Windows Analysis Report
SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe

Overview

General Information

Sample name: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe
Analysis ID: 1544572
MD5: 2a3b7cf9d36c8e04db084638fd066ad5
SHA1: 6e25322226e38e6e921cfacb631556cf66dd5b06
SHA256: 1e5bc37886c1983546bcd39efce0d4bd05b88f57da45686b48a375676c43bc4e
Tags: exe
Infos:

Detection

Score: 34
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Compliance

Score: 49
Range: 0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Contains functionality to register a low level keyboard hook
Found direct / indirect Syscall (likely to bypass EDR)
Installs a global event hook (focus changed)
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to download and execute PE files
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Stores large binary data to the registry
Tries to disable installed Antivirus / HIPS / PFW
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match
query blbeacon for getting browser version

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe ReversingLabs: Detection: 36%
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_d3e9229a-c
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_autoupdate.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_gx_splash.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\launcher.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\notification_helper.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer_helper_64.exe Jump to behavior

Compliance
barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_autoupdate.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_gx_splash.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\launcher.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\notification_helper.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe EXE: opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe EXE: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer_helper_64.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 114.0.5282.123
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241029103711306.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241029103713177.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20241029103753.log Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241029103832254.log
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: certificate valid
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000D.00000000.2699731841.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000D.00000002.2701948120.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000002.2702702953.0000000000385000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 0000001C.00000000.3147832863.00007FF627F7B000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3258373442.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000000.2268937215.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276417846.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000000.2272096796.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000000.2277827487.0000000000738000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000006.00000002.2281279697.0000000000738000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287434715.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000002.3218691525.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000000.2291188941.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227479724.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215572174.00007FF6E5804000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000000.3078708913.00007FF6E5804000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000002.3221323048.00007FF6E5804000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081813108.00007FF6E5804000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EwdhIsAfAL.exe, 00000013.00000000.3134208758.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000015.00000000.3136135528.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000016.00000000.3137495821.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000017.00000000.3138835530.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000018.00000000.3139903179.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000019.00000000.3140958934.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 0000001A.00000000.3142098587.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 0000001B.00000000.3145686226.000000000011E000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Boo\Code\_Offergate\OperaGXInstaller\Build-x64-Release\OperaGXInstaller.pdb source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2263364502.00007FF73CC63000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000000.2164793741.00007FF73CC63000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_autoupdate.exe.pdb source: installer.exe, 0000000F.00000003.3089669286.0000025C726A5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Boo\Code\_Offergate\OperaGXInstaller\Build-x64-Release\OperaGXInstaller.pdb source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2263364502.00007FF73CC63000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000000.2164793741.00007FF73CC63000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000D.00000000.2699731841.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000D.00000002.2701948120.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000002.2702702953.0000000000385000.00000002.00000001.01000000.00000011.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC59394 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF73CC59394
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D08D20 FindFirstFileW, 3_2_00D08D20
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D2FEEB FindFirstFileExW, 3_2_00D2FEEB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime, 12_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z, 12_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00259120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW, 13_2_00259120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002E9AE2 FindFirstFileExW, 13_2_002E9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00259120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW, 14_2_00259120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002E9AE2 FindFirstFileExW, 14_2_002E9AE2
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\Local\Programs\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437126772788.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\done Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\ Jump to behavior
Contains functionality to download and execute PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC42FA0 SHGetFolderPathW,SHCreateDirectoryExW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,URLDownloadToFileW,ShellExecuteW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF73CC42FA0
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 82.145.217.121 82.145.217.121
Source: Joe Sandbox View IP Address: 82.145.216.20 82.145.216.20
Source: Joe Sandbox View IP Address: 82.145.216.19 82.145.216.19
Source: Joe Sandbox View IP Address: 185.26.182.111 185.26.182.111
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC42FA0 SHGetFolderPathW,SHCreateDirectoryExW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,URLDownloadToFileW,ShellExecuteW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF73CC42FA0
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: "favicon_url": "https://www.rambler.ru/favicon.ico", equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: "favicon_url": "https://www.yahoo.co.jp/favicon.ico", equals www.yahoo.com (Yahoo)
Source: installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250266492.000002269FE5A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEDD000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2268290561.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621165504.000000003F94C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621127258.000000003FA98000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: setup.exe, 00000004.00000003.3253008231.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: explorer.exe, 00000012.00000000.3107242903.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.3107242903.000000000978C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685766507.000000000489A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250266492.000002269FE5A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEDD000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621165504.000000003F94C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621127258.000000003FA98000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000F94000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: setup.exe, 00000004.00000003.2685721625.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621165504.000000003F94C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621127258.000000003FA98000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000F94000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: setup.exe, 00000004.00000003.2620618184.00000000048C1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620932026.00000000048C2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com:80/DigiCertTrustedRootG4.crt
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2253117026.000002269FEDF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FEC5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2261697080.000002269FEBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FEBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2262600325.000002269FEE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEC7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325593647.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2301124369.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2342212159.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517944427.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261869773.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2314345754.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0.
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250266492.000002269FE5A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEDD000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2268290561.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621165504.000000003F94C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621127258.000000003FA98000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 00000012.00000000.3107242903.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.3107242903.000000000978C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685766507.000000000489A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250266492.000002269FE5A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEDD000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621165504.000000003F94C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621127258.000000003FA98000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000F94000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: setup.exe, 00000004.00000003.3253008231.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000012.00000000.3107242903.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.3107242903.000000000978C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685766507.000000000489A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: setup.exe, 00000004.00000003.3253008231.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: setup.exe, 00000004.00000003.3253008231.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261869773.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732049628.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685766507.000000000489A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, explorer.exe, 00000012.00000000.3107242903.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.3107242903.000000000978C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621165504.000000003F94C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621127258.000000003FA98000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000F94000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250266492.000002269FE5A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEDD000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2268290561.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621165504.000000003F94C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621127258.000000003FA98000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: setup.exe, 00000004.00000003.3253008231.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0H
Source: setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0I
Source: setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250266492.000002269FE5A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEDD000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621165504.000000003F94C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621127258.000000003FA98000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000F94000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3089772603.0000025C72693000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000002.3221950586.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000012.00000000.3107242903.000000000962B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2253117026.000002269FEDF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FEC5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2261697080.000002269FEBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FEBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2262600325.000002269FEE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEC7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325593647.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2301124369.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2342212159.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517944427.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261869773.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2314345754.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: explorer.exe, 00000012.00000000.3105831810.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.3105794816.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.3094263658.00000000028A0000.00000002.00000001.00040000.00000000.sdmp String found in binary or memory: http://schemas.micro
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2253117026.000002269FEDF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FEC5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2261697080.000002269FEBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FEBC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2262600325.000002269FEE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEC7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325593647.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2301124369.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2342212159.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517944427.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261869773.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2314345754.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685766507.000000000489A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: setup.exe, 00000004.00000003.3252788304.0000000004899000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3271500365.000000000489C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2621165504.000000003F94C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685766507.000000000489A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732108738.0000000004899000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opera.com
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250266492.000002269FE5A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250168257.000002269FED3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250348085.000002269FEDD000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263897451.0000000004300000.00000004.00001000.00020000.00000000.sdmp, OperaGXInstaller.exe, 00000003.00000003.2263705690.0000000004180000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000F86000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2275615984.000000000393C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5D38000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000003.3086179334.0000025C70DD1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opera.com0
Source: setup.exe, 00000004.00000002.3271367338.0000000004880000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opera.comq
Source: setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opera.comx
Source: opera.exe, 0000001C.00000002.3190948892.00000262B4FC0000.00000002.00000001.00040000.0000001C.sdmp String found in binary or memory: http://www.unicode.org/copyright.html
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ac.duckduckgo.com/ac/?q=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://accounts.spotify.com/
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://accounts.youtube.com
Source: explorer.exe, 00000012.00000000.3107242903.00000000099AB000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: explorer.exe, 00000012.00000000.3110957749.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://android.notify.windows.com/iOS
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://api.browser.yandex.ua/suggest/get?part=
Source: setup.exe, 00000004.00000003.2342212159.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325593647.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.config.opr.gg/
Source: setup.exe, 00000004.00000003.2620394310.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261869773.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2342212159.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325593647.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732049628.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517861970.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.config.opr.gg/0
Source: setup.exe, 00000004.00000003.2620394310.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261869773.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2342212159.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325593647.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732049628.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517861970.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.config.opr.gg/8
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://api.config.opr.gg/v0/config
Source: setup.exe, 00000004.00000003.2517760672.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.config.opr.gg/v0/config?utm_campaign=ogx&utm_medium=pb&utm_source=OFT&product=gx&channel
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://api.config.opr.gg/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&cha
Source: explorer.exe, 00000012.00000000.3107242903.000000000962B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000012.00000000.3107242903.000000000962B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/I
Source: explorer.exe, 00000012.00000000.3107242903.000000000973C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000012.00000000.3107242903.000000000962B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.3107242903.000000000973C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://appleid.apple.com
Source: explorer.exe, 00000012.00000000.3107242903.000000000973C000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: assistant_installer.exe, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000357000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://autoupdate.geo.opera.com/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003301000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000D.00000002.2701948120.0000000000357000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000357000.00000002.00000001.01000000.00000011.sdmp String found in binary or memory: https://autoupdate.geo.opera.com/.opera.comOpera
Source: setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252788304.00000000048B6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3271500365.00000000048B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera
Source: setup.exe, 00000004.00000003.3252654512.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252788304.00000000048B6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F94000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=114.0.5282.123
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.opera.com/me/OperaDesktopGXhttps://crashstats-co
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x642Q
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://autoupdate.opera.com/
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://autoupdate.opera.com/.
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000EDB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://autoupdate.opera.com/me/
Source: setup.exe, 00000004.00000002.3261130813.0000000000EDB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://autoupdate.opera.com/me/m
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://browser-notifications.opera.com/api/v1/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://browser-notifications.opera.com/api/v1/333333
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://consent.youtube.com
Source: assistant_installer.exe, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000357000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://crashpad.chromium.org/
Source: assistant_installer.exe, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000357000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003301000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000D.00000002.2701948120.0000000000357000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000357000.00000002.00000001.01000000.00000011.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: installer.exe, 00000010.00000002.3218122175.0000027DDB320000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000003.3216925350.00006F000002C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector-2.opera.com/
Source: setup.exe, 00000005.00000002.3277277382.000000000101B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000005.00000002.3277712898.0000000035614000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000008.00000002.3229100594.000000000112B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000008.00000002.3229889245.000000003E814000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector-2.opera.com/--annotation=channel=Stable--annotation=plat=Win32--annotat
Source: installer.exe, 00000010.00000002.3218122175.0000027DDB32F000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000010.00000003.3216925350.00006F000002C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector-2.opera.com/--annotation=channel=Stable--annotation=plat=Win64--annotat
Source: setup.exe, 00000005.00000002.3278224896.00000000356A4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector-2.opera.com/5jA
Source: setup.exe, 00000005.00000002.3278224896.00000000356A4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector-2.opera.com/5jB
Source: setup.exe, 00000005.00000002.3278224896.00000000356A4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector-2.opera.com/5jC
Source: installer.exe, 00000010.00000002.3220622111.00006F00000C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector-2.opera.com/o
Source: assistant_installer.exe, 0000000E.00000002.2703079898.0000000005039000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000357000.00000002.00000001.01000000.00000011.sdmp String found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: assistant_installer.exe, 0000000E.00000002.2703079898.0000000005039000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector.opera.com/collector/submit--annotation=channel=Stable--annotation=plat=
Source: assistant_installer.exe, 0000000E.00000002.2703079898.0000000005051000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector.opera.com/collector/submit8
Source: assistant_installer.exe, 0000000E.00000002.2703079898.0000000005039000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector.opera.com/collector/submit82
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003301000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000D.00000002.2701948120.0000000000357000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000357000.00000002.00000001.01000000.00000011.sdmp String found in binary or memory: https://crashstats-collector.opera.com/collector/submitOperaDesktopGX
Source: assistant_installer.exe, 0000000E.00000002.2703079898.0000000005030000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000E.00000002.2703079898.0000000005039000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://crashstats-collector.opera.com/collector/submitll
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: setup.exe, 00000004.00000003.3253008231.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517861970.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2314345754.0000000000F42000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F39000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/L
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/P
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/T
Source: setup.exe, 00000004.00000003.2620394310.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261869773.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732049628.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/p
Source: setup.exe, 00000004.00000003.2325673306.0000000000F39000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/t
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/t=gx&channel=Stable&client=netinstaller&edition=
Source: setup.exe, 00000004.00000003.3253008231.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/ta
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/tionBasic
Source: setup.exe, 00000004.00000002.3271367338.0000000004880000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: setup.exe, 00000004.00000003.2620394310.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary7Y
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F39000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryA
Source: setup.exe, 00000004.00000003.2517944427.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F39000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryJ
Source: setup.exe, 00000004.00000002.3261869773.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryS
Source: setup.exe, 00000004.00000003.2620394310.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2342212159.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517861970.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarydOIDInfo
Source: setup.exe, 00000004.00000003.2517944427.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarye.netLMEMP
Source: setup.exe, 00000004.00000003.2325673306.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517944427.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryetmsg.dll.mui
Source: setup.exe, 00000004.00000002.3261869773.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/wW
Source: setup.exe, 00000004.00000003.2342212159.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517861970.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.opera.com/
Source: setup.exe, 00000004.00000002.3261130813.0000000000EDB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.opera.com/Z
Source: setup.exe, 00000004.00000003.2314219860.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3273664748.000000003F890000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3256956589.000000003F826000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261869773.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732049628.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685766507.000000000489A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3271367338.0000000004880000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: setup.exe, 00000004.00000002.3261869773.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732049628.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1c
Source: setup.exe, 00000004.00000003.2517944427.0000000000F55000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732108738.0000000004899000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F74000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.opera.com/download/get/?id=68353&autoupdate=1&ni=1&stream=stable&utm_campaign=ogx&u
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: setup.exe, 00000004.00000002.3261130813.0000000000EDB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.opera.com/r
Source: setup.exe, 00000004.00000002.3261869773.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732049628.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download3.operacdn.com/
Source: setup.exe, 00000004.00000002.3261869773.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732049628.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download3.operacdn.com/??
Source: setup.exe, 00000004.00000003.3253008231.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download3.operacdn.com/A
Source: setup.exe, 00000004.00000003.3253008231.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download3.operacdn.com/J
Source: setup.exe, 00000004.00000003.2732108738.0000000004899000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1714144780-custom_partner_cont
Source: setup.exe, 00000004.00000003.2342212159.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3271367338.0000000004880000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download5.operacdn.com/
Source: setup.exe, 00000004.00000003.2685766507.00000000048A3000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732108738.0000000004899000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant_gx/73.0.3856.382/Opera_GX_assistant_73.0.3856.382_
Source: setup.exe, 00000004.00000003.2732108738.0000000004899000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download5.operacdn.com/ftp/pub/opera_gx/114.0.5282.123/win/Opera_GX_114.0.5282.123_Autoupdat
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: explorer.exe, 00000012.00000000.3110957749.000000000C048000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://excel.office.com-
Source: installer.exe, 0000000F.00000003.3142132099.000078B0001D4000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3141985642.000078B0001D4000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3142171103.000078B0001D8000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/
Source: installer.exe, 0000000F.00000003.3141985642.000078B0001D4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/apple_ke
Source: installer.exe, 0000000F.00000003.3142132099.000078B0001D4000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3142171103.000078B0001D8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://extension-updates.opera.com/api/omaha/update/x
Source: setup.exe, 00000004.00000002.3271367338.0000000004880000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://features.opera-api2.com/
Source: setup.exe, 00000004.00000003.2314133238.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325593647.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://features.opera-api2.com/9
Source: installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: setup.exe, 00000004.00000003.2325593647.0000000000FAC000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2620394310.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517944427.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261869773.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3252654512.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2314345754.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685721625.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2732049628.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2517760672.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2314473101.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2325673306.0000000000F74000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=af8f1523-0107-4b83-93
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gaana.com/
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://gamemaker.io
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://gamemaker.io)
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://gamemaker.io/en/education.
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://gamemaker.io/en/get.
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://help.opera.com/latest/
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://legal.opera.com/eula/computers
Source: installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://legal.opera.com/privacy
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://legal.opera.com/privacy.
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://legal.opera.com/terms
Source: installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://legal.opera.com/terms.
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://listen.tidal.com/
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://listen.tidal.com/login
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FE9E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FE9D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://login.tidal.com
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/at/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/au/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/be/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/bg/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/br/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/by/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/ca/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/ch/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/cn/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/cz/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/de/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/dk/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/eg/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/es/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/fi/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/fr/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/gb/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/hu/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/id/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/in/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/it/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/jp/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/ke/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/kr/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/kz/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/ma/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/mx/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/my/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/ng/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/nl/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/no/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/ph/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/pl/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/ro/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/rs/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/ru/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/se/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/sg/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/sk/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/th/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/tr/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/ua/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/us/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/vn/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.apple.com/za/browse
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.youtube.com
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FE9E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FE9D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://net.geo.opera.com/
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FE9E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FE9D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://net.geo.opera.com/J
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FE36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FEC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FE9D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-2/?utm_source=OFT&utm_medium=pb&utm_campaign=o
Source: installer.exe, 0000000F.00000003.3141985642.000078B0001D4000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nova.rambler.ru/suggest?v=3&query=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://oauth.play.pl/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://offer.tidal.com
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://open.spotify.com
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://opera.com/privacy
Source: explorer.exe, 00000012.00000000.3110957749.000000000C048000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://outlook.come
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://policies.google.com/terms;
Source: explorer.exe, 00000012.00000000.3110957749.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://powerpoint.office.comEMd
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://redir.opera.com/amazon/?q=
Source: installer.exe, 0000000F.00000003.3141985642.000078B0001D4000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://redir.opera.com/search/rambler/?q=
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: installer.exe, 0000000F.00000002.3215206621.000078B0000E4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=ogx&utm_content=ogxi_34420&utm_mediu
Source: installer.exe, 0000000F.00000003.3141985642.000078B0001D4000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://search.seznam.cz/?q=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.co.jp/search?ei=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.com/favicon.ico
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.com/search?ei=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://soundcloud.com/
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://sourcecode.opera.com
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://suggest.yandex.com.tr/suggest-opera?part=
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://telegram.org/tos/
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://translate.yandex.fr/?text=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://translate.yandex.net/main/v2.92.1465389915/i/favicon.ico
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://twitter.com/en/tos;
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/oauth
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.3110957749.000000000C048000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://word.office.comM
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/favicon.ico
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/baidu?wd=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/favicon.ico
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/bg/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/br/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/cz/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/de/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/en/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/es/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/fi/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/fr/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/hu/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/id/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/it/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/mx/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/nl/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/no/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/pl/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/ro/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/ru/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/se/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/sk/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/sr/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/th/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/tr/login
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.deezer.com/us/login
Source: setup.exe, 00000004.00000002.3259855872.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.2685660080.000000000493A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3257155164.000000003F80C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3259855872.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3236954058.000000003F974000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698678717.0000000000930000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=opera&q=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/favicon.ico
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/search?client=opera-gx&q=
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://www.opera.com
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://www.opera.com..
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://www.opera.com/gx/
Source: installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://www.opera.com/privacy
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.rambler.ru/favicon.ico
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.seznam.cz/favicon.ico
Source: installer.exe, 0000000F.00000003.3141985642.000078B0001D4000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.so.com/favicon.ico
Source: installer.exe, 0000000F.00000003.3141985642.000078B0001D4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.so.com/favicon.icocss/searchstyle_360.cssimages/logo_360.png
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.so.com/s?src=lm&ls=sm2297808&lm_extend=ctype:31&q=
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp String found in binary or memory: https://www.whatsapp.com/legal;
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.yahoo.co.jp/favicon.ico
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://yandex.com.tr/search/?clid=1669559&text=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://yandex.fr/search/?clid=2358536&text=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://yandex.ua/search/?clid=2358536&text=
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://yastatic.net/s3/home-static/_/92/929b10d17990e806734f68758ec917ec.png
Source: installer.exe, 0000000F.00000003.3141985642.000078B000194000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://yastatic.net/s3/home-static/_/f4/f47b1b3d8194c36ce660324ab55a04fe.png

Key, Mouse, Clipboard, Microphone and Screen Capturing
barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_00408643 SetWindowsHookExW 00000002,Function_00008615,00000000,00000000 12_2_00408643
Installs a global event hook (focus changed)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL
Drops certificate files (DER)
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4 Jump to dropped file

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTR Matched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Contains functionality to communicate with device drivers
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00212770: CreateFileW,DeviceIoControl,GetLastError, 13_2_00212770
Contains functionality to launch a process as a different user
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00254EE0 SetHandleInformation,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,GetEnvironmentStringsW,FreeEnvironmentStringsW,CreateProcessW,AssignProcessToJobObject,AllowSetForegroundWindow,WaitForSingleObject, 13_2_00254EE0
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC42FA0 0_2_00007FF73CC42FA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC42830 0_2_00007FF73CC42830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC5EDC8 0_2_00007FF73CC5EDC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC5AE68 0_2_00007FF73CC5AE68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC57FE8 0_2_00007FF73CC57FE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC5879C 0_2_00007FF73CC5879C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC4EFC4 0_2_00007FF73CC4EFC4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC518B0 0_2_00007FF73CC518B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC5E87C 0_2_00007FF73CC5E87C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC509FC 0_2_00007FF73CC509FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC59394 0_2_00007FF73CC59394
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC5C378 0_2_00007FF73CC5C378
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC4F444 0_2_00007FF73CC4F444
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D1EE57 3_2_00D1EE57
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D0F039 3_2_00D0F039
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D0115B 3_2_00D0115B
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D0E24E 3_2_00D0E24E
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D055BB 3_2_00D055BB
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D3555C 3_2_00D3555C
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D04606 3_2_00D04606
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D32BCD 3_2_00D32BCD
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_00405750 12_2_00405750
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_0041304B 12_2_0041304B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_0040AD40 12_2_0040AD40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_00412910 12_2_00412910
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_004132E3 12_2_004132E3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_00412F71 12_2_00412F71
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00240EE0 13_2_00240EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0026F1B4 13_2_0026F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0026B18D 13_2_0026B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0026F782 13_2_0026F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002B206C 13_2_002B206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_001FA170 13_2_001FA170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00200290 13_2_00200290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002622C0 13_2_002622C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0033243A 13_2_0033243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00244410 13_2_00244410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00228480 13_2_00228480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00244730 13_2_00244730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00210746 13_2_00210746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002007C0 13_2_002007C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00330864 13_2_00330864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0034C89C 13_2_0034C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002448E0 13_2_002448E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0034C954 13_2_0034C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0027A9F0 13_2_0027A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00248AC0 13_2_00248AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00332ACB 13_2_00332ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00206C76 13_2_00206C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002E6D0E 13_2_002E6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00354EB6 13_2_00354EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00248EC0 13_2_00248EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002BD014 13_2_002BD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00333130 13_2_00333130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002B11A6 13_2_002B11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00219180 13_2_00219180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00331189 13_2_00331189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00247370 13_2_00247370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_001FF3EC 13_2_001FF3EC
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002813D4 13_2_002813D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002B9494 13_2_002B9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002794F0 13_2_002794F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002094D2 13_2_002094D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002554D0 13_2_002554D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002E35F4 13_2_002E35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0023D7D0 13_2_0023D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002BD98E 13_2_002BD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_001FDA78 13_2_001FDA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00333A9D 13_2_00333A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0025FB00 13_2_0025FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00351B41 13_2_00351B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0032FBCF 13_2_0032FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0020BC70 13_2_0020BC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00255D10 13_2_00255D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00283DE0 13_2_00283DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0028FE30 13_2_0028FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0032BFB0 13_2_0032BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_001FFFC0 13_2_001FFFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002B206C 14_2_002B206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002E6D0E 14_2_002E6D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_001FA170 14_2_001FA170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00200290 14_2_00200290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002622C0 14_2_002622C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0033243A 14_2_0033243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00244410 14_2_00244410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00228480 14_2_00228480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00244730 14_2_00244730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00210746 14_2_00210746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002007C0 14_2_002007C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00330864 14_2_00330864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0034C89C 14_2_0034C89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002448E0 14_2_002448E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0034C954 14_2_0034C954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0027A9F0 14_2_0027A9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00248AC0 14_2_00248AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00332ACB 14_2_00332ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00206C76 14_2_00206C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00354EB6 14_2_00354EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00240EE0 14_2_00240EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00248EC0 14_2_00248EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002BD014 14_2_002BD014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00333130 14_2_00333130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002B11A6 14_2_002B11A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0026F1B4 14_2_0026F1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00219180 14_2_00219180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0026B18D 14_2_0026B18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00331189 14_2_00331189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00247370 14_2_00247370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_001FF3EC 14_2_001FF3EC
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002813D4 14_2_002813D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002B9494 14_2_002B9494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002794F0 14_2_002794F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002094D2 14_2_002094D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002554D0 14_2_002554D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002E35F4 14_2_002E35F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0026F782 14_2_0026F782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0023D7D0 14_2_0023D7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002BD98E 14_2_002BD98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_001FDA78 14_2_001FDA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00333A9D 14_2_00333A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0025FB00 14_2_0025FB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00351B41 14_2_00351B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0032FBCF 14_2_0032FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0020BC70 14_2_0020BC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00255D10 14_2_00255D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00283DE0 14_2_00283DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0028FE30 14_2_0028FE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0032BFB0 14_2_0032BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_001FFFC0 14_2_001FFFC0
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: String function: 00D39103 appears 91 times
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: String function: 00D213D0 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 00230C44 appears 56 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 003442D0 appears 114 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 00347CF8 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 0023B9C0 appears 126 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 001F1741 appears 408 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 0023BEC0 appears 269 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 00230AA2 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 00231BBC appears 34 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 0023BE50 appears 78 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 0023C9E0 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 001F3696 appears 124 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 00238B80 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: String function: 0032A840 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: String function: 004026DC appears 38 times
PE file contains executable resources (Code or Archives)
Source: setup.exe.3.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: setup.exe.4.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: installer.exe.7.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: installer.exe.29.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
PE file contains more sections than normal
Source: opera_autoupdate.exe.15.dr Static PE information: Number of sections : 13 > 10
Source: Opera_installer_2410291438320976684.dll.16.dr Static PE information: Number of sections : 14 > 10
Source: launcher.exe.7.dr Static PE information: Number of sections : 12 > 10
Source: opera_crashreporter.exe.7.dr Static PE information: Number of sections : 12 > 10
Source: mojo_core.dll.7.dr Static PE information: Number of sections : 11 > 10
Source: opera_autoupdate.exe.7.dr Static PE information: Number of sections : 13 > 10
Source: opera_browser.dll.7.dr Static PE information: Number of sections : 15 > 10
Source: Opera_installer_2410291438317856856.dll.15.dr Static PE information: Number of sections : 14 > 10
Source: notification_helper.exe.7.dr Static PE information: Number of sections : 11 > 10
Yara signature match
Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTR Matched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
query blbeacon for getting browser version
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Key value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon version
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Key value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon version
Source: classification engine Classification label: sus34.spyw.evad.winEXE@81/623@0/13
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_00408DD2 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree, 12_2_00408DD2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0021051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 13_2_0021051B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0021051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 14_2_0021051B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_004011FD GetDiskFreeSpaceExW,SendMessageW, 12_2_004011FD
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_0040388A _wtol,_wtol,SHGetSpecialFolderPathW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,CoCreateInstance,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z, 12_2_0040388A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_00401DF5 GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress, 12_2_00401DF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\OperaGXSetup[1].exe Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Mutant created: NULL
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Mutant created: \Sessions\1\BaseNamedObjects\opera_splash_lock_df693e202347b6f1f689bae495ff6ca9
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Mutant created: \Sessions\1\BaseNamedObjects\oauc_registry_mutex
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe File created: C:\Users\user\AppData\Local\Temp\OperaGXInstaller Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Command line argument: Title 3_2_00D1EE57
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Command line argument: BeginPrompt 3_2_00D1EE57
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Command line argument: Progress 3_2_00D1EE57
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Command line argument: yes 3_2_00D1EE57
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Command line argument: RunProgram 3_2_00D1EE57
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Command line argument: ExecuteFile 3_2_00D1EE57
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Command line argument: InstallPath 3_2_00D1EE57
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Command line argument: %%T 3_2_00D1EE57
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe ReversingLabs: Detection: 36%
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exe String found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exe String found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Process created: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe "C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe --silent --allusers=0 --server-tracking-blob=YzNjYzBkNzBjNDk4NTlkM2U3YTIzOTI2N2M2ZGIyMjU0OGQ2OWMxY2Y5YjZkMTY4MGI3OTJjMTc3ZDI3MGZkMjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmdXRtX2NvbnRlbnQ9b2d4aV8zNDQyMCIsInRpbWVzdGFtcCI6IjE3MzAyMTI2MjMuNTk2OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdpbjY0OyB4NjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoib2d4IiwiY29udGVudCI6Im9neGlfMzQ0MjAiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiOWVkN2VlMTktY2FmYi00MTZkLTliNzQtMWI1ZGNkMDQwNWZiIn0=
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x32c,0x330,0x334,0x318,0x338,0x6c998c5c,0x6c998c68,0x6c998c74
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe "C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3928 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241029103712" --session-guid=50fea559-f106-47bc-9a77-4335435774ab --server-tracking-blob=NTA0MmFkMjJhOTRhYTI0MTZkOWU1NmNhMTJiZWQ1NWVhNTUyZjhhZGMwMDUyYmM1ZGQzZjI4NDNjMzQwNmFjNTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmdXRtX2NvbnRlbnQ9b2d4aV8zNDQyMCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDIxMjYyMy41OTY4IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV2luNjQ7IHg2NDsgVHJpZGVudC83LjA7IC5ORVQ0LjBDOyAuTkVUNC4wRTsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjAuMzA3Mjk7IC5ORVQgQ0xSIDMuNS4zMDcyOSkiLCJ1dG0iOnsiY2FtcGFpZ24iOiJvZ3giLCJjb250ZW50Ijoib2d4aV8zNDQyMCIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiI5ZWQ3ZWUxOS1jYWZiLTQxNmQtOWI3NC0xYjVkY2QwNDA1ZmIifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2C06000000000000
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x33c,0x340,0x344,0x308,0x318,0x6baf8c5c,0x6baf8c68,0x6baf8c74
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x3a4f48,0x3a4f58,0x3a4f64
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe" --backend --initial-pid=3928 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121" --session-guid=50fea559-f106-47bc-9a77-4335435774ab --server-tracking-blob=NTA0MmFkMjJhOTRhYTI0MTZkOWU1NmNhMTJiZWQ1NWVhNTUyZjhhZGMwMDUyYmM1ZGQzZjI4NDNjMzQwNmFjNTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmdXRtX2NvbnRlbnQ9b2d4aV8zNDQyMCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDIxMjYyMy41OTY4IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV2luNjQ7IHg2NDsgVHJpZGVudC83LjA7IC5ORVQ0LjBDOyAuTkVUNC4wRTsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjAuMzA3Mjk7IC5ORVQgQ0xSIDMuNS4zMDcyOSkiLCJ1dG0iOnsiY2FtcGFpZ24iOiJvZ3giLCJjb250ZW50Ijoib2d4aV8zNDQyMCIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiI5ZWQ3ZWUxOS1jYWZiLTQxNmQtOWI3NC0xYjVkY2QwNDA1ZmIifQ== --silent --desktopshortcut=1 --install-subfolder=114.0.5282.123
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x250,0x254,0x27c,0x258,0x280,0x7ffd94469e20,0x7ffd94469e2c,0x7ffd94469e38
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized
Source: unknown Process created: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --scheduledtask --bypasslauncher 0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x1dc,0x1e0,0x1e4,0x1d8,0x1e8,0x7ffd92de1388,0x7ffd92de1398,0x7ffd92de13a8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x230,0x234,0x238,0x22c,0x208,0x7ff79d2f673c,0x7ff79d2f6748,0x7ff79d2f6758
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --lowered-browser
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Process created: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe "C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe" --silent --allusers=0 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe --silent --allusers=0 --server-tracking-blob=YzNjYzBkNzBjNDk4NTlkM2U3YTIzOTI2N2M2ZGIyMjU0OGQ2OWMxY2Y5YjZkMTY4MGI3OTJjMTc3ZDI3MGZkMjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmdXRtX2NvbnRlbnQ9b2d4aV8zNDQyMCIsInRpbWVzdGFtcCI6IjE3MzAyMTI2MjMuNTk2OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdpbjY0OyB4NjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoib2d4IiwiY29udGVudCI6Im9neGlfMzQ0MjAiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6Ik9GVCJ9LCJ1dWlkIjoiOWVkN2VlMTktY2FmYi00MTZkLTliNzQtMWI1ZGNkMDQwNWZiIn0= Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x32c,0x330,0x334,0x318,0x338,0x6c998c5c,0x6c998c68,0x6c998c74 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe "C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3928 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241029103712" --session-guid=50fea559-f106-47bc-9a77-4335435774ab --server-tracking-blob=NTA0MmFkMjJhOTRhYTI0MTZkOWU1NmNhMTJiZWQ1NWVhNTUyZjhhZGMwMDUyYmM1ZGQzZjI4NDNjMzQwNmFjNTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmdXRtX2NvbnRlbnQ9b2d4aV8zNDQyMCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDIxMjYyMy41OTY4IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV2luNjQ7IHg2NDsgVHJpZGVudC83LjA7IC5ORVQ0LjBDOyAuTkVUNC4wRTsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjAuMzA3Mjk7IC5ORVQgQ0xSIDMuNS4zMDcyOSkiLCJ1dG0iOnsiY2FtcGFpZ24iOiJvZ3giLCJjb250ZW50Ijoib2d4aV8zNDQyMCIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiI5ZWQ3ZWUxOS1jYWZiLTQxNmQtOWI3NC0xYjVkY2QwNDA1ZmIifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2C06000000000000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe" --version Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x33c,0x340,0x344,0x308,0x318,0x6baf8c5c,0x6baf8c68,0x6baf8c74 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe" --backend --initial-pid=3928 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121" --session-guid=50fea559-f106-47bc-9a77-4335435774ab --server-tracking-blob=NTA0MmFkMjJhOTRhYTI0MTZkOWU1NmNhMTJiZWQ1NWVhNTUyZjhhZGMwMDUyYmM1ZGQzZjI4NDNjMzQwNmFjNTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmdXRtX2NvbnRlbnQ9b2d4aV8zNDQyMCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDIxMjYyMy41OTY4IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV2luNjQ7IHg2NDsgVHJpZGVudC83LjA7IC5ORVQ0LjBDOyAuTkVUNC4wRTsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjAuMzA3Mjk7IC5ORVQgQ0xSIDMuNS4zMDcyOSkiLCJ1dG0iOnsiY2FtcGFpZ24iOiJvZ3giLCJjb250ZW50Ijoib2d4aV8zNDQyMCIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiI5ZWQ3ZWUxOS1jYWZiLTQxNmQtOWI3NC0xYjVkY2QwNDA1ZmIifQ== --silent --desktopshortcut=1 --install-subfolder=114.0.5282.123 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x3a4f48,0x3a4f58,0x3a4f64 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x250,0x254,0x27c,0x258,0x280,0x7ffd94469e20,0x7ffd94469e2c,0x7ffd94469e38
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe "C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --lowered-browser
Source: C:\Windows\explorer.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x1dc,0x1e0,0x1e4,0x1d8,0x1e8,0x7ffd92de1388,0x7ffd92de1398,0x7ffd92de13a8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x230,0x234,0x238,0x22c,0x208,0x7ff79d2f673c,0x7ff79d2f6748,0x7ff79d2f6758
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: uiamanager.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Section loaded: iertutil.dll
Source: C:\Windows\explorer.exe Section loaded: windows.cloudstore.schema.shell.dll
Source: C:\Windows\explorer.exe Section loaded: twext.dll
Source: C:\Windows\explorer.exe Section loaded: version.dll
Source: C:\Windows\explorer.exe Section loaded: zipfldr.dll
Source: C:\Windows\explorer.exe Section loaded: sendmail.dll
Source: C:\Windows\explorer.exe Section loaded: acppage.dll
Source: C:\Windows\explorer.exe Section loaded: sfc.dll
Source: C:\Windows\explorer.exe Section loaded: msi.dll
Source: C:\Windows\explorer.exe Section loaded: mydocs.dll
Source: C:\Windows\explorer.exe Section loaded: drprov.dll
Source: C:\Windows\explorer.exe Section loaded: ntlanman.dll
Source: C:\Windows\explorer.exe Section loaded: davclnt.dll
Source: C:\Windows\explorer.exe Section loaded: davhlpr.dll
Source: C:\Windows\explorer.exe Section loaded: dlnashext.dll
Source: C:\Windows\explorer.exe Section loaded: playtodevice.dll
Source: C:\Windows\explorer.exe Section loaded: wpdshext.dll
Source: C:\Windows\explorer.exe Section loaded: ehstorapi.dll
Source: C:\Windows\explorer.exe Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe Section loaded: smartscreenps.dll
Source: C:\Windows\explorer.exe Section loaded: cdprt.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: credui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: schannel.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: credui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 Jump to behavior
Source: Opera GX Browser .lnk.15.dr LNK file: ..\..\..\..\Programs\Opera GX\opera.exe
Source: Opera GX Browser .lnk0.15.dr LNK file: ..\AppData\Local\Programs\Opera GX\opera.exe
Source: Opera GX Browser .lnk1.15.dr LNK file: ..\..\..\..\Programs\Opera GX\opera.exe
Source: Opera GX Browser .lnk2.15.dr LNK file: ..\..\..\..\Programs\Opera GX\opera.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 114.0.5282.123
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: certificate valid
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000D.00000000.2699731841.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000D.00000002.2701948120.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000002.2702702953.0000000000385000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera.exe.pdb source: opera.exe, 0000001C.00000000.3147832863.00007FF627F7B000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3258373442.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000000.2268937215.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276417846.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000000.2272096796.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000000.2277827487.0000000000738000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000006.00000002.2281279697.0000000000738000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287434715.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000002.3218691525.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000000.2291188941.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227479724.00000000000A8000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215572174.00007FF6E5804000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 0000000F.00000000.3078708913.00007FF6E5804000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000002.3221323048.00007FF6E5804000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081813108.00007FF6E5804000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EwdhIsAfAL.exe, 00000013.00000000.3134208758.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000015.00000000.3136135528.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000016.00000000.3137495821.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000017.00000000.3138835530.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000018.00000000.3139903179.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 00000019.00000000.3140958934.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 0000001A.00000000.3142098587.000000000011E000.00000002.00000001.01000000.00000016.sdmp, EwdhIsAfAL.exe, 0000001B.00000000.3145686226.000000000011E000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698858376.0000000003DA0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Boo\Code\_Offergate\OperaGXInstaller\Build-x64-Release\OperaGXInstaller.pdb source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2263364502.00007FF73CC63000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000000.2164793741.00007FF73CC63000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\opera_autoupdate.exe.pdb source: installer.exe, 0000000F.00000003.3089669286.0000025C726A5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.0000000003742000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Boo\Code\_Offergate\OperaGXInstaller\Build-x64-Release\OperaGXInstaller.pdb source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2263364502.00007FF73CC63000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000000.2164793741.00007FF73CC63000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000002.3276555885.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000005.00000001.2273391337.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000006.00000002.2281314698.000000000074A000.00000002.00000001.01000000.0000000C.sdmp, setup.exe, 00000007.00000000.2287497898.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000007.00000001.2288478043.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000001.2292008198.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000008.00000002.3227766639.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000C.00000003.2698025934.000000000346E000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000D.00000000.2699731841.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000D.00000002.2701948120.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000000.2701102768.0000000000385000.00000002.00000001.01000000.00000011.sdmp, assistant_installer.exe, 0000000E.00000002.2702702953.0000000000385000.00000002.00000001.01000000.00000011.sdmp
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Binary contains a suspicious time stamp
Source: dxil.dll.7.dr Static PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo, 12_2_0040239B
PE file contains an invalid checksum
Source: OperaGXInstaller.exe.0.dr Static PE information: real checksum: 0x3381fe should be: 0x32d8a3
Source: OperaGXSetup[1].exe.0.dr Static PE information: real checksum: 0x3381fe should be: 0x32d8a3
PE file contains sections with non-standard names
Source: Opera_installer_2410291437108383928.dll.4.dr Static PE information: section name: .rodata
Source: Opera_installer_2410291437108383928.dll.4.dr Static PE information: section name: CPADinfo
Source: Opera_installer_2410291437108383928.dll.4.dr Static PE information: section name: malloc_h
Source: Opera_installer_2410291437111626972.dll.5.dr Static PE information: section name: .rodata
Source: Opera_installer_2410291437111626972.dll.5.dr Static PE information: section name: CPADinfo
Source: Opera_installer_2410291437111626972.dll.5.dr Static PE information: section name: malloc_h
Source: Opera_installer_2410291437117157164.dll.6.dr Static PE information: section name: .rodata
Source: Opera_installer_2410291437117157164.dll.6.dr Static PE information: section name: CPADinfo
Source: Opera_installer_2410291437117157164.dll.6.dr Static PE information: section name: malloc_h
Source: Opera_installer_2410291437126772788.dll.7.dr Static PE information: section name: .rodata
Source: Opera_installer_2410291437126772788.dll.7.dr Static PE information: section name: CPADinfo
Source: Opera_installer_2410291437126772788.dll.7.dr Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.7.dr Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.7.dr Static PE information: section name: .retplne
Source: vk_swiftshader.dll.7.dr Static PE information: section name: _RDATA
Source: vulkan-1.dll.7.dr Static PE information: section name: .gxfg
Source: vulkan-1.dll.7.dr Static PE information: section name: .retplne
Source: vulkan-1.dll.7.dr Static PE information: section name: _RDATA
Source: win10_share_handler.dll.7.dr Static PE information: section name: .gxfg
Source: win10_share_handler.dll.7.dr Static PE information: section name: .retplne
Source: win10_share_handler.dll.7.dr Static PE information: section name: _RDATA
Source: win8_importing.dll.7.dr Static PE information: section name: .gxfg
Source: win8_importing.dll.7.dr Static PE information: section name: .retplne
Source: win8_importing.dll.7.dr Static PE information: section name: _RDATA
Source: mojo_core.dll.7.dr Static PE information: section name: .gxfg
Source: mojo_core.dll.7.dr Static PE information: section name: .retplne
Source: mojo_core.dll.7.dr Static PE information: section name: _RDATA
Source: mojo_core.dll.7.dr Static PE information: section name: malloc_h
Source: notification_helper.exe.7.dr Static PE information: section name: .gxfg
Source: notification_helper.exe.7.dr Static PE information: section name: .retplne
Source: notification_helper.exe.7.dr Static PE information: section name: CPADinfo
Source: notification_helper.exe.7.dr Static PE information: section name: _RDATA
Source: opera.exe.7.dr Static PE information: section name: .gxfg
Source: opera.exe.7.dr Static PE information: section name: .retplne
Source: opera.exe.7.dr Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.7.dr Static PE information: section name: .gxfg
Source: opera_autoupdate.exe.7.dr Static PE information: section name: .retplne
Source: opera_autoupdate.exe.7.dr Static PE information: section name: CPADinfo
Source: opera_autoupdate.exe.7.dr Static PE information: section name: LZMADEC
Source: opera_autoupdate.exe.7.dr Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.7.dr Static PE information: section name: malloc_h
Source: opera_browser.dll.7.dr Static PE information: section name: .gxfg
Source: opera_browser.dll.7.dr Static PE information: section name: .retplne
Source: opera_browser.dll.7.dr Static PE information: section name: .rodata
Source: opera_browser.dll.7.dr Static PE information: section name: CPADinfo
Source: opera_browser.dll.7.dr Static PE information: section name: LZMADEC
Source: opera_browser.dll.7.dr Static PE information: section name: _RDATA
Source: opera_browser.dll.7.dr Static PE information: section name: malloc_h
Source: opera_browser.dll.7.dr Static PE information: section name: prot
Source: opera_crashreporter.exe.7.dr Static PE information: section name: .gxfg
Source: opera_crashreporter.exe.7.dr Static PE information: section name: .retplne
Source: opera_crashreporter.exe.7.dr Static PE information: section name: CPADinfo
Source: opera_crashreporter.exe.7.dr Static PE information: section name: _RDATA
Source: opera_crashreporter.exe.7.dr Static PE information: section name: malloc_h
Source: opera_elf.dll.7.dr Static PE information: section name: .gxfg
Source: opera_elf.dll.7.dr Static PE information: section name: .retplne
Source: opera_elf.dll.7.dr Static PE information: section name: _RDATA
Source: opera_gx_splash.exe.7.dr Static PE information: section name: .gxfg
Source: opera_gx_splash.exe.7.dr Static PE information: section name: .retplne
Source: opera_gx_splash.exe.7.dr Static PE information: section name: _RDATA
Source: CUESDK.x64_2017.dll.7.dr Static PE information: section name: .00cfg
Source: dxcompiler.dll.7.dr Static PE information: section name: .gxfg
Source: dxcompiler.dll.7.dr Static PE information: section name: .retplne
Source: dxcompiler.dll.7.dr Static PE information: section name: _RDATA
Source: dxil.dll.7.dr Static PE information: section name: _RDATA
Source: installer.exe.7.dr Static PE information: section name: .gxfg
Source: installer.exe.7.dr Static PE information: section name: .retplne
Source: installer.exe.7.dr Static PE information: section name: _RDATA
Source: installer_helper_64.exe.7.dr Static PE information: section name: .gxfg
Source: installer_helper_64.exe.7.dr Static PE information: section name: .retplne
Source: installer_helper_64.exe.7.dr Static PE information: section name: _RDATA
Source: launcher.exe.7.dr Static PE information: section name: .gxfg
Source: launcher.exe.7.dr Static PE information: section name: .retplne
Source: launcher.exe.7.dr Static PE information: section name: LZMADEC
Source: launcher.exe.7.dr Static PE information: section name: _RDATA
Source: launcher.exe.7.dr Static PE information: section name: malloc_h
Source: libEGL.dll.7.dr Static PE information: section name: .gxfg
Source: libEGL.dll.7.dr Static PE information: section name: .retplne
Source: libEGL.dll.7.dr Static PE information: section name: _RDATA
Source: libGLESv2.dll.7.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll.7.dr Static PE information: section name: .retplne
Source: libGLESv2.dll.7.dr Static PE information: section name: _RDATA
Source: Opera_installer_241029143713033712.dll.8.dr Static PE information: section name: .rodata
Source: Opera_installer_241029143713033712.dll.8.dr Static PE information: section name: CPADinfo
Source: Opera_installer_241029143713033712.dll.8.dr Static PE information: section name: malloc_h
Source: assistant_installer.exe.12.dr Static PE information: section name: .00cfg
Source: assistant_installer.exe.12.dr Static PE information: section name: .voltbl
Source: assistant_installer.exe.12.dr Static PE information: section name: CPADinfo
Source: browser_assistant.exe.12.dr Static PE information: section name: .00cfg
Source: browser_assistant.exe.12.dr Static PE information: section name: .rodata
Source: browser_assistant.exe.12.dr Static PE information: section name: .voltbl
Source: browser_assistant.exe.12.dr Static PE information: section name: CPADinfo
Source: mojo_core.dll.12.dr Static PE information: section name: .00cfg
Source: mojo_core.dll.12.dr Static PE information: section name: .voltbl
Source: Opera_installer_2410291438317856856.dll.15.dr Static PE information: section name: .gxfg
Source: Opera_installer_2410291438317856856.dll.15.dr Static PE information: section name: .retplne
Source: Opera_installer_2410291438317856856.dll.15.dr Static PE information: section name: .rodata
Source: Opera_installer_2410291438317856856.dll.15.dr Static PE information: section name: CPADinfo
Source: Opera_installer_2410291438317856856.dll.15.dr Static PE information: section name: LZMADEC
Source: Opera_installer_2410291438317856856.dll.15.dr Static PE information: section name: _RDATA
Source: Opera_installer_2410291438317856856.dll.15.dr Static PE information: section name: malloc_h
Source: opera.exe.15.dr Static PE information: section name: .gxfg
Source: opera.exe.15.dr Static PE information: section name: .retplne
Source: opera.exe.15.dr Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.15.dr Static PE information: section name: .gxfg
Source: opera_autoupdate.exe.15.dr Static PE information: section name: .retplne
Source: opera_autoupdate.exe.15.dr Static PE information: section name: CPADinfo
Source: opera_autoupdate.exe.15.dr Static PE information: section name: LZMADEC
Source: opera_autoupdate.exe.15.dr Static PE information: section name: _RDATA
Source: opera_autoupdate.exe.15.dr Static PE information: section name: malloc_h
Source: Opera_installer_2410291438320976684.dll.16.dr Static PE information: section name: .gxfg
Source: Opera_installer_2410291438320976684.dll.16.dr Static PE information: section name: .retplne
Source: Opera_installer_2410291438320976684.dll.16.dr Static PE information: section name: .rodata
Source: Opera_installer_2410291438320976684.dll.16.dr Static PE information: section name: CPADinfo
Source: Opera_installer_2410291438320976684.dll.16.dr Static PE information: section name: LZMADEC
Source: Opera_installer_2410291438320976684.dll.16.dr Static PE information: section name: _RDATA
Source: Opera_installer_2410291438320976684.dll.16.dr Static PE information: section name: malloc_h
Source: installer.exe.29.dr Static PE information: section name: .gxfg
Source: installer.exe.29.dr Static PE information: section name: .retplne
Source: installer.exe.29.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D390E0 push ecx; ret 3_2_00D390F3
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D396C8 push ecx; ret 3_2_00D396DD
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_00412C00 push eax; ret 12_2_00412C2E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0032B10C push ecx; ret 13_2_0032B11F
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0032B10C push ecx; ret 14_2_0032B11F
Contains functionality to download and launch executables
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC42FA0 SHGetFolderPathW,SHCreateDirectoryExW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,URLDownloadToFileW,ShellExecuteW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF73CC42FA0
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_autoupdate.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe File created: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_browser.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\launcher.exe.1730212712.old (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\dxcompiler.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe File created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291438320976684.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\OperaGXSetup[1].exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437111626972.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_elf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\win10_share_handler.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\notification_helper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\CUESDK.x64_2017.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_autoupdate.exe.1730212712.old (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291438317856856.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe File created: C:\Users\user\AppData\Local\Temp\.opera\52FCEE075297\installer.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437126772788.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer_helper_64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\Opera_installer_241029143713033712.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\win8_importing.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\mojo_core.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_gx_splash.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437117157164.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\Opera_GX_assistant_73.0.3856.382_Setup[1].exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\launcher.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\browser_assistant.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\assistant_package Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\mojo_core.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437108383928.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\additional_file0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\opera_package Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\dxil.dll Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\opera_package Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\assistant_package Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241029103711306.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241029103713177.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20241029103753.log Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241029103832254.log
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Opera GX Stable
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Opera GX Stable
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Stores large binary data to the registry
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband FavoritesResolve
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information set: NOOPENFILEERRORBOX
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0025A6D0 rdtsc 13_2_0025A6D0
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Thread delayed: delay time: 922337203685477
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_browser.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\launcher.exe.1730212712.old (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\dxcompiler.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\Opera_GX_114.0.5282.123_Autoupdate_x64[1].exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291438320976684.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_elf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437111626972.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\win10_share_handler.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\notification_helper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\CUESDK.x64_2017.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291438317856856.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437126772788.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer_helper_64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_241029143713033712.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\win8_importing.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\mojo_core.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_gx_splash.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437117157164.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\launcher.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\browser_assistant.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\assistant_package Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\mojo_core.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437108383928.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\opera_package Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\dxil.dll Jump to dropped file
Found evaded block containing many API calls
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Evaded block: after key decision
Found evasive API chain (date check)
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe API coverage: 7.0 %
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe API coverage: 5.8 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe TID: 1136 Thread sleep count: 167 > 30
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe TID: 5092 Thread sleep time: -922337203685477s >= -30000s
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File Volume queried: C:\Users\user\AppData\Local\Temp\7zSC91E97EB FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File Volume queried: C:\Users\user\AppData\Local\Temp\7zSC91E97EB FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File Volume queried: C:\Users\user\AppData\Local\Temp\7zSC91E97EB FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\blob_storage\9d76c84c-76ce-46b2-856a-88905fd04d0c FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe File Volume queried: C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable FullSizeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC59394 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF73CC59394
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D08D20 FindFirstFileW, 3_2_00D08D20
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D2FEEB FindFirstFileExW, 3_2_00D2FEEB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime, 12_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z, 12_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00259120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW, 13_2_00259120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002E9AE2 FindFirstFileExW, 13_2_002E9AE2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00259120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW, 14_2_00259120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002E9AE2 FindFirstFileExW, 14_2_002E9AE2
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D0A419 GetSystemInfo, 3_2_00D0A419
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\Local\Programs\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\Local\Temp\Opera_installer_2410291437126772788.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\done Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: explorer.exe, 00000012.00000000.3107242903.000000000962B000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWystem32\DriverStore\en-US\msmouse.inf_locv
Source: explorer.exe, 00000012.00000000.3107242903.00000000097F3000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000000.3107242903.000000000973C000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWws
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEC9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.3107242903.00000000098AD000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RoamingCom
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250266492.000002269FE5A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2261697080.000002269FE5B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FE5B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWoi
Source: explorer.exe, 00000012.00000000.3107242903.0000000009605000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NXTVMWare
Source: explorer.exe, 00000012.00000000.3093360758.0000000000D99000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2261697080.000002269FEC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000002.2261697080.000002269FE77000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FEC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250266492.000002269FE77000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2252879060.000002269FE77000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe, 00000000.00000003.2250204331.000002269FEC9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000002.3261130813.0000000000EDB000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000003.3253008231.0000000000F74000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000012.00000000.3093360758.0000000000D99000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000W
Source: explorer.exe, 00000012.00000000.3096136502.00000000073E5000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000012.00000000.3107242903.00000000098AD000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}lnkramW6
Source: explorer.exe, 00000012.00000000.3093360758.0000000000D99000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000012.00000000.3093360758.0000000000D99000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000000.3107242903.00000000098AD000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process information queried: ProcessInformation
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0025A6D0 rdtsc 13_2_0025A6D0
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC47E58 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF73CC47E58
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_0040239B LoadLibraryA,GetProcAddress,GetNativeSystemInfo, 12_2_0040239B
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_003497FB mov eax, dword ptr fs:[00000030h] 13_2_003497FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00337C65 mov eax, dword ptr fs:[00000030h] 13_2_00337C65
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_003497FB mov eax, dword ptr fs:[00000030h] 14_2_003497FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00337C65 mov eax, dword ptr fs:[00000030h] 14_2_00337C65
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC5A5A4 GetProcessHeap, 0_2_00007FF73CC5A5A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC47E58 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF73CC47E58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC48038 SetUnhandledExceptionFilter, 0_2_00007FF73CC48038
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC4EA40 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF73CC4EA40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC47B7C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF73CC47B7C
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D2162A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00D2162A
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D267CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00D267CB
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D217B7 SetUnhandledExceptionFilter, 3_2_00D217B7
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D20D2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_00D20D2C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0026AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread, 13_2_0026AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002B206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen, 13_2_002B206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0026C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter, 13_2_0026C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0032A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_0032A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0026ACEE GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread, 13_2_0026ACEE
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00201C00 SetUnhandledExceptionFilter, 13_2_00201C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0033BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_0033BE76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_002B206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen, 14_2_002B206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0026C3B6 GetCurrentProcessId,SetUnhandledExceptionFilter, 14_2_0026C3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0032A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 14_2_0032A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0026AD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread, 14_2_0026AD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_00201C00 SetUnhandledExceptionFilter, 14_2_00201C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 14_2_0033BE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 14_2_0033BE76

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtOpenSection: Direct from: 0x77382E0C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtQueryVolumeInformationFile: Direct from: 0x77382F2C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtMapViewOfSection: Direct from: 0x77382D1C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtReadVirtualMemory: Direct from: 0x77382E8C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtProtectVirtualMemory: Direct from: 0x77382F9C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtClose: Direct from: 0x77382B6C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtUnmapViewOfSection: Direct from: 0x77382D3C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtCreateMutant: Direct from: 0x773835CC
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtQueryAttributesFile: Direct from: 0x77382E6C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtSetInformationProcess: Direct from: 0x77382C5C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtQueryInformationProcess: Direct from: 0x77382C26
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtSetInformationThread: Direct from: 0x77382ECC
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtOpenKeyEx: Direct from: 0x77382B9C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtOpenKeyEx: Direct from: 0x77383C9C
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtQueryValueKey: Direct from: 0x77382BEC
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtDeviceIoControlFile: Direct from: 0x77382AEC
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtAllocateVirtualMemory: Direct from: 0x77382BFC
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtCreateFile: Direct from: 0x77382FEC
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtOpenFile: Direct from: 0x77382DCC
Source: C:\Program Files (x86)\mudjfNbYLVXpdJfomFaPTueznQoHFrCdznduaLVartLUUISpHuHZ\EwdhIsAfAL.exe NtAddAtomEx: Direct from: 0x7738312C
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Process created: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe "C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe" --silent --allusers=0 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x32c,0x330,0x334,0x318,0x338,0x6c998c5c,0x6c998c68,0x6c998c74 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe "C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3928 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241029103712" --session-guid=50fea559-f106-47bc-9a77-4335435774ab --server-tracking-blob=NTA0MmFkMjJhOTRhYTI0MTZkOWU1NmNhMTJiZWQ1NWVhNTUyZjhhZGMwMDUyYmM1ZGQzZjI4NDNjMzQwNmFjNTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU9GVCZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1vZ3gmdXRtX2NvbnRlbnQ9b2d4aV8zNDQyMCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDIxMjYyMy41OTY4IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV2luNjQ7IHg2NDsgVHJpZGVudC83LjA7IC5ORVQ0LjBDOyAuTkVUNC4wRTsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjAuMzA3Mjk7IC5ORVQgQ0xSIDMuNS4zMDcyOSkiLCJ1dG0iOnsiY2FtcGFpZ24iOiJvZ3giLCJjb250ZW50Ijoib2d4aV8zNDQyMCIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiI5ZWQ3ZWUxOS1jYWZiLTQxNmQtOWI3NC0xYjVkY2QwNDA1ZmIifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2C06000000000000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe" --version Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x33c,0x340,0x344,0x308,0x318,0x6baf8c5c,0x6baf8c68,0x6baf8c74 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x3a4f48,0x3a4f58,0x3a4f64 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x250,0x254,0x27c,0x258,0x280,0x7ffd94469e20,0x7ffd94469e2c,0x7ffd94469e38
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe "C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x1dc,0x1e0,0x1e4,0x1d8,0x1e8,0x7ffd92de1388,0x7ffd92de1398,0x7ffd92de13a8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe "C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x230,0x234,0x238,0x22c,0x208,0x7ff79d2f673c,0x7ff79d2f6748,0x7ff79d2f6758
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: unknown unknown
Tries to disable installed Antivirus / HIPS / PFW
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe File opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe File opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dll
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe c:\users\user\appdata\local\temp\7zsc91e97eb\setup.exe --silent --allusers=0 --server-tracking-blob=yznjyzbknzbjndk4ntlkm2u3ytizoti2n2m2zgiymju0ogq2owmxy2y5yjzkmty4mgi3otjjmtc3zdi3mgzkmjp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0ylz91dg1fc291cmnlpu9gvcz1dg1fbwvkaxvtpxbijnv0bv9jyw1wywlnbj1vz3gmdxrtx2nvbnrlbnq9b2d4av8zndqymcisinrpbwvzdgftcci6ije3mzaymti2mjmuntk2ocisinvzzxjhz2vudci6ik1vemlsbgevnc4wichjb21wyxrpymxloybnu0lfidcumdsgv2luzg93cybovca2lji7ifdpbjy0oyb4njq7ifryawrlbnqvny4woyautkvunc4wqzsglk5fvdqumeu7ic5orvqgq0xsidiumc41mdcynzsglk5fvcbdtfigmy4wljmwnzi5oyautkvuienmuiazljuumza3mjkpiiwidxrtijp7imnhbxbhawduijoib2d4iiwiy29udgvudci6im9neglfmzq0mjailcjtzwrpdw0ioijwyiisinnvdxjjzsi6ik9gvcj9lcj1dwlkijoiowvkn2vlmtkty2fmyi00mtzkltlinzqtmwi1zgnkmdqwnwziin0=
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe c:\users\user\appdata\local\temp\7zsc91e97eb\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x32c,0x330,0x334,0x318,0x338,0x6c998c5c,0x6c998c68,0x6c998c74
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe "c:\users\user\appdata\local\temp\7zsc91e97eb\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3928 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20241029103712" --session-guid=50fea559-f106-47bc-9a77-4335435774ab --server-tracking-blob=nta0mmfkmjjhotrhyti0mtzkowu1nmnhmtjizwq1nwvhntuyzjhhzgmwmduyymm1zgqzzji4ndnjmzqwnmfjntp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0ylz91dg1fc291cmnlpu9gvcz1dg1fbwvkaxvtpxbijnv0bv9jyw1wywlnbj1vz3gmdxrtx2nvbnrlbnq9b2d4av8zndqymcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtczmdixmjyymy41oty4iiwidxnlcmfnzw50ijoitw96awxsys80ljagkgnvbxbhdglibgu7ie1tsuugny4woybxaw5kb3dzie5uidyumjsgv2lunjq7ihg2ndsgvhjpzgvudc83lja7ic5orvq0ljbdoyautkvunc4wrtsglk5fvcbdtfigmi4wljuwnzi3oyautkvuienmuiazljaumza3mjk7ic5orvqgq0xsidmuns4zmdcyoskilcj1dg0ionsiy2ftcgfpz24ioijvz3gilcjjb250zw50ijoib2d4av8zndqymcisim1lzgl1bsi6inbiiiwic291cmnlijoit0zuin0sinv1awqioii5zwq3zwuxos1jywziltqxnmqtowi3nc0xyjvky2qwnda1zmiifq== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2c06000000000000
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe c:\users\user\appdata\local\temp\7zsc91e97eb\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x33c,0x340,0x344,0x308,0x318,0x6baf8c5c,0x6baf8c68,0x6baf8c74
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202410291037121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x3a4f48,0x3a4f58,0x3a4f64
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe "c:\users\user\appdata\local\programs\opera gx\114.0.5282.123\installer.exe" --backend --initial-pid=3928 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202410291037121" --session-guid=50fea559-f106-47bc-9a77-4335435774ab --server-tracking-blob=nta0mmfkmjjhotrhyti0mtzkowu1nmnhmtjizwq1nwvhntuyzjhhzgmwmduyymm1zgqzzji4ndnjmzqwnmfjntp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0ylz91dg1fc291cmnlpu9gvcz1dg1fbwvkaxvtpxbijnv0bv9jyw1wywlnbj1vz3gmdxrtx2nvbnrlbnq9b2d4av8zndqymcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtczmdixmjyymy41oty4iiwidxnlcmfnzw50ijoitw96awxsys80ljagkgnvbxbhdglibgu7ie1tsuugny4woybxaw5kb3dzie5uidyumjsgv2lunjq7ihg2ndsgvhjpzgvudc83lja7ic5orvq0ljbdoyautkvunc4wrtsglk5fvcbdtfigmi4wljuwnzi3oyautkvuienmuiazljaumza3mjk7ic5orvqgq0xsidmuns4zmdcyoskilcj1dg0ionsiy2ftcgfpz24ioijvz3gilcjjb250zw50ijoib2d4av8zndqymcisim1lzgl1bsi6inbiiiwic291cmnlijoit0zuin0sinv1awqioii5zwq3zwuxos1jywziltqxnmqtowi3nc0xyjvky2qwnda1zmiifq== --silent --desktopshortcut=1 --install-subfolder=114.0.5282.123
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe "c:\users\user\appdata\local\programs\opera gx\114.0.5282.123\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x250,0x254,0x27c,0x258,0x280,0x7ffd94469e20,0x7ffd94469e2c,0x7ffd94469e38
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe "c:\users\user\appdata\local\programs\opera gx\114.0.5282.123\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x1dc,0x1e0,0x1e4,0x1d8,0x1e8,0x7ffd92de1388,0x7ffd92de1398,0x7ffd92de13a8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe "c:\users\user\appdata\local\programs\opera gx\autoupdate\opera_autoupdate.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x230,0x234,0x238,0x22c,0x208,0x7ff79d2f673c,0x7ff79d2f6748,0x7ff79d2f6758
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe c:\users\user\appdata\local\temp\7zsc91e97eb\setup.exe --silent --allusers=0 --server-tracking-blob=yznjyzbknzbjndk4ntlkm2u3ytizoti2n2m2zgiymju0ogq2owmxy2y5yjzkmty4mgi3otjjmtc3zdi3mgzkmjp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0ylz91dg1fc291cmnlpu9gvcz1dg1fbwvkaxvtpxbijnv0bv9jyw1wywlnbj1vz3gmdxrtx2nvbnrlbnq9b2d4av8zndqymcisinrpbwvzdgftcci6ije3mzaymti2mjmuntk2ocisinvzzxjhz2vudci6ik1vemlsbgevnc4wichjb21wyxrpymxloybnu0lfidcumdsgv2luzg93cybovca2lji7ifdpbjy0oyb4njq7ifryawrlbnqvny4woyautkvunc4wqzsglk5fvdqumeu7ic5orvqgq0xsidiumc41mdcynzsglk5fvcbdtfigmy4wljmwnzi5oyautkvuienmuiazljuumza3mjkpiiwidxrtijp7imnhbxbhawduijoib2d4iiwiy29udgvudci6im9neglfmzq0mjailcjtzwrpdw0ioijwyiisinnvdxjjzsi6ik9gvcj9lcj1dwlkijoiowvkn2vlmtkty2fmyi00mtzkltlinzqtmwi1zgnkmdqwnwziin0= Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe c:\users\user\appdata\local\temp\7zsc91e97eb\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x32c,0x330,0x334,0x318,0x338,0x6c998c5c,0x6c998c68,0x6c998c74 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe "c:\users\user\appdata\local\temp\7zsc91e97eb\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3928 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20241029103712" --session-guid=50fea559-f106-47bc-9a77-4335435774ab --server-tracking-blob=nta0mmfkmjjhotrhyti0mtzkowu1nmnhmtjizwq1nwvhntuyzjhhzgmwmduyymm1zgqzzji4ndnjmzqwnmfjntp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0ylz91dg1fc291cmnlpu9gvcz1dg1fbwvkaxvtpxbijnv0bv9jyw1wywlnbj1vz3gmdxrtx2nvbnrlbnq9b2d4av8zndqymcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtczmdixmjyymy41oty4iiwidxnlcmfnzw50ijoitw96awxsys80ljagkgnvbxbhdglibgu7ie1tsuugny4woybxaw5kb3dzie5uidyumjsgv2lunjq7ihg2ndsgvhjpzgvudc83lja7ic5orvq0ljbdoyautkvunc4wrtsglk5fvcbdtfigmi4wljuwnzi3oyautkvuienmuiazljaumza3mjk7ic5orvqgq0xsidmuns4zmdcyoskilcj1dg0ionsiy2ftcgfpz24ioijvz3gilcjjb250zw50ijoib2d4av8zndqymcisim1lzgl1bsi6inbiiiwic291cmnlijoit0zuin0sinv1awqioii5zwq3zwuxos1jywziltqxnmqtowi3nc0xyjvky2qwnda1zmiifq== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2c06000000000000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe c:\users\user\appdata\local\temp\7zsc91e97eb\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x33c,0x340,0x344,0x308,0x318,0x6baf8c5c,0x6baf8c68,0x6baf8c74 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe "c:\users\user\appdata\local\programs\opera gx\114.0.5282.123\installer.exe" --backend --initial-pid=3928 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202410291037121" --session-guid=50fea559-f106-47bc-9a77-4335435774ab --server-tracking-blob=nta0mmfkmjjhotrhyti0mtzkowu1nmnhmtjizwq1nwvhntuyzjhhzgmwmduyymm1zgqzzji4ndnjmzqwnmfjntp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0ylz91dg1fc291cmnlpu9gvcz1dg1fbwvkaxvtpxbijnv0bv9jyw1wywlnbj1vz3gmdxrtx2nvbnrlbnq9b2d4av8zndqymcisinn5c3rlbsi6eyjwbgf0zm9ybsi6eyjhcmnoijoiedg2xzy0iiwib3bzexmioijxaw5kb3dziiwib3bzexmtdmvyc2lvbii6ijewiiwicgfja2fnzsi6ikvyrsj9fswidgltzxn0yw1wijoimtczmdixmjyymy41oty4iiwidxnlcmfnzw50ijoitw96awxsys80ljagkgnvbxbhdglibgu7ie1tsuugny4woybxaw5kb3dzie5uidyumjsgv2lunjq7ihg2ndsgvhjpzgvudc83lja7ic5orvq0ljbdoyautkvunc4wrtsglk5fvcbdtfigmi4wljuwnzi3oyautkvuienmuiazljaumza3mjk7ic5orvqgq0xsidmuns4zmdcyoskilcj1dg0ionsiy2ftcgfpz24ioijvz3gilcjjb250zw50ijoib2d4av8zndqymcisim1lzgl1bsi6inbiiiwic291cmnlijoit0zuin0sinv1awqioii5zwq3zwuxos1jywziltqxnmqtowi3nc0xyjvky2qwnda1zmiifq== --silent --desktopshortcut=1 --install-subfolder=114.0.5282.123 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202410291037121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x3a4f48,0x3a4f58,0x3a4f64 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe "c:\users\user\appdata\local\programs\opera gx\114.0.5282.123\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x250,0x254,0x27c,0x258,0x280,0x7ffd94469e20,0x7ffd94469e2c,0x7ffd94469e38
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\opera_crashreporter.exe "c:\users\user\appdata\local\programs\opera gx\114.0.5282.123\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x1dc,0x1e0,0x1e4,0x1d8,0x1e8,0x7ffd92de1388,0x7ffd92de1398,0x7ffd92de13a8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Process created: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe "c:\users\user\appdata\local\programs\opera gx\autoupdate\opera_autoupdate.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=114.0.5282.123 --initial-client-data=0x230,0x234,0x238,0x22c,0x208,0x7ff79d2f673c,0x7ff79d2f6748,0x7ff79d2f6758
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: 12_2_0040247A AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 12_2_0040247A
Source: installer.exe, 0000000F.00000002.3215759921.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp, installer.exe, 00000010.00000000.3081947882.00007FF6E5828000.00000002.00000001.01000000.00000012.sdmp Binary or memory string: Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: explorer.exe, 00000012.00000000.3094100142.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, EwdhIsAfAL.exe, 00000013.00000000.3134850842.0000000001CB0000.00000002.00000001.00040000.00000000.sdmp, EwdhIsAfAL.exe, 00000015.00000000.3136665592.0000000001350000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: IProgram Manager
Source: installer.exe, 0000000F.00000002.3214070707.0000025C72783000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Program Manager
Source: explorer.exe, 00000012.00000000.3094100142.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.3095955968.00000000048E0000.00000004.00000001.00020000.00000000.sdmp, EwdhIsAfAL.exe, 00000013.00000000.3134850842.0000000001CB0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: installer.exe, 0000000F.00000003.3162070181.0000025C70E27000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.3213721682.0000025C70E27000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.3094100142.00000000013A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: installer.exe, 0000000F.00000003.3162070181.0000025C70E27000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.3213721682.0000025C70E27000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd%
Source: explorer.exe, 00000012.00000000.3093360758.0000000000D69000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: +Progman
Source: OperaGXInstaller.exe, 00000003.00000003.2263963839.0000000003453000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000004.00000000.2268980940.00000000000BA000.00000002.00000001.01000000.00000009.sdmp, setup.exe, 00000004.00000001.2269989539.00000000000BA000.00000002.00000001.01000000.00000009.sdmp Binary or memory string: Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000F.00000002.3213958117.0000025C72690000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Program Manager_1*&
Source: explorer.exe, 00000012.00000000.3094100142.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, EwdhIsAfAL.exe, 00000013.00000000.3134850842.0000000001CB0000.00000002.00000001.00040000.00000000.sdmp, EwdhIsAfAL.exe, 00000015.00000000.3136665592.0000000001350000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: explorer.exe, 00000012.00000000.3107242903.00000000098AD000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd31A
Source: installer.exe, 0000000F.00000002.3213558547.0000025C70D96000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Program Manager}#?
Source: installer.exe, 0000000F.00000003.3162070181.0000025C70E27000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Progmanell
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC608D0 cpuid 0_2_00007FF73CC608D0
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_00007FF73CC5CDCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: EnumSystemLocalesW, 0_2_00007FF73CC55D2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: EnumSystemLocalesW, 0_2_00007FF73CC5CD34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: GetLocaleInfoW, 0_2_00007FF73CC5D014
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, 0_2_00007FF73CC5C908
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: GetLocaleInfoW, 0_2_00007FF73CC5607C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_00007FF73CC5D16C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: GetLocaleInfoW, 0_2_00007FF73CC5D21C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_00007FF73CC5D350
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: EnumSystemLocalesW, 0_2_00007FF73CC5CC64
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: GetACP,IsValidCodePage,GetLocaleInfoW, 3_2_00D33117
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: EnumSystemLocalesW, 3_2_00D333C3
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: GetLocaleInfoEx,FormatMessageA, 3_2_00D2239E
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: EnumSystemLocalesW, 3_2_00D334A9
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: EnumSystemLocalesW, 3_2_00D3340E
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 3_2_00D33534
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: GetLocaleInfoW, 3_2_00D33787
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 3_2_00D338B0
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: GetLocaleInfoW, 3_2_00D339B6
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 3_2_00D33A8C
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: EnumSystemLocalesW, 3_2_00D2CA14
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: GetLocaleInfoW, 3_2_00D2CF23
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Code function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar, 12_2_004021B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: GetLocaleInfoW, 13_2_0034769C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: GetLocaleInfoW, 14_2_0034769C
Queries the installation date of Windows
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
Queries the product ID of Windows
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\installer_prefs_include.json VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\root_files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\installer_prefs_include.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\installer.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\doh_providers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\ab_tests.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraLight.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraLight.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraLightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraLightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Italic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Italic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Medium.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-MediumItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraLight.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraLightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Medium.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\video_conference_popout.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\continue_shopping.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\domain_suggestions.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\MEIPreload\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\browser.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\siteprefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\partner_speeddials.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\daily_wallpapers.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Italic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Italic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-MediumItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-MediumItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraLightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Italic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ThinItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ThinItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Underwave-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Web\Wallpaper\Windows\img0.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Medium.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-MediumItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-MediumItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Italic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Italic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ThinItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Underwave-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Underwave-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Medium.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Medium.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-MediumItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Underwave-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraLightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Italic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-LightItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Medium.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Medium.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-MediumItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-MediumItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Regular.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-SemiBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Thin.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Underwave-Bold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.version VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Black.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BlackItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-BoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBold.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ExtraBoldItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-Light.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\resources\fonts\Inter-ThinItalic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\114.0.5282.123\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_002ACB18 GetVersion,CreateNamedPipeW, 13_2_002ACB18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe Code function: 0_2_00007FF73CC480A4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF73CC480A4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_00210746 GetUserNameW,GetNamedSecurityInfoW,GetNamedSecurityInfoW,GetExplicitEntriesFromAclW,CheckTokenMembership,BuildExplicitAccessWithNameW,SetEntriesInAclW,SetEntriesInAclW,LocalFree,LocalFree,LocalFree,LocalFree,SetNamedSecurityInfoW,SetNamedSecurityInfoW,LocalFree,LocalFree, 13_2_00210746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410291037121\assistant\assistant_installer.exe Code function: 13_2_0033F7E2 GetTimeZoneInformation, 13_2_0033F7E2
Source: C:\Users\user\AppData\Local\Temp\OperaGXInstaller\OperaGXInstaller.exe Code function: 3_2_00D01C57 GetVersion,GetModuleHandleW,GetProcAddress,GetSystemDirectoryW,LoadLibraryExW, 3_2_00D01C57
Source: C:\Users\user\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Adds / modifies Windows certificates
Source: C:\Users\user\AppData\Local\Temp\7zSC91E97EB\setup.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 Blob Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1544572 Sample: SecuriteInfo.com.Adware.Ele... Startdate: 29/10/2024 Architecture: WINDOWS Score: 34 118 Malicious sample detected (through community Yara rule) 2->118 120 Multi AV Scanner detection for submitted file 2->120 122 Contains functionality to register a low level keyboard hook 2->122 11 SecuriteInfo.com.Adware.Elemental.22.22509.21519.exe 16 2->11         started        15 opera_autoupdate.exe 2->15         started        process3 dnsIp4 112 185.26.182.112 NO-OPERANO Norway 11->112 98 C:\Users\user\...\OperaGXInstaller.exe, PE32 11->98 dropped 100 C:\Users\user\AppData\...\OperaGXSetup[1].exe, PE32 11->100 dropped 17 OperaGXInstaller.exe 2 11->17         started        114 82.145.216.20 NO-OPERANO United Kingdom 15->114 116 127.0.0.1 unknown unknown 15->116 102 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 15->102 dropped 20 opera_autoupdate.exe 15->20         started        file5 process6 file7 60 C:\Users\user\AppData\Local\...\setup.exe, PE32 17->60 dropped 22 setup.exe 50 17->22         started        process8 dnsIp9 106 185.26.182.111 NO-OPERANO Norway 22->106 108 185.26.182.122 NO-OPERANO Norway 22->108 110 7 other IPs or domains 22->110 72 Opera_GX_assistant....exe_sfx.exe (copy), PE32 22->72 dropped 74 Opera_installer_2410291437108383928.dll, PE32 22->74 dropped 76 C:\Users\user\AppData\Local\...\setup.exe, PE32 22->76 dropped 78 4 other files (none is malicious) 22->78 dropped 26 setup.exe 1 178 22->26         started        29 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 5 22->29         started        31 setup.exe 5 22->31         started        33 2 other processes 22->33 file10 process11 file12 80 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 26->80 dropped 82 Opera_installer_2410291437126772788.dll, PE32 26->82 dropped 84 C:\Users\user\AppData\...\win8_importing.dll, PE32+ 26->84 dropped 96 20 other files (none is malicious) 26->96 dropped 35 installer.exe 26->35         started        39 setup.exe 4 26->39         started        86 C:\Users\user\AppData\Local\...\mojo_core.dll, PE32 29->86 dropped 88 C:\Users\user\...\browser_assistant.exe, PE32 29->88 dropped 90 C:\Users\user\...\assistant_installer.exe, PE32 29->90 dropped 92 Opera_installer_2410291437111626972.dll, PE32 31->92 dropped 94 Opera_installer_2410291437117157164.dll, PE32 33->94 dropped 41 assistant_installer.exe 2 33->41         started        process13 file14 62 Opera_installer_2410291438317856856.dll, PE32+ 35->62 dropped 64 C:\Users\user\AppData\Local\...\opera.exe, PE32+ 35->64 dropped 66 C:\Users\user\...\opera_autoupdate.exe, PE32+ 35->66 dropped 70 2 other files (none is malicious) 35->70 dropped 124 Installs a global event hook (focus changed) 35->124 43 EwdhIsAfAL.exe 35->43 injected 46 explorer.exe 35->46 injected 48 installer.exe 35->48         started        51 15 other processes 35->51 68 C:\...\Opera_installer_241029143713033712.dll, PE32 39->68 dropped signatures15 process16 file17 126 Found direct / indirect Syscall (likely to bypass EDR) 43->126 53 opera.exe 46->53         started        58 Opera_installer_2410291438320976684.dll, PE32+ 48->58 dropped 56 opera_crashreporter.exe 51->56         started        signatures18 process19 dnsIp20 104 192.168.2.6 unknown unknown 53->104
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
82.145.217.121
 unknown United Kingdom
39832 NO-OPERANO false
82.145.216.20
 unknown United Kingdom
39832 NO-OPERANO false
104.18.25.17
 unknown United States
13335 CLOUDFLARENETUS false
82.145.216.19
 unknown United Kingdom
39832 NO-OPERANO false
185.26.182.111
 unknown Norway
39832 NO-OPERANO false
185.26.182.122
 unknown Norway
39832 NO-OPERANO false
185.26.182.112
 unknown Norway
39832 NO-OPERANO false
185.26.182.123
 unknown Norway
39832 NO-OPERANO false
104.18.10.89
 unknown United States
13335 CLOUDFLARENETUS false
192.229.221.95
 unknown United States
15133 EDGECASTUS false
23.38.98.86
 unknown United States
16625 AKAMAI-ASUS false

Private

IP
192.168.2.6
127.0.0.1