BD208C21DC7263237	5354A7FA4EF330546D79E1EA02C456084400D0B47D52AAA43B088340981F461E
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232814717.log	ASCII text, with very long lines (1849)	28F4680B540EB0B22A34D5982E226CDA	66E755B05D2DB2C9D2BBF6E4C860CE5770223E48	D1EB92348B1AA038CC2B940F98DA4384A3F894DAB557936E691B323D95A368AB
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241025232816125.log	ASCII text, with very long lines (1814)	6EBE22F16F2880EF8EDF5B5E515216FB	40F6BFD83BA1EFEBE40CD0B28470A4AD59BFE4C2	DD0C82F21E6392325CA4AA50D8523D17B4D32CA95DF5E19F8650A4BA9A78544B
C:\Users\user\AppData\Local\Temp\7zS4052A199\setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	A910474AAD1EEA96921D359E1763D2FD	8F663C05861CE93A1418607BD208C21DC7263237	5354A7FA4EF330546D79E1EA02C456084400D0B47D52AAA43B088340981F461E
C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328139673260.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	94A99783BF5A9AEB8A0C8ADCBB144AC8	F5682606D1A3774A44D58A42391533899578897B	5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328142573128.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	94A99783BF5A9AEB8A0C8ADCBB144AC8	F5682606D1A3774A44D58A42391533899578897B	5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
C:\Users\user\AppData\Local\Temp\Opera_installer_2410260328151326808.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	94A99783BF5A9AEB8A0C8ADCBB144AC8	F5682606D1A3774A44D58A42391533899578897B	5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815625796.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	94A99783BF5A9AEB8A0C8ADCBB144AC8	F5682606D1A3774A44D58A42391533899578897B	5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
C:\Users\user\AppData\Local\Temp\Opera_installer_241026032815935792.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	94A99783BF5A9AEB8A0C8ADCBB144AC8	F5682606D1A3774A44D58A42391533899578897B	5D8ACD8032A3F3147B50E88DD1141312F9232F46EE0CB9487EFAE3C23545A0E9
C:\Users\user\AppData\Local\Temp\Setup\OperaGXSetup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	19A137A73201F9C451ACF5491070FAE1	D8CBBF7A4CAB803C0576F83A2ECE25CEBA6566A2	8A7A5C2FEFA12D5CFCFC01EEF47FD9AF709131D6CF13E639F920753A73347356
C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat	data	E3A0F495DF79A0EDE0601D13A5197795	EF6A0DF637E65E37C7DB291EC1E861B8A3E97C7C	97B4E9364BF3ADF526CCC43BBFD182C6C3CDF7B03CC91208667A89DA0474FBB9
\Device\Mailslot\opera_installer\C:\Users\user\AppData\Local\Programs\Opera GX	data	B8F4AE17649F67195291A85DE16B561D	1800356941EAFADF247EA9932A02FFEC6C4E4B4C	0FD98AA12C34794DABD32375F4B14B207D4840359AB571D278D2ED490BDDE75A

Windows Analysis Report SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exe