Edit tour

Windows Analysis Report
CuteWriter.exe

Overview

General Information

Sample name:	CuteWriter.exe
Analysis ID:	1427639
MD5:	4ba5a70c0123a687edd954946156c04f
SHA1:	09536c4652e9af34ef91d675991cddb749dc57ec
SHA256:	72561349751266c51f2d48b6dd42f94148a90f4c678de0f5db9f5ae431e12649
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Compliance

Score:	36
Range:	0 - 100

Signatures

Found direct / indirect Syscall (likely to bypass EDR)

Installs a global event hook (focus changed)

Binary contains a suspicious time stamp

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

EXE planting / hijacking vulnerabilities found

Extensive use of GetProcAddress (often used to hide API calls)

Found decision node followed by non-executed suspicious APIs

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTML page contains hidden URLs or javascript code

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Stores large binary data to the registry

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample searches for specific file, try point organization specific fake files to the analysis machine

Process Tree

System is w10x64

CuteWriter.exe (PID: 6852 cmdline: "C:\Users\user\Desktop\CuteWriter.exe" MD5: 4BA5A70C0123A687EDD954946156C04F)

CuteWriter.tmp (PID: 4632 cmdline: "C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp" /SL5="$20446,5944588,56832,C:\Users\user\Desktop\CuteWriter.exe" MD5: FFCF263A020AA7794015AF0EDEE5DF0B)

Setup.exe (PID: 6500 cmdline: "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe" /inscpw4 -d"C:\Program Files (x86)\CutePDF Writer" MD5: A8EFE2A017079497FE948191F8904A17)

converter.exe (PID: 2416 cmdline: C:\Users\user\AppData\Local\Temp\\converter.exe /auto MD5: BF9F58A65F6954406E6DCD29BB458A19)

unInstcpw64.exe (PID: 2652 cmdline: unInstcpw64.exe /copy MD5: 7B17AE1C9AED3C8C89FF6CDEF68F9FD5)

splwow64.exe (PID: 6904 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)

chrome.exe (PID: 5224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.cutepdf-editor.com/support/writer.asp MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1640,i,13590044467732800076,8352524087445346693,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

OperaSetup.exe (PID: 2520 cmdline: "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe" --silent --allusers=0 MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7)

OperaSetup.exe (PID: 7228 cmdline: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6c1821c8,0x6c1821d4,0x6c1821e0 MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7)

OperaSetup.exe (PID: 7624 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7)

OperaSetup.exe (PID: 7716 cmdline: "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2520 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240417224118" --session-guid=b69c0d3b-1d60-4a71-a3bd-8c5c22cda97a --server-tracking-blob="YThhOWJmMmM2OGU3MjdiOGJmODcxZmRlNTU1NzlkYjYyMGVkYzBmZTg5OGNiYjI0MTA4MWRiNDExOTk2NTA1NDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFjcm8mdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249Y3BkZl9zb2Z0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NzUwNjU3LjEzNTciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjcGRmX3NvZnQiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImFjcm8ifSwidXVpZCI6Ijc4YjU5NzQyLTQyM2EtNGRkMi1hMDNkLTg5MzU2YWNjM2ZmYSJ9 " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6805000000000000 MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7)

OperaSetup.exe (PID: 7756 cmdline: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x300,0x304,0x308,0x2c8,0x30c,0x6b5d21c8,0x6b5d21d4,0x6b5d21e0 MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7)

installer.exe (PID: 7120 cmdline: "C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe" --backend --initial-pid=2520 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --show-intro-overlay --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181" --session-guid=b69c0d3b-1d60-4a71-a3bd-8c5c22cda97a --server-tracking-blob="YThhOWJmMmM2OGU3MjdiOGJmODcxZmRlNTU1NzlkYjYyMGVkYzBmZTg5OGNiYjI0MTA4MWRiNDExOTk2NTA1NDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFjcm8mdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249Y3BkZl9zb2Z0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NzUwNjU3LjEzNTciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjcGRmX3NvZnQiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImFjcm8ifSwidXVpZCI6Ijc4YjU5NzQyLTQyM2EtNGRkMi1hMDNkLTg5MzU2YWNjM2ZmYSJ9 " --silent --desktopshortcut=1 --install-subfolder=109.0.5097.45 MD5: 053ADC8C34F1ECB38BCA1C6832DD27AC)

installer.exe (PID: 6156 cmdline: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x278,0x27c,0x280,0x274,0x250,0x7ffdf9937c80,0x7ffdf9937c8c,0x7ffdf9937c98 MD5: 053ADC8C34F1ECB38BCA1C6832DD27AC)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

assistant_installer.exe (PID: 5828 cmdline: "C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\user\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0 MD5: 976BC8E5FE65F9BB56831E20F1747150)

assistant_installer.exe (PID: 5428 cmdline: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x210,0x208,0x234,0x20c,0x238,0x1126038,0x1126044,0x1126050 MD5: 976BC8E5FE65F9BB56831E20F1747150)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3468 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 4412 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 1740 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 5756 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 5844 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3808 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3684 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

assistant_installer.exe (PID: 3748 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --installfolder="C:\Users\user\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0 MD5: 976BC8E5FE65F9BB56831E20F1747150)

assistant_installer.exe (PID: 2032 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x9a6038,0x9a6044,0x9a6050 MD5: 976BC8E5FE65F9BB56831E20F1747150)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 4928 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3244 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3568 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WJViQqIQpkJHwwlXNjpzvf.exe (PID: 4108 cmdline: "C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

Assistant_109.0.5097.45_Setup.exe_sfx.exe (PID: 7668 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe" MD5: 15D8C8F36CEF095A67D156969ECDB896)

assistant_installer.exe (PID: 744 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --version MD5: 976BC8E5FE65F9BB56831E20F1747150)

assistant_installer.exe (PID: 5284 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x9a6038,0x9a6044,0x9a6050 MD5: 976BC8E5FE65F9BB56831E20F1747150)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe, ProcessId: 3748, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Opera Browser Assistant

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\opera.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\launcher.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\notification_helper.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer_helper_64.exe
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_gx_splash.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera.exe
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_autoupdate.exe

Phishing

HTML page contains hidden URLs or javascript code

Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=600&slotname=8138180617&adk=373269726&adf=126291155&pi=t.ma~as.8138180617&w=160&lmt=1713386480&format=160x600&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713386479208&bpp=1&bdt=1018&idt=1057&shv=r20240415&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=728x90&correlator=464567931983&frm=20&pv=1&ga_vid=983432702.1713386479&ga_sid=1713386480&ga_hid=274577743&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=867&ady=420&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31082771%2C42532523%2C44798934%2C95328467%2C95329428%2C31082835%2C95322329%2C95329830&oid=2&pvsid=1167234827264558&tmod=1431185080&uas=0&nvt=1&f...

HTTP Parser: Base64 decoded: MM0BUB-BYBgBcBshgFGAIiAQA\u0026sigh=C_gINU4rE7s\u0026cid=CAQSTwB7FLtqKM23G5I1wz6Pkbawvciq7zXz_J1cS84W8zSH3oX03n5AlaH3iLKFL2sQyeuRUbG3mpem6x_M7eqs-9YvcmDHeSVx3fwCjmf6xkc",[null,null,null,"https://displayads-formats.googleusercontent.com/ads/preview/content...

Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=600&slotname=8138180617&adk=373269726&adf=126291155&pi=t.ma~as.8138180617&w=160&lmt=1713386480&format=160x600&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713386479208&bpp=1&bdt=1018&idt=1057&shv=r20240415&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=728x90&correlator=464567931983&frm=20&pv=1&ga_vid=983432702.1713386479&ga_sid=1713386480&ga_hid=274577743&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=867&ady=420&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31082771%2C42532523%2C44798934%2C95328467%2C95329428%2C31082835%2C95322329%2C95329830&oid=2&pvsid=1167234827264558&tmod=1431185080&uas=0&nvt=1&f...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=280&slotname=4387574616&adk=1818151991&adf=1925678805&pi=t.ma~as.4387574616&w=336&lmt=1713386480&format=336x280&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713386479209&bpp=1&bdt=1019&idt=1068&shv=r20240415&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=728x90%2C160x600&correlator=464567931983&frm=20&pv=1&ga_vid=983432702.1713386479&ga_sid=1713386480&ga_hid=274577743&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=464&ady=1814&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31082771%2C42532523%2C44798934%2C95328467%2C95329428%2C31082835%2C95322329%2C95329830&oid=2&pvsid=1167234827264558&tmod=1431185080&...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=90&slotname=6092711011&adk=1854165047&adf=3987798746&pi=t.ma~as.6092711011&w=728&lmt=1713386480&format=728x90&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713386479204&bpp=4&bdt=1014&idt=1034&shv=r20240415&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=464567931983&frm=20&pv=2&ga_vid=983432702.1713386479&ga_sid=1713386480&ga_hid=274577743&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=144&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31082771%2C42532523%2C44798934%2C95328467%2C95329428%2C31082835%2C95322329%2C95329830&oid=2&pvsid=1167234827264558&tmod=1431185080&uas=0&nvt=1&fc=896&brdim=0%2C0...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=90&slotname=6092711011&adk=1854165047&adf=3987798746&pi=t.ma~as.6092711011&w=728&lmt=1713386480&format=728x90&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713386479204&bpp=4&bdt=1014&idt=1034&shv=r20240415&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=464567931983&frm=20&pv=2&ga_vid=983432702.1713386479&ga_sid=1713386480&ga_hid=274577743&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=144&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31082771%2C42532523%2C44798934%2C95328467%2C95329428%2C31082835%2C95322329%2C95329830&oid=2&pvsid=1167234827264558&tmod=1431185080&uas=0&nvt=1&fc=896&brdim=0%2C0...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271803&client=ca-pub-6555658820068848&fa=3&ifi=7&uci=a!7&btvi=2	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271804&client=ca-pub-6555658820068848&fa=4&ifi=8&uci=a!8&btvi=3	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271804&client=ca-pub-6555658820068848&fa=4&ifi=8&uci=a!8&btvi=3	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271804&client=ca-pub-6555658820068848&fa=4&ifi=8&uci=a!8&btvi=3	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-6555658820068848&fa=8&ifi=6&uci=a!6	HTTP Parser: No favicon
Source: https://p4-aw7vdoaqd4hlw-pa4eu276oujsn2dp-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-3-&adk=1812271801&client=ca-pub-6555658820068848&fa=1&ifi=9&uci=a!9&btvi=4	HTTP Parser: No favicon
Source: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon

Bitcoin Miner

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION browser_assistant.exe

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\opera.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\launcher.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_crashreporter.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\notification_helper.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer_helper_64.exe
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_gx_splash.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera.exe
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	EXE: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_autoupdate.exe

Uses 32bit PE files

Source: CuteWriter.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Found installer window with terms and condition text

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse Engineering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse Engineering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse Engineering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go

Creates a software uninstall entry

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CutePDF Writer Installation

Jump to behavior

Creates install or setup log file

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20240417224117808.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20240417224119169.log
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240417224144.log
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20240417224221297.log
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240417224227.log
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240417224228.log

Creates license or readme file

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe

File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\resources\opera_intro_extension\index.js.LICENSE.txt

PE / OLE file has a valid certificate

Source: CuteWriter.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: CuteWriter.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: ps5ui.pdbH source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: _lib.dll.pdb@+ source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000000.2079178927.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000000.2087433669.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000000.2093874178.0000000000917000.00000080.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000000.2099132850.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp
Source:	Binary string: pscript5.pdb source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000001.2089349383.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.00000000006B1000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.0000000000171000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: _lib.dll.pdb source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000000.2079178927.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000000.2087433669.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000000.2093874178.0000000000917000.00000080.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000000.2099132850.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb@+ source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: ps5ui.pdb source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: .pdb.dbg source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: pscript5.pdbH source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: .pdb@ source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000000.2079178927.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000000.2087433669.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000000.2093874178.0000000000917000.00000080.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000000.2099132850.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb@ source: OperaSetup.exe, 0000000A.00000002.2957530474.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000001.2089349383.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.00000000006B1000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.0000000000171000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: dbghelp.pdb source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: \Unknown exceptionbad array new length.pdbSymbols loaded successfully. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: dbghelp.pdbGCTL source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00452AD4 FindFirstFileA,GetLastError,	1_2_00452AD4
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0046417C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0046417C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004645F8 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_004645F8
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00462BF0 FindFirstFileA,FindNextFileA,FindClose,	1_2_00462BF0
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00498FDC FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00498FDC
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00475798 FindFirstFileA,FindNextFileA,FindClose,	1_2_00475798
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Code function: 6_2_00403285 GlobalAlloc,FindFirstFileA,lstrcpyA,FindClose,	6_2_00403285
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Code function: 6_2_004010A3 FindFirstFileA,FindClose,	6_2_004010A3
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Code function: 6_2_00403DAF lstrlenA,lstrcpyA,lstrcatA,FindFirstFileA,GetTickCount,lstrcpyA,lstrcatA,RemoveDirectoryA,GetTickCount,GetTickCount,FindNextFileA,FindClose,RemoveDirectoryA,MessageBoxA,	6_2_00403DAF
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Code function: 7_2_00401140 lstrcpyA,strrchr,FindFirstFileA,lstrcpyA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,	7_2_00401140

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\	Jump to behavior

Software Vulnerabilities

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe

Code function: 4x nop then lea rdx, qword ptr [rsp+00000270h]

7_2_00401140

Networking

Source: OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: frame-src https://www.youtube.com https://player.vimeo.com https://vimeo.com; worker-src 'none'; frame-ancestors 'none'; img-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com data: https://secure.gravatar.com https://www.gravatar.com https://i1.wp.com https://i.ytimg.com https://i.vimeocdn.com https://www.google-analytics.com https://forums.opera.com; base-uri 'self'; form-action 'self' https://forums.opera.com; default-src 'none'; script-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com 'report-sample' https://www.google-analytics.com 'nonce-tZczxVGjzT7YCkdhmrwTUg=='; font-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com https://fonts.gstatic.com; block-all-mixed-content; media-src https://addons-media.operacdn.com/media/; connect-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com https://sentry-relay.opera-api.com https://www.google-analytics.com https://www.opera.com https://forums.opera.com; style-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com; report-uri https://sentry-relay.opera-api.com/api/170/security/?sentry_key=8718908c4bc211ed9f0d161f2d7f9658 equals www.youtube.com (Youtube)
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: style-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com; block-all-mixed-content; connect-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com https://sentry-relay.opera-api.com https://www.google-analytics.com https://www.opera.com https://forums.opera.com; media-src https://addons-media.operacdn.com/media/; frame-ancestors 'none'; script-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com 'report-sample' https://www.google-analytics.com; font-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com https://fonts.gstatic.com; frame-src https://www.youtube.com https://player.vimeo.com https://vimeo.com; default-src 'none'; img-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com data: https://secure.gravatar.com https://www.gravatar.com https:// equals www.youtube.com (Youtube)
Source: OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policystyle-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com; block-all-mixed-content; connect-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com https://sentry-relay.opera-api.com https://www.google-analytics.com https://www.opera.com https://forums.opera.com; media-src https://addons-media.operacdn.com/media/; frame-ancestors 'none'; script-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com 'report-sample' https://www.google-analytics.com; font-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com https://fonts.gstatic.com; frame-src https://www.youtube.com https://player.vimeo.com https://vimeo.com; default-src 'none'; img-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com data: https://secure.gravatar.com https://www.gravatar.com https://i1.wp.com https://i.ytimg.com https://i.vimeocdn.com https://www.google-analytics.com https://forums.opera.com; worker-src 'none'; base-uri 'self'; form-action 'self' https://forums.opera.com; report-uri https://sentry-relay.opera-api.com/api/170/security/?sentry_key=8718908c4bc211ed9f0d161f2d7f9658 equals www.youtube.com (Youtube)
Source: OperaSetup.exe	String found in binary or memory: hatsapp.com/legal; and c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/l equals www.facebook.com (Facebook)
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000009.00000002.3021530576.00000C44002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: onts.gstatic.com; frame-src https://www.youtube.com https://player.vimeo.com https://vimeo.com; default-src 'none'; img-src 'self' https://addons-static.operacdn.com https://addons-media.operacdn.com data: https://secure.gravatar.com https://www.gravatar.cm) equals www.youtube.com (Youtube)
Source: chrome.exe, 00000009.00000002.3049193326.00000C4401788000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)

Source: chrome.exe, 00000009.00000002.3016981278.00000C440000C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000009.00000002.3023531674.00000C44003B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498ange
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502c
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901b
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901q
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000009.00000002.3028266221.00000C44007BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375xE
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000009.00000002.3024244660.00000C4400480000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: OperaSetup.exe	String found in binary or memory: http://autoupdate-staging.services.ams.osa/
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1876450342.0000000000546000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2341396918.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2372451614.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314908527.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2979424734.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314883688.0000000056B54000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.000000000131F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2372451614.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314908527.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2979424734.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314883688.0000000056B54000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.2051296710.0000000000527000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1876450342.0000000000546000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000052A000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331950671.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2372451614.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314908527.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2341267748.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2979424734.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314883688.0000000056B54000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.000000000131F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000009.00000002.3027222472.00000C44006DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1876450342.0000000000546000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2341396918.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2372451614.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314908527.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2979424734.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314883688.0000000056B54000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.000000000131F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2372451614.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314908527.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2979424734.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314883688.0000000056B54000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Setup.exe, 00000003.00000003.1876450342.0000000000546000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digih
Source: Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: chrome.exe, 00000009.00000002.3019018901.00000C4400134000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3018416414.00000C44000E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5H
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVl
Source: chrome.exe, 00000009.00000002.3055644681.00000C4401F0C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
Source: chrome.exe, 00000009.00000002.3064180517.00000C44036DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000009.00000002.3064180517.00000C44036DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx349.1/
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkihi
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebndkojlmppeemjh
Source: chrome.exe, 00000009.00000002.3018877748.00000C4400128000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocm
Source: chrome.exe, 00000009.00000002.3019622614.00000C440018C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ad6eob6nunr64xlqs3i7jpbbwlqa_20230923.567854667.14/ob
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/awbwhkldc27ygywhstypg77e7m_8679/hfnkpimlhhgieaddgfemj
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanleaf
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/dvwmczhfksazn5mwlykzsdqv6u_2024.3.27.0/gonpemdgkjcecd
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/e7xo23p2hym36lpmqsgqlzfmwe_3026/jflookgnkcckhobaglndi
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/fpkk4dndblzegbba53f5uoxbqm_927/efniojlnjndmcbiieegkic
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcji
Source: chrome.exe, 00000009.00000002.3018877748.00000C4400128000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/nujou4crtv5zkn6bgthixtooam_2024.3.25.1/kiabhabjdbkjdp
Source: chrome.exe, 00000009.00000002.3043956038.00000C440129C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkkehgbnf
Source: chrome.exe, 00000009.00000002.3049873467.00000C440180C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
Source: Setup.exe, Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: http://download.acrosoftware.com/download/converter.asp?V=P1
Source: Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: http://download.acrosoftware.com/download/converter.asp?V=P1http://download.cutepdf.com/download/con
Source: Setup.exe, Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: http://download.cutepdf.com/download/converter.asp?V=P1
Source: Setup.exe, Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000003.2051296710.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.2051296710.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000050E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.cutepdf.com/download/converter2.asp
Source: Setup.exe, 00000003.00000003.2051296710.0000000000527000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000052A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.cutepdf.com/download/converter2.aspDR
Source: Setup.exe, 00000003.00000003.2051296710.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.0000000000565000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.cutepdf.com/download/converter2.aspf/
Source: Setup.exe, 00000003.00000002.2051877549.000000000050E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.cutepdf.com/download/converter2.aspz
Source: Setup.exe, 00000003.00000003.2051296710.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000057E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.cutepdf.com/download/gplgs.exe
Source: Setup.exe, 00000003.00000003.2051296710.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000057E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.cutepdf.com/download/gplgs.exe71
Source: chrome.exe, 00000009.00000002.3018877748.00000C4400128000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwy
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01u
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/
Source: chrome.exe, 00000009.00000002.3048290210.00000C4401658000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
Source: chrome.exe, 00000009.00000002.3039431558.00000C4400F8C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx
Source: chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebnd
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjk
Source: chrome.exe, 00000009.00000002.3019147771.00000C440014C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6eob6nunr64xlqs3i7jpbbwlqa_20230923.567
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/awbwhkldc27ygywhstypg77e7m_8679/hfnkpimlh
Source: chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305
Source: chrome.exe, 00000009.00000002.3027222472.00000C44006DC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3025052042.00000C4400520000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dvwmczhfksazn5mwlykzsdqv6u_2024.3.27.0/go
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/e7xo23p2hym36lpmqsgqlzfmwe_3026/jflookgnk
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fpkk4dndblzegbba53f5uoxbqm_927/efniojlnjn
Source: chrome.exe, 00000009.00000002.3027222472.00000C44006DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbog
Source: chrome.exe, 00000009.00000002.3027222472.00000C44006DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/nujou4crtv5zkn6bgthixtooam_2024.3.25.1/ki
Source: chrome.exe, 00000009.00000002.3027222472.00000C44006DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.120
Source: chrome.exe, 00000009.00000002.3017425933.00000C440008E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.2051296710.0000000000527000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1876450342.0000000000546000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000052A000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331950671.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2372451614.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314908527.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2341267748.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2979424734.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314883688.0000000056B54000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.000000000131F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1876450342.0000000000546000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2341396918.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2372451614.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314908527.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2979424734.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314883688.0000000056B54000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.000000000131F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2372451614.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314908527.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2979424734.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314883688.0000000056B54000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHF
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946
Source: chrome.exe, 00000009.00000002.3048290210.00000C4401658000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000009.00000002.3055644681.00000C4401F0C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000009.00000002.3030946393.00000C4400998000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000009.00000002.3031153629.00000C44009BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000009.00000002.3031153629.00000C44009BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/a
Source: CuteWriter.tmp, 00000001.00000003.2102555707.0000000002128000.00000004.00001000.00020000.00000000.sdmp, Setup.exe, Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.CutePDF.com
Source: Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.CutePDF.comCutePDF
Source: Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.CutePDF.comInstallLocationDisplayIconPublisherAcro
Source: converter.exe, 00000006.00000002.2140275800.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.artifex.com
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, Setup.exe, 00000003.00000003.1875230195.0000000002017000.00000004.00000020.00020000.00000000.sdmp, unInstcpw64.exe, 00000007.00000002.2046563842.000000000054B000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUVi
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-L
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
Source: chrome.exe, 00000009.00000002.3064180517.00000C44036DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnn
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebndkojlmppe
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkk
Source: chrome.exe, 00000009.00000002.3019622614.00000C440018C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad6eob6nunr64xlqs3i7jpbbwlqa_20230923.567854667.1
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/awbwhkldc27ygywhstypg77e7m_8679/hfnkpimlhhgieaddg
Source: chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/dvwmczhfksazn5mwlykzsdqv6u_2024.3.27.0/gonpemdgkj
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/e7xo23p2hym36lpmqsgqlzfmwe_3026/jflookgnkcckhobag
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/fpkk4dndblzegbba53f5uoxbqm_927/efniojlnjndmcbiiee
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindgg
Source: chrome.exe, 00000009.00000002.3018877748.00000C4400128000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhl
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/nujou4crtv5zkn6bgthixtooam_2024.3.25.1/kiabhabjdb
Source: chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkkeh
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: CuteWriter.tmp, CuteWriter.tmp, 00000001.00000000.1652728046.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: CuteWriter.exe, CuteWriter.exe, 00000000.00000002.2107375002.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: CuteWriter.exe, 00000000.00000002.2107375002.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: OperaSetup.exe, 0000000A.00000003.2372451614.0000000056B64000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2314908527.0000000056B64000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com
Source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2103201578.000000000018C000.00000004.00000010.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2092734124.0000000003998000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.000000000131F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.opera.com0
Source: OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com3
Source: CuteWriter.exe, 00000000.00000003.1652232868.0000000002164000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.exe, 00000000.00000003.1651757759.00000000023F0000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, CuteWriter.tmp, 00000001.00000000.1652728046.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: CuteWriter.exe, 00000000.00000003.1652232868.0000000002164000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.exe, 00000000.00000003.1651757759.00000000023F0000.00000004.00001000.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000000.1652728046.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.remobjects.com/psU
Source: converter.exe, 00000006.00000003.2134893707.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000006.00000003.2134308527.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000006.00000002.2140720937.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winzip.co
Source: converter.exe, 00000006.00000002.2140720937.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winzip.com
Source: converter.exe, 00000006.00000003.2134893707.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000006.00000003.2134308527.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000006.00000002.2140720937.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winzip.comCan
Source: converter.exe, 00000006.00000003.2134893707.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000006.00000003.2134308527.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp, converter.exe, 00000006.00000002.2140720937.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.winzip.comThis
Source: chrome.exe, 00000009.00000002.3032878193.00000C4400B84000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000009.00000002.3017425933.00000C4400064000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000009.00000002.3023531674.00000C44003B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000009.00000002.3016981278.00000C440000C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000009.00000002.3018041209.00000C44000A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000009.00000002.3018041209.00000C44000A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000009.00000002.3018041209.00000C44000A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000009.00000002.3017425933.00000C4400064000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000009.00000002.3023531674.00000C44003B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.comD
Source: chrome.exe, 00000009.00000002.3050037957.00000C4401824000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ad.oub
Source: OperaSetup.exe, 0000000A.00000003.2857456190.000000000130E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-extensions.operacdn.com/
Source: OperaSetup.exe, 0000000A.00000003.2857456190.000000000130E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-extensions.operacdn.com/J
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crx
Source: OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crx.
Source: OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crx2
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crxL
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crxid
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crxt
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crxy
Source: OperaSetup.exe, 0000000A.00000003.2857456190.000000000130E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-media.oper3)
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-media.operacdn.com
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-media.operacdn.com/media/;
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-media.operacdn.com;
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons-static.operacdn.com
Source: OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.000000000129F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com
Source: OperaSetup.exe, 0000000A.00000003.2857546430.00000000012E1000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/
Source: OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: OperaSetup.exe	String found in binary or memory: https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4f
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4f.opera.com
Source: OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857546430.00000000012E1000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4f/
Source: OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4fionKeyBackward
Source: OperaSetup.exe, 0000000A.00000002.2991912952.0000000056AEC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4ftro.crx=cpdf_so
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://addons.opera.com/toupdate=1&ni=1
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000009.00000002.3023531674.00000C44003B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3023531674.00000C44003B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847&
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000009.00000003.2817042856.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2800783734.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2884805520.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857546430.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera&version=108.0.5067.20
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857546430.00000000012F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera&version=108.0.5067.20g
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/d
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktophttps://cr
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/m
Source: OperaSetup.exe, 0000000A.00000003.2341396918.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857546430.00000000012E1000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2112391984.00000000012E3000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012DD000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115240271.00000000012E1000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/opera/Stable/windows/x64
Source: OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/opera/Stable/windows/x64m
Source: chrome.exe, 00000009.00000002.3027563051.00000C440072C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.3032878193.00000C4400B84000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000009.00000002.3033023389.00000C4400BA4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000009.00000002.3033023389.00000C4400BA4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000009.00000002.3032496198.00000C4400B28000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000009.00000002.3017788001.00000C4400098000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000009.00000002.3017788001.00000C4400098000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000009.00000002.3030946393.00000C4400998000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000009.00000002.3016981278.00000C440000C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000009.00000002.3030653605.00000C4400978000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033023389.00000C4400BA4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000009.00000002.3033023389.00000C4400BA4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en106243
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreD
Source: chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000009.00000002.3067338151.0000136400794000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000009.00000002.3067338151.0000136400794000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/(
Source: chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/(TrustTokenOperationsRequiringOriginTrial#all-operat
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000009.00000002.3016981278.00000C440000C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000009.00000002.3038193857.00000C4400EE8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000009.00000002.3027382750.00000C44006FC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3016981278.00000C440000C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3018287237.00000C44000D0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033023389.00000C4400BA4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3027670428.00000C4400752000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000009.00000002.2982827483.0000003CBE7FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxD
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000009.00000002.3027222472.00000C44006DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C91000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://convertgetpdf.com
Source: chrome.exe, 00000009.00000002.3040654036.00000C4401030000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://convertgetpdf.com%22
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C91000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://convertwithwave.com
Source: chrome.exe, 00000009.00000002.3040654036.00000C4401030000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3001764526.000001A61E407000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://convertwithwave.com%22
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: OperaSetup.exe, 0000000D.00000002.2974456633.00000000013A0000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000003.2106095274.000000003E4D0000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: OperaSetup.exe, 00000010.00000002.2921561634.0000000001108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit--annotation=channel=Stable--annotation=plat=
Source: OperaSetup.exe, 0000000D.00000002.2982947605.000000002E054000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit--monitor-self-annotation=ptype=crashpad-hand
Source: OperaSetup.exe, 0000000D.00000002.2983148512.000000002E05C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit.
Source: OperaSetup.exe, 0000000D.00000002.2982008055.000000002E024000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x2e4
Source: OperaSetup.exe, 0000000D.00000002.2982008055.000000002E024000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submitC:
Source: OperaSetup.exe, 0000000D.00000002.2984835399.000000002E0B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashstats-collector.opera.com/collector/submithttps://crashstats-collector.opera.com/collec
Source: chrome.exe, 00000009.00000002.3038482090.00000C4400F08000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E40D000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control:
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E40D000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3038482090.00000C4400F08000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1d
Source: chrome.exe, 00000009.00000002.3033684276.00000C4400C18000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1tD
Source: chrome.exe, 00000009.00000002.3006431561.000001A620C1D000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/other
Source: chrome.exe, 00000009.00000002.3006431561.000001A620C1D000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/otherCross-Origin-Opener-Policy:
Source: chrome.exe, 00000009.00000002.3006431561.000001A620C1D000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/otherr
Source: chrome.exe, 00000009.00000002.3006431561.000001A620C1D000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/otherrj
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E40D000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/mysidia
Source: chrome.exe, 00000009.00000002.3027866508.00000C440075C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060868982.00000C4402934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061776441.00000C4402B64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3048397770.00000C440166C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/recaptcha/1
Source: chrome.exe, 00000009.00000002.3061776441.00000C4402B64000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/recaptcha/1D
Source: chrome.exe, 00000009.00000002.3048397770.00000C440166C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/recaptcha/1L
Source: chrome.exe, 00000009.00000002.3062280169.00000C4402BCC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/recaptcha/1X-Content-Type-Options:
Source: chrome.exe, 00000009.00000002.3060493740.00000C44028E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060868982.00000C4402934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3048397770.00000C440166C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/recaptcha/1e
Source: chrome.exe, 00000009.00000002.3060868982.00000C4402934000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/recaptcha/1eon
Source: chrome.exe, 00000009.00000002.3006431561.000001A620C1D000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/other
Source: chrome.exe, 00000009.00000002.3062280169.00000C4402BCC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/recaptcha
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E40D000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059530326.00000C4402754000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/static-on-bigtable
Source: chrome.exe, 00000009.00000002.3044361567.00000C44012E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2800783734.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2884805520.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/static-on-bigtable;
Source: chrome.exe, 00000009.00000002.3062085612.00000C4402BA8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/static-on-bigtableoD
Source: chrome.exe, 00000009.00000002.3044056261.00000C44012B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3006803549.000001A620C80000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.com
Source: chrome.exe, 00000009.00000002.3030653605.00000C4400978000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045870949.00000C440150C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050250427.00000C4401850000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3037731272.00000C4400EA8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032878193.00000C4400B84000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3048884177.00000C4401744000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058302574.00000C44021B8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3044361567.00000C44012E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058165434.00000C4402194000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3055414776.00000C4401EE4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050666604.00000C44018C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058227837.00000C44021B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059452971.00000C4402740000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3028266221.00000C44007BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3017425933.00000C4400064000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059712235.00000C4402788000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3039327853.00000C4400F7C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/.js
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/2
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/2019
Source: chrome.exe, 00000009.00000002.3037731272.00000C4400EA8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/h
Source: chrome.exe, 00000009.00000002.3045870949.00000C440150C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3048884177.00000C4401744000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058302574.00000C44021B8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058165434.00000C4402194000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3057597842.00000C44020BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/licy
Source: chrome.exe, 00000009.00000002.3050250427.00000C4401850000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/om
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/om/
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/s
Source: chrome.exe, 00000009.00000002.3058227837.00000C44021B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.com/yndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C80000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comh
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C8C000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://convertgetpdf.com
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C8C000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://convertgetpdf.comhttps://www.cutepdf-editor.comhttps://www.googlea
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C8C000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://convertwithwave.com
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C8C000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://convertwithwave.comhttps://www.cutepdf-editor.comhttps://www.googl
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C8C000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://geteasypdf.com
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C8C000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://geteasypdf.comhttps://www.cutepdf-editor.comhttps://www.googleadse
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C8C000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://pcapp.store
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C8C000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://pcapp.storehttps://www.cutepdf-editor.comhttps://www.googleadservi
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C8C000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://viewpdf.net
Source: chrome.exe, 00000009.00000002.3051176145.00000C4401A45000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cutepdf-editor.comhttps://viewpdf.nethttps://www.cutepdf-editor.comhttps://www.googleadservi
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: OperaSetup.exe, 0000000A.00000002.2976627785.000000000129F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/)c
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/-
Source: OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software//
Source: OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/1
Source: OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/3c4ccf3.crx
Source: OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/C
Source: OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/L
Source: OperaSetup.exe, 0000000A.00000003.2115240271.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/SysWOW64
Source: OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/U
Source: OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/W
Source: OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/a
Source: OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/i
Source: OperaSetup.exe, 0000000A.00000003.2382423451.00000000012F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/l
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/1
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/W
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/i
Source: OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/s
Source: OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/staller
Source: OperaSetup.exe, 0000000A.00000003.2341396918.00000000012F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/ssSignCertificateDecodeExDllFuncName
Source: OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary0.53-DNA-116018-opera_intro.crx
Source: OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary0.53-DNA-116018-opera_intro.crxWh)3
Source: OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary5
Source: OperaSetup.exe, 0000000A.00000003.2331950671.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryB
Source: OperaSetup.exe, 0000000A.00000003.2390127095.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryC
Source: OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryK
Source: OperaSetup.exe, 0000000A.00000003.2245114633.00000000012DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryL
Source: OperaSetup.exe, 0000000A.00000003.2120759479.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115000891.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryO
Source: OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryQ
Source: OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.000000000129F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarya
Source: OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarydOIDInfo
Source: OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryemp
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software(
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software20
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwareC
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwarecrx
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwarecrxl
Source: OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryom
Source: OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryom.edgekey.net
Source: OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarys
Source: OperaSetup.exe, 0000000A.00000003.2120759479.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115000891.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryy
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ2Tm5
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUV
Source: chrome.exe, 00000009.00000002.3055644681.00000C4401F0C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
Source: chrome.exe, 00000009.00000002.3064180517.00000C44036DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkih
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebndkojlmppeemj
Source: chrome.exe, 00000009.00000002.3018877748.00000C4400128000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcoc
Source: chrome.exe, 00000009.00000002.3019622614.00000C440018C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ad6eob6nunr64xlqs3i7jpbbwlqa_20230923.567854667.14/o
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/awbwhkldc27ygywhstypg77e7m_8679/hfnkpimlhhgieaddgfem
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanlea
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/dvwmczhfksazn5mwlykzsdqv6u_2024.3.27.0/gonpemdgkjcec
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/e7xo23p2hym36lpmqsgqlzfmwe_3026/jflookgnkcckhobaglnd
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/fpkk4dndblzegbba53f5uoxbqm_927/efniojlnjndmcbiieegki
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcj
Source: chrome.exe, 00000009.00000002.3018877748.00000C4400128000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaae
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/nujou4crtv5zkn6bgthixtooam_2024.3.25.1/kiabhabjdbkjd
Source: chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkkehgbn
Source: chrome.exe, 00000009.00000002.3022822662.00000C4400320000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3021530576.00000C44002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.3028165351.00000C44007A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.3028165351.00000C44007A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.3028165351.00000C44007A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3021530576.00000C44002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.3027563051.00000C440072C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3021530576.00000C44002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.3027563051.00000C440072C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.3050923090.00000C4401920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045870949.00000C440150C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050250427.00000C4401850000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3037731272.00000C4400EA8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3049873467.00000C440180C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059391260.00000C4402730000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058899250.00000C440256C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3047558244.00000C440161C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061653198.00000C4402B18000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045456901.00000C440149C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050666604.00000C44018C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045973971.00000C4401530000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059452971.00000C4402740000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3057982443.00000C4402134000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060493740.00000C44028E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3044918462.00000C4401428000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060868982.00000C4402934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061776441.00000C4402B64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045707399.00000C44014DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/
Source: chrome.exe, 00000009.00000002.3045973971.00000C4401530000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3048037287.00000C4401648000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net//
Source: chrome.exe, 00000009.00000002.3039703745.00000C4400FA8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/D
Source: chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/click.net/
Source: chrome.exe, 00000009.00000002.3050250427.00000C4401850000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050666604.00000C44018C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/et
Source: chrome.exe, 00000009.00000002.3047558244.00000C440161C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061653198.00000C4402B18000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059452971.00000C4402740000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060868982.00000C4402934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050504862.00000C4401888000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3062023124.00000C4402B9C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/et/cys
Source: chrome.exe, 00000009.00000002.3058485011.00000C44021EC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/et/cysV
Source: chrome.exe, 00000009.00000002.3050923090.00000C4401920000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/et/cyse
Source: chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/etm
Source: chrome.exe, 00000009.00000002.3060187405.00000C440287C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/k.net/
Source: chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/m/
Source: chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/m/g=
Source: chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/me
Source: chrome.exe, 00000009.00000002.3045870949.00000C440150C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3049873467.00000C440180C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058899250.00000C440256C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3047558244.00000C440161C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061653198.00000C4402B18000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045456901.00000C440149C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045973971.00000C4401530000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059452971.00000C4402740000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3044918462.00000C4401428000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060868982.00000C4402934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045707399.00000C44014DC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058485011.00000C44021EC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060187405.00000C440287C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050504862.00000C4401888000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059530326.00000C4402754000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061715078.00000C4402B34000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3062023124.00000C4402B9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058667559.00000C4402218000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/net/
Source: chrome.exe, 00000009.00000002.3048397770.00000C440166C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/net/cy
Source: chrome.exe, 00000009.00000002.3048397770.00000C440166C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/net/ithm_D
Source: chrome.exe, 00000009.00000002.3059391260.00000C4402730000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045973971.00000C4401530000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060493740.00000C44028E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061776441.00000C4402B64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045809975.00000C44014F8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050504862.00000C4401888000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://doubleclick.net/net/y
Source: OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/
Source: OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/311.2.1.40L0
Source: OperaSetup.exe, 0000000A.00000003.2120759479.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115000891.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/C
Source: OperaSetup.exe, 0000000A.00000003.2112391984.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2341267748.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244869940.000000000130F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.000000000129F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2120877007.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2151832624.0000000056AB8000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=65593&autoupdate=1&ni=1&stream=stable&utm_campaign=cpdf_
Source: OperaSetup.exe, 0000000A.00000003.2857456190.000000000130E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115240271.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331950671.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2989151990.0000000056A2B000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2128166843.0000000056ABC000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2112391984.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2341267748.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=65635&autoupdate=1&ni=1
Source: OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=65635&autoupdate=1&ni=1c
Source: OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/download/get/?id=65635&autoupdate=1&ni=1i
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: OperaSetup.exe, 0000000A.00000003.2120759479.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115000891.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download.opera.com/y
Source: OperaSetup.exe, 0000000A.00000003.2115000891.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/
Source: OperaSetup.exe, 0000000A.00000003.2120759479.0000000001329000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/8:.6
Source: OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant/109.0.5097.45/Assistant_109.0.5097.45_Setup.exe
Source: OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/.assistant/109.0.5097.45/Assistant_109.0.5097.45_Setup.exe4
Source: OperaSetup.exe, 0000000A.00000003.2382423451.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://download5.operacdn.com/ftp/pub/opera/desktop/109.0.5097.45/win/Opera_109.0.5097.45_Autoupdat
Source: chrome.exe, 00000009.00000002.3022822662.00000C4400320000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000009.00000002.3022822662.00000C4400320000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000009.00000002.3022822662.00000C4400320000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000009.00000002.3022822662.00000C4400320000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000009.00000002.3022822662.00000C4400320000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3022752757.00000C4400310000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.3033023389.00000C4400BA4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000009.00000002.3025052042.00000C4400520000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000009.00000002.3032878193.00000C4400B84000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000009.00000002.3028889069.00000C4400844000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000009.00000002.3028102423.00000C4400790000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946
Source: chrome.exe, 00000009.00000002.3048290210.00000C4401658000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000009.00000002.3039431558.00000C4400F8C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebn
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmj
Source: chrome.exe, 00000009.00000002.3019147771.00000C440014C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6eob6nunr64xlqs3i7jpbbwlqa_20230923.56
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/awbwhkldc27ygywhstypg77e7m_8679/hfnkpiml
Source: chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.130
Source: chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3025052042.00000C4400520000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dvwmczhfksazn5mwlykzsdqv6u_2024.3.27.0/g
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/e7xo23p2hym36lpmqsgqlzfmwe_3026/jflookgn
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fpkk4dndblzegbba53f5uoxbqm_927/efniojlnj
Source: chrome.exe, 00000009.00000002.3027222472.00000C44006DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/ne
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbo
Source: chrome.exe, 00000009.00000002.3027222472.00000C44006DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/nujou4crtv5zkn6bgthixtooam_2024.3.25.1/k
Source: chrome.exe, 00000009.00000002.3027222472.00000C44006DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.12
Source: OperaSetup.exe, 0000000A.00000003.2115000891.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244869940.000000000130F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2120877007.0000000001311000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-a
Source: OperaSetup.exe, 0000000A.00000003.2115000891.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2112391984.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244869940.000000000130F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2108011233.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2120877007.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/
Source: OperaSetup.exe, 0000000A.00000003.2120759479.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115000891.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2108566837.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com//
Source: OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2108566837.0000000001329000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/2
Source: OperaSetup.exe, 0000000A.00000003.2120759479.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115000891.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2108566837.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/3
Source: OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2108566837.0000000001329000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/4
Source: OperaSetup.exe, 0000000A.00000003.2115000891.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2112391984.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244869940.000000000130F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2108011233.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2120877007.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/E:Y1
Source: OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: OperaSetup.exe, 0000000A.00000003.2120877007.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=07e54957-ef59-4f0c-86
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E407000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com;
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://forums.opera.com;
Source: chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fundingchoicesmessages.google.com/_/ContributorServingWebSwitchboardHttp/cspreport
Source: chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fundingchoicesmessages.google.com/_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
Source: chrome.exe, 00000009.00000002.3055414776.00000C4401EE4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fundingchoicesmessages.google.com/f/AGSKWxUaat4ZmABnh7QLqO7P3ZY0DijEZD6iEhWPLB-HN8MmQhTNvnLL
Source: chrome.exe, 00000009.00000002.3059452971.00000C4402740000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fundingchoicesmessages.google.com/f/AGSKWxUeA9Ul6uAlbRFEtIzEGHoDbCeyoq2uDj9BhIALYcuaEZFrrSO2
Source: chrome.exe, 00000009.00000002.3055414776.00000C4401EE4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fundingchoicesmessages.google.com/f/AGSKWxWnj6KsijEUs006HYfwbHkfOyYri9DSV8-3DbK2_QGXDICufF27
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fundingchoicesmessages.google.com/i/ca-pub-6555658820068848?ers=2
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://gamemaker.io
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://gamemaker.io)
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://gamemaker.io/en/education.
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://gamemaker.io/en/get.
Source: OperaSetup.exe, 0000000A.00000003.2382423451.00000000012E4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857546430.00000000012E1000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://get.geo.opera.com/
Source: OperaSetup.exe, 0000000A.00000003.2429212125.000000000136D000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115240271.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000136E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978766318.000000000136E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2989151990.0000000056A2B000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390197651.000000000136C000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2112391984.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417757063.000000000136D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://get.geo.opera.com/.private/assistserv/opera-intro/102.0.53-DNA-116018-opera_intro.crx
Source: OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://get.geo.opera.com/.private/assistserv/opera-intro/102.0.53-DNA-116018-opera_intro.crxWh)3
Source: OperaSetup.exe, 0000000A.00000003.2390127095.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://get.geo.opera.com/.private/assistserv/opera-intro/102.0.53-DNA-116018-opera_intro.crxl
Source: OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://get.geo.opera.com/.private/assistserv/opera-intro/102.0.53-DNA-116018-opera_intro.crxxh
Source: OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://get.geo.opera.com/p-netinstaller-sub.osp.opera.software/
Source: chrome.exe, 00000009.00000002.3003937174.000001A61EAFD000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3006803549.000001A620C91000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://geteasypdf.com
Source: chrome.exe, 00000009.00000002.3040654036.00000C4401030000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://geteasypdf.com%22
Source: chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000009.00000002.3059780274.00000C44027B5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000009.00000002.3034144116.00000C4400C73000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3002580869.000001A61E6AD000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/
Source: chrome.exe, 00000009.00000002.3002284616.000001A61E677000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3021645427.00000C44002E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/aclk?nis=4&sa=l&ai=C-dkC8jMgZv_WBrP0xtYPjsWuqA7W6cuTd5TmzfGDEvuK
Source: chrome.exe, 00000009.00000002.3060619820.00000C4402900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/aclk?nis=4&sa=l&ai=CEjUI8jMgZqalBtmPvPIP-4iv4ALc4NmEdr_w0-f4Edmz
Source: chrome.exe, 00000009.00000002.3060619820.00000C4402900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/aclk?nis=4&sa=l&ai=CaaQx8jMgZoWeBvGFvPIP_t69kA6v-rDfdtez---6EsCN
Source: chrome.exe, 00000009.00000002.3051701312.00000C4401A5C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3021645427.00000C44002E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads
Source: chrome.exe, 00000009.00000002.3044056261.00000C44012B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3040419479.00000C440101C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3022822662.00000C4400320000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&adk=181227
Source: chrome.exe, 00000009.00000002.3021645427.00000C44002E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058048369.00000C4402160000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3040419479.00000C440101C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3018631545.00000C44000F0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=280&slot
Source: chrome.exe, 00000009.00000002.3021645427.00000C44002E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058048369.00000C4402160000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=600&slot
Source: chrome.exe, 00000009.00000002.3021645427.00000C44002E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3040419479.00000C440101C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3003937174.000001A61EAFD000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=90&slotn
Source: chrome.exe, 00000009.00000002.3040419479.00000C440101C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/adview?ai=C2Vgo8jMgZtWoBuT3xtYPk9qQyAjr7ZiVd-nqkM7eEpy0vf
Source: chrome.exe, 00000009.00000002.3059017604.00000C44026BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/adview?ai=CCumQ8jMgZoWeBvGFvPIP_t69kA6v-rDfdtez---6EsCNtw
Source: chrome.exe, 00000009.00000002.3040419479.00000C440101C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/adview?ai=CWYbD8jMgZv_WBrP0xtYPjsWuqA7W6cuTd5TmzfGDEvuK9P
Source: chrome.exe, 00000009.00000002.3055644681.00000C4401F0C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/adview?ai=CoKO48jMgZqalBtmPvPIP-4iv4ALc4NmEdr_w0-f4Edmzl_
Source: chrome.exe, 00000009.00000002.3061464758.00000C4402AB4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/adview?ai=Cpqa88jMgZoLXBrP0xtYPjsWuqA6v-rDfdtez---6EsCNtw
Source: chrome.exe, 00000009.00000002.3055644681.00000C4401F0C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/adview?ai=CzYd38jMgZoPXBrP0xtYPjsWuqA6xrJLtdqzp28mSEmQQAS
Source: chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058425939.00000C44021DC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3057597842.00000C44020BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3057354919.00000C4402078000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Source: chrome.exe, 00000009.00000002.3055137076.00000C4401EB4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3057354919.00000C4402078000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211.asp$
Source: chrome.exe, 00000009.00000002.3037585117.00000C4400E8C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3049498740.00000C44017B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Source: chrome.exe, 00000009.00000002.3050037957.00000C4401824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050666604.00000C44018C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA0
Source: chrome.exe, 00000009.00000002.3047456668.00000C440160C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA5
Source: chrome.exe, 00000009.00000002.3045809975.00000C44014F8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA6
Source: chrome.exe, 00000009.00000002.3047659794.00000C4401624000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATACache-Control:
Source: chrome.exe, 00000009.00000002.3030545787.00000C4400968000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3052136089.00000C4401A78000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATAJ
Source: chrome.exe, 00000009.00000002.3049193326.00000C4401788000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATAa
Source: chrome.exe, 00000009.00000002.3057597842.00000C44020BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATAd
Source: chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATAgWebSwitchboardHttp/cspreportport
Source: chrome.exe, 00000009.00000002.3059263989.00000C4402710000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3053334004.00000C4401AD4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATAor
Source: chrome.exe, 00000009.00000002.3055137076.00000C4401EB4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATAr
Source: chrome.exe, 00000009.00000002.3056079465.00000C4401F50000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml
Source: chrome.exe, 00000009.00000002.3003937174.000001A61EAF7000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3049498740.00000C44017B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3062457351.00000C4402CBC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html
Source: chrome.exe, 00000009.00000002.3033328987.00000C4400BCC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059017604.00000C44026BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3056530111.00000C4401FCC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-0-&adk
Source: chrome.exe, 00000009.00000002.3059080445.00000C44026D4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033328987.00000C4400BCC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059017604.00000C44026BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3056530111.00000C4401FCC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-1-&adk
Source: chrome.exe, 00000009.00000002.3056530111.00000C4401FCC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-2-&adk
Source: chrome.exe, 00000009.00000002.3059712235.00000C4402788000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059017604.00000C44026BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-3-&adk
Source: chrome.exe, 00000009.00000002.3062457351.00000C4402CBC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.htmlHost
Source: chrome.exe, 00000009.00000002.3055644681.00000C4401F0C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.htmltputStream
Source: chrome.exe, 00000009.00000002.3041482531.00000C4401098000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/sn2dp-if-v6exp3-v4.metric.gstatic.com/
Source: chrome.exe, 00000009.00000002.3059712235.00000C4402788000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061319968.00000C4402A9C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googlesyndication.com/
Source: chrome.exe, 00000009.00000002.3059712235.00000C4402788000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googlesyndication.com/#
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googlesyndication.com/D
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000009.00000002.3017329330.00000C4400058000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3044524055.00000C4401370000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3034487167.00000C4400C8C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3035903928.00000C4400D60000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://gstatic.com/
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://help.instagram.com/581066165581870;
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://help.opera.com/latest/
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i.vimeocdn.com
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i1.wp.com
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104explicitlyCastMediumpFloatTo16Bit
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000009.00000002.3038193857.00000C4400EE8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000009.00000002.3028165351.00000C44007A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000009.00000002.3028165351.00000C44007A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000009.00000002.3067279276.0000136400780000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000009.00000002.3067279276.0000136400780000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3028266221.00000C44007BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard#exps-registration-success-page-urls
Source: chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardPi
Source: chrome.exe, 00000009.00000002.3067279276.0000136400780000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://legal.opera.com/eula/computers
Source: OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://legal.opera.com/privacy
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://legal.opera.com/privacy.
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://legal.opera.com/terms
Source: OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://legal.opera.com/terms.
Source: chrome.exe, 00000009.00000002.3067217347.0000136400754000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3067338151.0000136400794000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000009.00000002.3003547949.000001A61E980000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload#companion-iph-blocklisted-page-urls
Source: chrome.exe, 00000009.00000002.3067338151.0000136400794000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000009.00000002.3067338151.0000136400794000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000009.00000002.3067217347.0000136400754000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000009.00000002.3022933031.00000C4400340000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3022752757.00000C4400310000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3018416414.00000C44000E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000009.00000002.3027563051.00000C440072C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000009.00000002.3028102423.00000C4400790000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000009.00000002.3028102423.00000C4400790000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000009.00000002.3028102423.00000C4400790000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://opera.com/privacy
Source: chrome.exe, 00000009.00000002.3033180828.00000C4400BB8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032320105.00000C4400AA4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033084460.00000C4400BAD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000009.00000002.3033589060.00000C4400C0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033084460.00000C4400BAD000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000009.00000002.3032320105.00000C4400AA4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033084460.00000C4400BAD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000009.00000002.3033180828.00000C4400BB8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033589060.00000C4400C0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033084460.00000C4400BAD000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3021645427.00000C44002E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000009.00000002.3033180828.00000C4400BB8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033084460.00000C4400BAD000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3021645427.00000C44002E0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000009.00000002.3033180828.00000C4400BB8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033589060.00000C4400C0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033084460.00000C4400BAD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000009.00000002.3032320105.00000C4400AA4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033589060.00000C4400C0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033084460.00000C4400BAD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000009.00000002.3033180828.00000C4400BB8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032320105.00000C4400AA4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033589060.00000C4400C0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033084460.00000C4400BAD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E407000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://p4-aw7vdoaqd4hlw-pa4eu276oujsn2dp-941299-i1-v6exp3.v4.metric.gstatic.com/v6exp3/6.gif
Source: chrome.exe, 00000009.00000002.3053898066.00000C4401B24000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://p4-aw7vdoaqd4hlw-pa4eu276oujsn2dp-if-v6exp3-v4.metric.gstatic.co
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E407000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://p4-aw7vdoaqd4hlw-pa4eu276oujsn2dp-if-v6exp3-v4.metric.gstatic.com/
Source: chrome.exe, 00000009.00000002.3032378072.00000C4400ABC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3017425933.00000C4400064000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033684276.00000C4400C18000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3040419479.00000C440101C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3057791677.00000C44020F0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3049498740.00000C44017B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://p4-aw7vdoaqd4hlw-pa4eu276oujsn2dp-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Source: chrome.exe, 00000009.00000002.3055644681.00000C4401F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033684276.00000C4400C18000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3040419479.00000C440101C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3049498740.00000C44017B0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://p4-aw7vdoaqd4hlw-pa4eu276oujsn2dp-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Source: chrome.exe, 00000009.00000002.3033684276.00000C4400C18000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://p4-aw7vdoaqd4hlw-pa4eu276oujsn2dp-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.htmlD
Source: chrome.exe, 00000009.00000002.3045973971.00000C4401530000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060187405.00000C440287C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3034487167.00000C4400C8C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/bg/XA1OsVw4vyx5eNLJMTo6Nyl7J8h5Vwaw8D225KUkYG4.js
Source: chrome.exe, 00000009.00000002.3044361567.00000C44012E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/bg/ZFlt5LioZKC9-flDPe9nsMJHLC1Pbiu6fR6Ada7GFdI.js
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3030946393.00000C4400998000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E407000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3039703745.00000C4400FA8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3039327853.00000C4400F7C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404160101/reactive_library_fy202
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3039327853.00000C4400F7C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404160101/show_ads_impl_fy2021.j
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/show_companion_ad.js?fcd=true
Source: chrome.exe, 00000009.00000002.3003182838.000001A61E8A7000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?
Source: chrome.exe, 00000009.00000002.3003182838.000001A61E8A7000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240415&jk=1
Source: chrome.exe, 00000009.00000002.3002580869.000001A61E6AD000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240415&jk=116723482
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C91000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://pcapp.store
Source: chrome.exe, 00000009.00000002.3040654036.00000C4401030000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3063429751.00000C44033C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://pcapp.store%22
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://policies.google.com/terms;
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: OperaSetup.exe, 0000000A.00000002.2991692793.0000000056AD8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://redir.opera.com/www.opera.com/firstrun/?utm_campaign=cpdf_soft&utm_medium=pb&utm_source=acro
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.16494
Source: chrome.exe, 00000009.00000002.3048290210.00000C4401658000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
Source: chrome.exe, 00000009.00000002.3055644681.00000C4401F0C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.c
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://sWgic.cVd://wb
Source: chrome.exe, 00000009.00000002.3017425933.00000C4400064000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000009.00000002.3017425933.00000C4400064000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.gravatar.com
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sentry-relay.opera-api.com
Source: OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sentry-relay.opera-api.com/api/170/securi
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sentry-relay.opera-api.com/api/170/security/?sentry_key=8718908c4bc211ed9f0d161f2d7f9658
Source: chrome.exe, 00000009.00000002.3028165351.00000C44007A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000009.00000002.3028165351.00000C44007A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000009.00000002.3028165351.00000C44007A8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsA
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://sourcecode.opera.com
Source: chrome.exe, 00000009.00000003.2817042856.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2800783734.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2884805520.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://telegram.org/tos/
Source: chrome.exe, 00000009.00000002.3047862661.00000C4401640000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/abg_lite_fy2021.js
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/client/load_preloaded_resource_fy202
Source: chrome.exe, 00000009.00000002.3059593340.00000C440276C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/client/one_click_handler_one_afm
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/client/one_click_handler_one_afma_fy
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E407000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3050504862.00000C4401888000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/client/qs_click_protection_fy2021.js
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/client/window_focus_fy2021.js
Source: chrome.exe, 00000009.00000002.3002284616.000001A61E67D000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/client/window_focus_fy2021.jsaDb
Source: chrome.exe, 00000009.00000002.3018631545.00000C44000F0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/client/window_focus_fy2021.jsy2021.j
Source: chrome.exe, 00000009.00000002.3059593340.00000C440276C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/elements/html/fullscreen_api_ada
Source: chrome.exe, 00000009.00000002.3048037287.00000C4401648000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/elements/html/fullscreen_api_adapter
Source: chrome.exe, 00000009.00000002.3059593340.00000C440276C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/elements/html/fullscreen_api_adater_
Source: chrome.exe, 00000009.00000002.3058724835.00000C4402228000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/elements/html/interstitial_ad_fr
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/pagead/js/r20240416/r20110914/elements/html/interstitial_ad_frame_
Source: chrome.exe, 00000009.00000002.3059780274.00000C44027B2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/simgad/1992440682003450767?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTg
Source: chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/sodar/sodar2.js
Source: chrome.exe, 00000009.00000002.3039703745.00000C4400FA8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Source: chrome.exe, 00000009.00000002.3002580869.000001A61E6A7000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.htmlB
Source: chrome.exe, 00000009.00000002.3035286233.00000C4400CEC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.cometjsn2dp-if-v6exp3-v4.metric.gstatic.com
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://twitter.com/en/tos;
Source: chrome.exe, 00000009.00000002.3064180517.00000C44036DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/json
Source: chrome.exe, 00000009.00000002.3043956038.00000C440129C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=13:CoJENegcyNQ0L8WXzuJiwlywpUmJ3F_XecYGWc
Source: chrome.exe, 00000009.00000002.3038482090.00000C4400F08000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://viewpdf.net
Source: chrome.exe, 00000009.00000002.3040654036.00000C4401030000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://viewpdf.net%22
Source: chrome.exe, 00000009.00000002.3060619820.00000C4402900000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://viewpdf.net/ext/r1%3Fcid%3D8HsPnD47Xmadr3Lp1d%26kwd%3D%26gclid%3DEAIaIQobChMI_5eEhY7KhQMVM7r
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vimeo.com;
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ww.cute
Source: chrome.exe, 00000009.00000002.3039194874.00000C4400F64000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cuteor.com/suppo
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C83000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://www.cutepdf-editor.com
Source: Setup.exe, 00000003.00000002.2051877549.000000000057E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3055644681.00000C4401F0C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3031567121.00000C4400A17000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050250427.00000C4401850000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3003182838.000001A61E8A7000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3039194874.00000C4400F64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3047094418.00000C44015E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060252437.00000C44028BC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058165434.00000C4402194000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3002284616.000001A61E677000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3002580869.000001A61E6AD000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3050666604.00000C44018C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3002284616.000001A61E67D000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3032116643.00000C4400A82000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033832405.00000C4400C3C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3062836278.00000C4402D54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3062897625.00000C4402D6C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059712235.00000C4402788000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059198278.00000C44026EC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/
Source: Setup.exe, 00000003.00000003.2051296710.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000057E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/-
Source: Setup.exe, 00000003.00000003.2051296710.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.0000000000565000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/021
Source: chrome.exe, 00000009.00000002.3046267424.00000C4401558000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/?
Source: chrome.exe, 00000009.00000002.3062836278.00000C4402D54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/B
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3042080164.00000C44010EE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/Images/PDF_Editor.GIF
Source: chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3039327853.00000C4400F7C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/Images/space.gif
Source: chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/J
Source: Setup.exe, 00000003.00000003.2051296710.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000057E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/K
Source: Setup.exe, 00000003.00000003.2051296710.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000057E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/b
Source: chrome.exe, 00000009.00000002.3062836278.00000C4402D54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/c
Source: chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050666604.00000C44018C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033832405.00000C4400C3C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059198278.00000C44026EC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/g
Source: chrome.exe, 00000009.00000002.3047094418.00000C44015E4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/h
Source: chrome.exe, 00000009.00000002.3032774091.00000C4400B6C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/DocProp.png
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/DocProp.pnggeHandler
Source: chrome.exe, 00000009.00000002.3032774091.00000C4400B6C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/DocProp.pngl/
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/DocProp.pngrD
Source: chrome.exe, 00000009.00000002.3003937174.000001A61EAFD000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3036206158.00000C4400DAC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/NEW.GIF
Source: chrome.exe, 00000009.00000002.3031853615.00000C4400A40000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/NEW.GIFpH
Source: chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/Print.gif
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/PrintDialogBox.gif
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/PrintDialogBox.giferD
Source: chrome.exe, 00000009.00000002.3043419289.00000C4401128000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/Save.png
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/Security.png
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/Security.png/
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/Security.pngD
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/background.jpg
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/companybg.jpg
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/companybg.jpgD
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/companybm.gif
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/companybm.gifD
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/companybm.gifHandler
Source: chrome.exe, 00000009.00000002.3003937174.000001A61EAFD000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3059530326.00000C4402754000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/favicon.ico
Source: chrome.exe, 00000009.00000002.3057536759.00000C440209C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/favicon.ico5
Source: chrome.exe, 00000009.00000002.3061653198.00000C4402B18000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/favicon.icol
Source: chrome.exe, 00000009.00000002.3055137076.00000C4401EB4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/favicon.icol/
Source: chrome.exe, 00000009.00000002.3062085612.00000C4402BA8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/favicon.icol/nne
Source: chrome.exe, 00000009.00000002.3045552507.00000C44014B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/favicon.icol/or
Source: chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/footbg.gif
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/footbg.gifageHandler
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/footbg.gifl/
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/footbg.gifor
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/headerbg.gif
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/headerbg.gif/
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/htabs1.gif
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/htabs1.gifl/
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/htabs1.gifo
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/htabs3.gif
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/images/htabs3.gifl/
Source: chrome.exe, 00000009.00000002.3039194874.00000C4400F64000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/s
Source: CuteWriter.tmp, 00000001.00000003.2102761138.0000000002194000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/suppoD
Source: chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp
Source: chrome.exe, 00000009.00000002.3003937174.000001A61EAFD000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3048037287.00000C4401648000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3044524055.00000C4401370000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3036206158.00000C4400DAC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045018350.00000C4401434000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3035137637.00000C4400CC8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032619185.00000C4400B48000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3039703745.00000C4400FA8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignette
Source: chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignette2c0
Source: chrome.exe, 00000009.00000002.3036206158.00000C4400DAC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignette477
Source: chrome.exe, 00000009.00000002.3036206158.00000C4400DAC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignette948
Source: chrome.exe, 00000009.00000002.3051176145.00000C4401A48000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignetteCutePDF
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignetteaofpalml
Source: chrome.exe, 00000009.00000002.3030545787.00000C4400968000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignetteatic.com/v6exp3/iframe.htmlS-3-&adk
Source: chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignettebId
Source: chrome.exe, 00000009.00000002.3046661762.00000C440158C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignetted
Source: chrome.exe, 00000009.00000002.3036206158.00000C4400DAC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignetteec5
Source: chrome.exe, 00000009.00000002.3045018350.00000C4401434000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignetteer
Source: chrome.exe, 00000009.00000002.3049873467.00000C440180C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3035137637.00000C4400CC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignetteet/pagead/drt/s?v=r20120211
Source: chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignetteet/pagead/drt/si?st=NO_DATA
Source: chrome.exe, 00000009.00000002.3035137637.00000C4400CC8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignettegoogle_vignette)rt/si?st=NO_DATA
Source: chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp#google_vignettet77
Source: chrome.exe, 00000009.00000002.3060187405.00000C440287C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp)gead/drt/si?st=NO_DATA
Source: chrome.exe, 00000009.00000002.3062585051.00000C4402CDC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp)gead/drt/si?st=NO_DATAx
Source: CuteWriter.tmp, 00000001.00000002.2104210278.0000000000678000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asp1
Source: chrome.exe, 00000009.00000002.3068161144.0000419C00234000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspA
Source: chrome.exe, 00000009.00000002.2991873723.000001A61AB00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspC:
Source: chrome.exe, 00000009.00000002.3051176145.00000C4401A48000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspCutePDF
Source: CuteWriter.tmp, 00000001.00000002.2105393779.00000000032D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspF)
Source: CuteWriter.tmp, 00000001.00000003.2081195434.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102061010.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102210137.0000000000733000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2104747350.0000000000735000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspJ
Source: CuteWriter.tmp, 00000001.00000002.2105393779.00000000032D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspK
Source: chrome.exe, 00000009.00000002.3069581588.0000592000220000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3069786212.0000592000238000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspY
Source: CuteWriter.tmp, 00000001.00000002.2105393779.00000000032D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspa
Source: CuteWriter.tmp, 00000001.00000003.2081195434.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102061010.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102210137.0000000000733000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2104747350.0000000000735000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspde
Source: chrome.exe, 00000009.00000002.3031567121.00000C4400A17000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asped
Source: chrome.exe, 00000009.00000002.3068501331.0000419C0026C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3065692520.0000136400298000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspexeC:
Source: CuteWriter.tmp, 00000001.00000003.2081195434.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102061010.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102210137.0000000000733000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2104747350.0000000000735000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asph
Source: CuteWriter.tmp, 00000001.00000002.2105393779.00000000032D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asphttps://www.cutepdf-editor.com/supports
Source: CuteWriter.tmp, 00000001.00000003.2081195434.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102061010.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102210137.0000000000733000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2104747350.0000000000735000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspk
Source: chrome.exe, 00000009.00000002.3032878193.00000C4400B84000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3038193857.00000C4400EE8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspl/
Source: chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspl/t/writer.asp$
Source: CuteWriter.tmp, 00000001.00000003.2081195434.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102061010.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102210137.0000000000733000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2104747350.0000000000735000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspmpte
Source: CuteWriter.tmp, 00000001.00000002.2105393779.00000000032D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspogY
Source: chrome.exe, 00000009.00000002.3026392002.00000C4400628000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspor
Source: chrome.exe, 00000009.00000002.3031567121.00000C4400A17000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asprmissions
Source: CuteWriter.tmp, 00000001.00000003.2081195434.000000000072E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.aspsedllv
Source: CuteWriter.tmp, 00000001.00000003.2081195434.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000003.2102061010.000000000072E000.00000004.00000020.00020000.00000000.sdmp, CuteWriter.tmp, 00000001.00000002.2104708443.000000000072E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writer.asptCookieseJ
Source: Setup.exe, 00000003.00000002.2051877549.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000051E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000052A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.asp
Source: Setup.exe, 00000003.00000003.2051296710.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.0000000000565000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.aspH4OON
Source: Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.aspShortcut
Source: Setup.exe, 00000003.00000002.2051877549.000000000051E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/support/writerhelp.aspr
Source: Setup.exe, 00000003.00000003.2051296710.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000057E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/t1
Source: chrome.exe, 00000009.00000002.3031567121.00000C4400A17000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com/upport/writer.aspl/
Source: chrome.exe, 00000009.00000002.3032264205.00000C4400A88000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com:443
Source: Setup.exe, 00000003.00000003.2051296710.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.0000000000565000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.com=
Source: Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.cutepdf-editor.comShortcut
Source: chrome.exe, 00000009.00000002.3028102423.00000C4400790000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.comcometjsn2dp-if-v6exp3-v4.metric.gs
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C80000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://www.cutepdf-editor.comhttps://www.googleadservices.com
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C80000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://www.cutepdf-editor.comhttps://www.googleadservices.com/t
Source: chrome.exe, 00000009.00000002.3035286233.00000C4400CEC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.comk.net
Source: chrome.exe, 00000009.00000002.3035286233.00000C4400CEC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editor.comk.netjsn2dp-if-v6exp3-v4.metric.gstatic.com
Source: chrome.exe, 00000009.00000002.3032378072.00000C4400ABC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf-editriter.asA
Source: CuteWriter.tmp, 00000001.00000003.2080092115.0000000002154000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.cutepdf.com/Info/privacy.asp
Source: chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000009.00000002.3032878193.00000C4400B84000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000009.00000002.3032878193.00000C4400B84000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000009.00000002.3032878193.00000C4400B84000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googlPnics.Okrt-ui
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;
Source: chrome.exe, 00000009.00000003.2817042856.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2800783734.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2884805520.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000009.00000003.2817042856.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2800783734.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2884805520.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3027926913.00000C4400764000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000009.00000002.3030293310.00000C4400928000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3028266221.00000C44007BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000009.00000002.3030293310.00000C4400928000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3028266221.00000C44007BC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUV
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
Source: chrome.exe, 00000009.00000002.3064180517.00000C44036DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcn
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebndkojlmpp
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnk
Source: chrome.exe, 00000009.00000002.3019622614.00000C440018C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad6eob6nunr64xlqs3i7jpbbwlqa_20230923.567854667.
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/awbwhkldc27ygywhstypg77e7m_8679/hfnkpimlhhgieadd
Source: chrome.exe, 00000009.00000002.3025052042.00000C4400520000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocnca
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/dvwmczhfksazn5mwlykzsdqv6u_2024.3.27.0/gonpemdgk
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/e7xo23p2hym36lpmqsgqlzfmwe_3026/jflookgnkcckhoba
Source: chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/fpkk4dndblzegbba53f5uoxbqm_927/efniojlnjndmcbiie
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindg
Source: chrome.exe, 00000009.00000002.3018877748.00000C4400128000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkh
Source: chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/nujou4crtv5zkn6bgthixtooam_2024.3.25.1/kiabhabjd
Source: chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/p2zbkxfgkqyr6ljey2oe3bnzoy_2023.11.29.1201/ggkke
Source: chrome.exe, 00000009.00000002.3027563051.00000C440072C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3024710348.00000C44004E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3025355044.00000C4400570000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032619185.00000C4400B48000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058899250.00000C440256C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060493740.00000C44028E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045124889.00000C4401464000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3049398456.00000C44017A8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058485011.00000C44021EC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/pagead/drt/ui
Source: chrome.exe, 00000009.00000002.3002580869.000001A61E6A7000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3048397770.00000C440166C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3047862661.00000C4401640000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3040068365.00000C4400FE0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: chrome.exe, 00000009.00000002.3041482531.00000C4401098000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/api2/aframetml/r20240415/r20110914/zrt_lookup_fy2021.html#RS-3-&adk
Source: chrome.exe, 00000009.00000002.3022752757.00000C4400310000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000009.00000002.3006803549.000001A620C83000.00000002.00000001.00040000.00000026.sdmp	String found in binary or memory: https://www.googleadservices.com
Source: chrome.exe, 00000009.00000002.3001764526.000001A61E407000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.googleadservices.com/
Source: chrome.exe, 00000009.00000002.3040654036.00000C4401030000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3001764526.000001A61E407000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3063429751.00000C44033C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleadservices.com/pagead/ar-adview/?nrh=
Source: chrome.exe, 00000009.00000002.3032719983.00000C4400B5C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: chrome.exe, 00000009.00000002.3016981278.00000C440000C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000009.00000002.3020453652.00000C440020C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googlehanager.cjM://www.gmlom
Source: chrome.exe, 00000009.00000003.2817042856.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2800783734.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2884805520.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000009.00000002.3017425933.00000C4400064000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033684276.00000C4400C18000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-XVM5E9PE4F
Source: OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gravatar.cm)
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gravatar.com
Source: chrome.exe, 00000009.00000003.2817042856.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2800783734.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2884805520.00000C4400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3020805009.00000C4400290000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3039703745.00000C4400FA8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000009.00000002.3003937174.000001A61EAFD000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Source: chrome.exe, 00000009.00000002.3058724835.00000C4402228000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/mysidia/1235ea95b1643dfc06b47a36d3f258ca.js?tag=mysidia_one_click_handle
Source: chrome.exe, 00000009.00000002.3058724835.00000C4402228000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/mysidia/1235ea95b1643dfc06b47a36d3f258ca.js?tag=mysidia_one_click_handle_one
Source: chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/mysidia/1235ea95b1643dfc06b47a36d3f258ca.js?tag=mysidia_one_click_handler_on
Source: chrome.exe, 00000009.00000002.3043639176.00000C4401160000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/mysidia/3877408e605ff49d481aecbe47802253.js?tag=client_fast_engine_2019
Source: chrome.exe, 00000009.00000002.3058724835.00000C4402228000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/mysidia/ad1dda460b76b599261f3bf327c10d91.js?tag=text/vanilla_highlight_m
Source: chrome.exe, 00000009.00000002.3048037287.00000C4401648000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/mysidia/ad1dda460b76b599261f3bf327c10d91.js?tag=text/vanilla_highlight_ms_ct
Source: chrome.exe, 00000009.00000002.3037222651.00000C4400E3C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.jsdelivr.com/using-sri-with-dynamic-files
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.opera.com
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.opera.com..
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.opera.com/
Source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.opera.com/download/
Source: CuteWriter.tmp, 00000001.00000003.2080092115.0000000002154000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/eula/computers
Source: OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.opera.com/privacy
Source: CuteWriter.tmp, 00000001.00000003.2102761138.0000000002194000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.comP
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.whatsapp.com/legal;
Source: OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000009.00000002.3023950841.00000C4400431000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3021530576.00000C44002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026952870.00000C44006BD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html

Key, Mouse, Clipboard, Microphone and Screen Capturing

Installs a global event hook (focus changed)

Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe

Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL

System Summary

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0042F594 NtdllDefWindowProc_A,	1_2_0042F594
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00423B94 NtdllDefWindowProc_A,	1_2_00423B94
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004125E8 NtdllDefWindowProc_A,	1_2_004125E8
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00479380 NtdllDefWindowProc_A,	1_2_00479380
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0045763C PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	1_2_0045763C

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_0042E944: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,

1_2_0042E944

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,		0_2_00409448
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0045568C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,		1_2_0045568C

Creates files inside the system directory

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\CUTEPDFW.PPD	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT5.DLL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\PS5UI.DLL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.HLP	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.NTF	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	File created: C:\Windows\system32\cpwmon64_v40.dll	Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_0040840C	0_2_0040840C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00470C74	1_2_00470C74
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0048ED0C	1_2_0048ED0C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004813C4	1_2_004813C4
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00467848	1_2_00467848
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004303D0	1_2_004303D0
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0044453C	1_2_0044453C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004885E0	1_2_004885E0
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00434638	1_2_00434638
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00444AE4	1_2_00444AE4
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00430F5C	1_2_00430F5C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0045F16C	1_2_0045F16C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004451DC	1_2_004451DC
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0045B21C	1_2_0045B21C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0043533C	1_2_0043533C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004455E8	1_2_004455E8
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00487680	1_2_00487680
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0046989C	1_2_0046989C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00451A30	1_2_00451A30
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0043DDC4	1_2_0043DDC4
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Code function: 3_2_00403160	3_2_00403160
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Code function: 6_2_00405418	6_2_00405418
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Code function: 6_2_00404DF9	6_2_00404DF9
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Code function: 7_2_004017E0	7_2_004017E0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF71E80	10_2_6BF71E80
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BE9D3E0	10_2_6BE9D3E0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFF6BB0	10_2_6BFF6BB0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFE1B80	10_2_6BFE1B80
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C0604F0	10_2_6C0604F0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFFB2F0	10_2_6BFFB2F0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFDF2E0	10_2_6BFDF2E0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF3BAA0	10_2_6BF3BAA0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFDEA70	10_2_6BFDEA70
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF74260	10_2_6BF74260
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BEA2A70	10_2_6BEA2A70
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFE3260	10_2_6BFE3260
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C032DBD	10_2_6C032DBD
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF70A30	10_2_6BF70A30
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF36200	10_2_6BF36200
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFD31E0	10_2_6BFD31E0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF31170	10_2_6BF31170
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF35970	10_2_6BF35970
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C05969A	10_2_6C05969A
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF40930	10_2_6BF40930
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFFC920	10_2_6BFFC920
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFF8910	10_2_6BFF8910
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF2D0A0	10_2_6BF2D0A0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF63FE0	10_2_6BF63FE0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BDCBFC0	10_2_6BDCBFC0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C002030	10_2_6C002030
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFDB700	10_2_6BFDB700
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C03212C	10_2_6C03212C
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BEA4670	10_2_6BEA4670
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF60640	10_2_6BF60640
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C02E1D0	10_2_6C02E1D0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFFBDE0	10_2_6BFFBDE0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF4DDD0	10_2_6BF4DDD0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFDC5C0	10_2_6BFDC5C0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF31540	10_2_6BF31540
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C0572D9	10_2_6C0572D9
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C0362E0	10_2_6C0362E0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BFE0CC0	10_2_6BFE0CC0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C0BC390	10_2_6C0BC390
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6BF39450	10_2_6BF39450
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B95A350	13_2_6B95A350
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B991B80	13_2_6B991B80
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9A6BB0	13_2_6B9A6BB0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6BA6C390	13_2_6BA6C390
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B84D3E0	13_2_6B84D3E0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B8EBAA0	13_2_6B8EBAA0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9AB2F0	13_2_6B9AB2F0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B98F2E0	13_2_6B98F2E0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6BA072D9	13_2_6BA072D9
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9E62E0	13_2_6B9E62E0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B8E6200	13_2_6B8E6200
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B920A30	13_2_6B920A30
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B98EA70	13_2_6B98EA70
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B924260	13_2_6B924260
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B852A70	13_2_6B852A70
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B993260	13_2_6B993260
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9DE1D0	13_2_6B9DE1D0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9831E0	13_2_6B9831E0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9A8910	13_2_6B9A8910
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9E212C	13_2_6B9E212C
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9AC920	13_2_6B9AC920
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B8F0930	13_2_6B8F0930
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B8E1170	13_2_6B8E1170
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B8E5970	13_2_6B8E5970
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B8DD0A0	13_2_6B8DD0A0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9B2030	13_2_6B9B2030
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B913FE0	13_2_6B913FE0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B98B700	13_2_6B98B700
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B77BFC0	13_2_6B77BFC0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B921E80	13_2_6B921E80
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6BA0969A	13_2_6BA0969A
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B910640	13_2_6B910640
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B854670	13_2_6B854670
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9E2DBD	13_2_6B9E2DBD
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B98C5C0	13_2_6B98C5C0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B8FDDD0	13_2_6B8FDDD0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9ABDE0	13_2_6B9ABDE0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B8E1540	13_2_6B8E1540
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6BA104F0	13_2_6BA104F0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B990CC0	13_2_6B990CC0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B8E9450	13_2_6B8E9450

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00408C1C appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00406AD4 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 0040596C appears 117 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00407904 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00403400 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00445E48 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00457FC4 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00457DB8 appears 102 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00434550 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00403494 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 004533B8 appears 98 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00446118 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: String function: 00403684 appears 229 times
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Code function: String function: 00406DC2 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: String function: 6BA129B0 appears 217 times
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: String function: 6C0629B0 appears 216 times

PE file contains executable resources (Code or Archives)

Source: CuteWriter.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: CuteWriter.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: CuteWriter.tmp.0.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-FDP4K.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: is-FDP4K.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-3BEAI.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: is-3BEAI.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-0HCHF.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: is-0HCHF.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-327TJ.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: is-327TJ.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: PSCRIPT5.DLL.3.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: PSCRIPT5.DLL.3.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: PS5UI.DLL.3.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: PS5UI.DLL.3.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: installer.exe.15.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows

PE file contains more sections than normal

Source: launcher.exe.15.dr

Static PE information: Number of sections : 12 > 10

Sample file is different than original file name gathered from version info

Source: CuteWriter.exe, 00000000.00000003.1652232868.0000000002164000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs CuteWriter.exe
Source: CuteWriter.exe, 00000000.00000003.1651757759.00000000023F0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs CuteWriter.exe

Uses 32bit PE files

Source: CuteWriter.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: sus24.evad.winEXE@65/773@0/41

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe

Code function: 3_2_00401B70 lstrcatA,GetLastError,LoadStringA,wsprintfA,FormatMessageA,lstrcatA,lstrcatA,lstrcatA,LocalHandle,LocalFree,#537,#924,#924,MessageBoxA,#800,#800,#800,

3_2_00401B70

Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,		0_2_00409448
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0045568C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,		1_2_0045568C

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_00455EB4 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,

1_2_00455EB4

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe

Code function: 3_2_00406B30 CoInitialize,CoCreateInstance,MultiByteToWideChar,CoUninitialize,

3_2_00406B30

Source: C:\Users\user\Desktop\CuteWriter.exe

Code function: 0_2_00409C34 FindResourceA,SizeofResource,LoadResource,LockResource,

0_2_00409C34

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

File created: C:\Program Files (x86)\CutePDF Writer

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe

Mutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera

Source: C:\Users\user\Desktop\CuteWriter.exe

File created: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\CuteWriter.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: chrome.exe, 00000009.00000002.3026952870.00000C44006C3000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));

Source: CuteWriter.exe	String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
Source: OperaSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaSetup.exe	String found in binary or memory: run-at-startup
Source: OperaSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaSetup.exe	String found in binary or memory: ran-launcher
Source: OperaSetup.exe	String found in binary or memory: https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4f
Source: OperaSetup.exe	String found in binary or memory: opera-startpage-special
Source: OperaSetup.exe	String found in binary or memory: run-at-startup
Source: OperaSetup.exe	String found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: OperaSetup.exe	String found in binary or memory: run-at-startup-default
Source: OperaSetup.exe	String found in binary or memory: video-on-start-page
Source: OperaSetup.exe	String found in binary or memory: yat-emoji-addresses
Source: OperaSetup.exe	String found in binary or memory: installer-bypass-launcher
Source: OperaSetup.exe	String found in binary or memory: Local\%ls/Installer/UI_lock
Source: OperaSetup.exe	String found in binary or memory: Global\Opera/Installer/
Source: OperaSetup.exe	String found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: OperaSetup.exe	String found in binary or memory: OperaInstaller/InstallationInterrupted
Source: OperaSetup.exe	String found in binary or memory: enable-installer-stats
Source: OperaSetup.exe	String found in binary or memory: launchopera-on-os-start
Source: OperaSetup.exe	String found in binary or memory: master-copy-installation
Source: OperaSetup.exe	String found in binary or memory: show-eula-window-on-start
Source: OperaSetup.exe	String found in binary or memory: test-pre-installed-extensions-dir
Source: OperaSetup.exe	String found in binary or memory: post-elevated-install-tasks
Source: OperaSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaSetup.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: OperaSetup.exe	String found in binary or memory: all-installer-experiments
Source: OperaSetup.exe	String found in binary or memory: ran-launcher
Source: OperaSetup.exe	String found in binary or memory: https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4f

Source: C:\Users\user\Desktop\CuteWriter.exe

File read: C:\Users\user\Desktop\CuteWriter.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\CuteWriter.exe "C:\Users\user\Desktop\CuteWriter.exe"
Source: C:\Users\user\Desktop\CuteWriter.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp "C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp" /SL5="$20446,5944588,56832,C:\Users\user\Desktop\CuteWriter.exe"
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe" /inscpw4 -d"C:\Program Files (x86)\CutePDF Writer"
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\converter.exe C:\Users\user\AppData\Local\Temp\\converter.exe /auto
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe unInstcpw64.exe /copy
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.cutepdf-editor.com/support/writer.asp
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe" --silent --allusers=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1640,i,13590044467732800076,8352524087445346693,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6c1821c8,0x6c1821d4,0x6c1821e0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2520 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240417224118" --session-guid=b69c0d3b-1d60-4a71-a3bd-8c5c22cda97a --server-tracking-blob="YThhOWJmMmM2OGU3MjdiOGJmODcxZmRlNTU1NzlkYjYyMGVkYzBmZTg5OGNiYjI0MTA4MWRiNDExOTk2NTA1NDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFjcm8mdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249Y3BkZl9zb2Z0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NzUwNjU3LjEzNTciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjcGRmX3NvZnQiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImFjcm8ifSwidXVpZCI6Ijc4YjU5NzQyLTQyM2EtNGRkMi1hMDNkLTg5MzU2YWNjM2ZmYSJ9 " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6805000000000000
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x300,0x304,0x308,0x2c8,0x30c,0x6b5d21c8,0x6b5d21d4,0x6b5d21e0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe"
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x9a6038,0x9a6044,0x9a6050
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe "C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe" --backend --initial-pid=2520 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --show-intro-overlay --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181" --session-guid=b69c0d3b-1d60-4a71-a3bd-8c5c22cda97a --server-tracking-blob="YThhOWJmMmM2OGU3MjdiOGJmODcxZmRlNTU1NzlkYjYyMGVkYzBmZTg5OGNiYjI0MTA4MWRiNDExOTk2NTA1NDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFjcm8mdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249Y3BkZl9zb2Z0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NzUwNjU3LjEzNTciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjcGRmX3NvZnQiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImFjcm8ifSwidXVpZCI6Ijc4YjU5NzQyLTQyM2EtNGRkMi1hMDNkLTg5MzU2YWNjM2ZmYSJ9 " --silent --desktopshortcut=1 --install-subfolder=109.0.5097.45
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x278,0x27c,0x280,0x274,0x250,0x7ffdf9937c80,0x7ffdf9937c8c,0x7ffdf9937c98
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --installfolder="C:\Users\user\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x9a6038,0x9a6044,0x9a6050
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\user\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x210,0x208,0x234,0x20c,0x238,0x1126038,0x1126044,0x1126050
Source: C:\Users\user\Desktop\CuteWriter.exe	Process created: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp "C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp" /SL5="$20446,5944588,56832,C:\Users\user\Desktop\CuteWriter.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe" /inscpw4 -d"C:\Program Files (x86)\CutePDF Writer"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.cutepdf-editor.com/support/writer.asp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe" --silent --allusers=0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\converter.exe C:\Users\user\AppData\Local\Temp\\converter.exe /auto	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe unInstcpw64.exe /copy	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1640,i,13590044467732800076,8352524087445346693,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6c1821c8,0x6c1821d4,0x6c1821e0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2520 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240417224118" --session-guid=b69c0d3b-1d60-4a71-a3bd-8c5c22cda97a --server-tracking-blob="YThhOWJmMmM2OGU3MjdiOGJmODcxZmRlNTU1NzlkYjYyMGVkYzBmZTg5OGNiYjI0MTA4MWRiNDExOTk2NTA1NDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFjcm8mdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249Y3BkZl9zb2Z0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NzUwNjU3LjEzNTciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjcGRmX3NvZnQiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImFjcm8ifSwidXVpZCI6Ijc4YjU5NzQyLTQyM2EtNGRkMi1hMDNkLTg5MzU2YWNjM2ZmYSJ9 " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6805000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x300,0x304,0x308,0x2c8,0x30c,0x6b5d21c8,0x6b5d21d4,0x6b5d21e0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe "C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe" --backend --initial-pid=2520 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --show-intro-overlay --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181" --session-guid=b69c0d3b-1d60-4a71-a3bd-8c5c22cda97a --server-tracking-blob="YThhOWJmMmM2OGU3MjdiOGJmODcxZmRlNTU1NzlkYjYyMGVkYzBmZTg5OGNiYjI0MTA4MWRiNDExOTk2NTA1NDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFjcm8mdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249Y3BkZl9zb2Z0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NzUwNjU3LjEzNTciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjcGRmX3NvZnQiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImFjcm8ifSwidXVpZCI6Ijc4YjU5NzQyLTQyM2EtNGRkMi1hMDNkLTg5MzU2YWNjM2ZmYSJ9 " --silent --desktopshortcut=1 --install-subfolder=109.0.5097.45
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x9a6038,0x9a6044,0x9a6050
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x278,0x27c,0x280,0x274,0x250,0x7ffdf9937c80,0x7ffdf9937c8c,0x7ffdf9937c98
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --installfolder="C:\Users\user\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\user\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x9a6038,0x9a6044,0x9a6050
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x210,0x208,0x234,0x20c,0x238,0x1126038,0x1126044,0x1126050
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\CuteWriter.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\CuteWriter.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: mfc42.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Section loaded: mfc42.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: uiamanager.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Section loaded: iertutil.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Section loaded: kernel.appcore.dll

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe

File written: C:\Program Files (x86)\CutePDF Writer\setup.ini

Jump to behavior

Reads the Windows registered owner settings

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Executable creates window controls seldom found in malware

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Window found: window name: TMainForm

Jump to behavior

Found GUI installer (many successful clicks)

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Automated click: I accept the agreement

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Found installer window with terms and condition text

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse Engineering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse Engineering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.CutePDF Writer Copyright by Acro Software Inc. All rights reserved.This license applies to the CutePDF Writer ("The Software"). CutePDF Writer is free software. By using copying transmitting distributing or installing CutePDF Writer you agree to all of the terms of this agreement ("License").Please read the license terms below. If you do not agree to any of the terms of this License then do not use copy transmit distribute or install The Software.Scope of LicenseThis is free software. Subject to the terms below you are hereby licensed by Acro Software Inc. ("ASI") to use The Software on computer or workstation without charge. Free CutePDF Writer is available for volume distribution beyond a single-user installation. Without making any payment to ASI: a) You may give exact copies of The Software personally to anyone. b) Corporations and organizations may distribute exact copies of The Software on a company intranet site or local network. c) Commercial vendors may bundle exact copies of The Software on physical media such as a CD or DVD or on OEM hardware such as computers. d) You may make as many exact copies of The Software as you wish for purposes of distribution as described in (a) (b) and (c) above.You are specifically prohibited from charging advertising or requesting donations for any copies however made and from distributing such copies with other products of any kind commercial or otherwise without prior written permission from ASI. ASI reserves the right to revoke the above distribution rights at any time for any or no reason.Except as otherwise pre-approved by ASI in writing you shall not distribute The Software from a Website other than an ASI Site.No Modification No Reverse Engineering. You shall not modify adapt translate or create derivative works based upon The Software in any way including without limitation removal of the installer program electronic end user license agreement or any copyright or other proprietary notice that appears in The Software. This software and all accompanying files data and materials are distributed "AS IS". ASI does not warrant that the operation of the Software will meet your requirements or operate free from error. ASI DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. This disclaimer of warranty constitutes an essential part of the agreement. In no event shall ASI or its principals shareholders officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of The Software or your relationship with ASI.This License shall be go

Creates a software uninstall entry

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CutePDF Writer Installation

Jump to behavior

PE / OLE file has a valid certificate

Source: CuteWriter.exe

Static PE information: certificate valid

Submission file is bigger than most known malware samples

Source: CuteWriter.exe

Static file information: File size 6233072 > 1048576

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: CuteWriter.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: ps5ui.pdbH source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: _lib.dll.pdb@+ source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000000.2079178927.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000000.2087433669.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000000.2093874178.0000000000917000.00000080.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000000.2099132850.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp
Source:	Binary string: pscript5.pdb source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000001.2089349383.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.00000000006B1000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.0000000000171000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: _lib.dll.pdb source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000000.2079178927.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000000.2087433669.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000000.2093874178.0000000000917000.00000080.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000000.2099132850.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb@+ source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: ps5ui.pdb source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: .pdb.dbg source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: pscript5.pdbH source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: .pdb@ source: CuteWriter.tmp, 00000001.00000003.2080261890.000000000597D000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2981313588.0000000003570000.00000002.00000001.00040000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000000.2079178927.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000000.2087433669.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000000.2093874178.0000000000917000.00000080.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000000.2099132850.00000000003D7000.00000080.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb@ source: OperaSetup.exe, 0000000A.00000002.2957530474.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000001.2089349383.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.00000000006B1000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.0000000000171000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.0000000000171000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: dbghelp.pdb source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: \Unknown exceptionbad array new length.pdbSymbols loaded successfully. source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp
Source:	Binary string: dbghelp.pdbGCTL source: assistant_installer.exe, 00000015.00000002.2363369486.000000006CA71000.00000020.00000001.01000000.00000018.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: dxil.dll.15.dr

Static PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_00450334 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_00450334

PE file contains an invalid checksum

Source: OperaSetup.exe.1.dr	Static PE information: real checksum: 0x2defd0 should be: 0x2d6a9b
Source: OperaSetup.exe.10.dr	Static PE information: real checksum: 0x2defd0 should be: 0x2d6a9b
Source: CuteWriter.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0xb9526
Source: gswin32c.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x2d2a8

PE file contains sections with non-standard names

Source: converter.exe.3.dr	Static PE information: section name: _winzip_
Source: gplgs[1].exe.3.dr	Static PE information: section name: _winzip_
Source: Opera_installer_2404172041166342520.dll.10.dr	Static PE information: section name: .rodata
Source: Opera_installer_2404172041166342520.dll.10.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2404172041166342520.dll.10.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2404172041175667228.dll.13.dr	Static PE information: section name: .rodata
Source: Opera_installer_2404172041175667228.dll.13.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2404172041175667228.dll.13.dr	Static PE information: section name: malloc_h
Source: Opera_installer_2404172041180917624.dll.14.dr	Static PE information: section name: .rodata
Source: Opera_installer_2404172041180917624.dll.14.dr	Static PE information: section name: CPADinfo
Source: Opera_installer_2404172041180917624.dll.14.dr	Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.15.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.15.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.15.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.15.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.15.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.15.dr	Static PE information: section name: _RDATA
Source: win10_share_handler.dll.15.dr	Static PE information: section name: .gxfg
Source: win10_share_handler.dll.15.dr	Static PE information: section name: .retplne
Source: win10_share_handler.dll.15.dr	Static PE information: section name: _RDATA
Source: win8_importing.dll.15.dr	Static PE information: section name: .gxfg
Source: win8_importing.dll.15.dr	Static PE information: section name: .retplne
Source: win8_importing.dll.15.dr	Static PE information: section name: _RDATA
Source: dxcompiler.dll.15.dr	Static PE information: section name: .gxfg
Source: dxcompiler.dll.15.dr	Static PE information: section name: .retplne
Source: dxcompiler.dll.15.dr	Static PE information: section name: _RDATA
Source: dxil.dll.15.dr	Static PE information: section name: _RDATA
Source: installer.exe.15.dr	Static PE information: section name: .gxfg
Source: installer.exe.15.dr	Static PE information: section name: .retplne
Source: installer.exe.15.dr	Static PE information: section name: _RDATA
Source: installer_helper_64.exe.15.dr	Static PE information: section name: .gxfg
Source: installer_helper_64.exe.15.dr	Static PE information: section name: .retplne
Source: installer_helper_64.exe.15.dr	Static PE information: section name: _RDATA
Source: launcher.exe.15.dr	Static PE information: section name: .gxfg
Source: launcher.exe.15.dr	Static PE information: section name: .retplne
Source: launcher.exe.15.dr	Static PE information: section name: LZMADEC
Source: launcher.exe.15.dr	Static PE information: section name: _RDATA
Source: launcher.exe.15.dr	Static PE information: section name: malloc_h

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_004065C8 push 00406605h; ret	0_2_004065FD
Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_004040B5 push eax; ret	0_2_004040F1
Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_00408104 push ecx; mov dword ptr [esp], eax	0_2_00408109
Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_00404185 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_00404206 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_0040C218 push eax; ret	0_2_0040C219
Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_004042E8 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_00404283 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: 0_2_00408F38 push 00408F6Bh; ret	0_2_00408F63
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004849F4 push 00484B02h; ret	1_2_00484AFA
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0040995C push 00409999h; ret	1_2_00409991
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00458060 push 00458098h; ret	1_2_00458090
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004860E4 push ecx; mov dword ptr [esp], ecx	1_2_004860E9
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004062C4 push ecx; mov dword ptr [esp], eax	1_2_004062C5
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004783C8 push ecx; mov dword ptr [esp], edx	1_2_004783C9
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004104F0 push ecx; mov dword ptr [esp], edx	1_2_004104F5
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00412938 push 0041299Bh; ret	1_2_00412993
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0049AD44 pushad ; retf	1_2_0049AD53
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0040CE48 push ecx; mov dword ptr [esp], edx	1_2_0040CE4A
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00459378 push 004593BCh; ret	1_2_004593B4
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0040F3A8 push ecx; mov dword ptr [esp], edx	1_2_0040F3AA
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0040546D push eax; ret	1_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004434B4 push ecx; mov dword ptr [esp], ecx	1_2_004434B8
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0040553D push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004055BE push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0040563B push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004056A0 push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0045186C push 0045189Fh; ret	1_2_00451897
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00451A30 push ecx; mov dword ptr [esp], eax	1_2_00451A35
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00495BE4 push ecx; mov dword ptr [esp], ecx	1_2_00495BE9
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00419C38 push ecx; mov dword ptr [esp], ecx	1_2_00419C3D

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Program Files (x86)\CutePDF Writer\CPWriter2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-UFSC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Program Files (x86)\CutePDF Writer\unInstcpw64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\assistant\dbghelp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-3BEAI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-ICRHC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\dbgcore.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\ICONLIB.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\x64\PSCRIPT5.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-39C8H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	File created: C:\Windows\System32\cpwmon64_v40.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\gplgs[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-2AGL8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\cpwmon64_v40.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\converter.exe	File created: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\GPLGS\gswin32c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-QV01T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\win10_share_handler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-ER5M7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\pdfwriter64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-PO6AU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\cpwmon32_v40.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172042207667120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\PSCRIPT5.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\x64\is-327TJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041189647756.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_109.0.5097.45_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\additional_file0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172042210696156.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-KT3FM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-FDP4K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\PSCRIPT.DRV (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-INHJ3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\converter.exe	File created: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\GPLGS\gsdll32.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041185797716.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\CPWriter2.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\pdfwriter32.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_gx_splash.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041175667228.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Program Files (x86)\CutePDF Writer\CPWSave.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Windows\System32\spool\drivers\x64\PS5UI.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\x64\PS5UI.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Program Files (x86)\CutePDF Writer\CutePDFWriter.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_autoupdate.exe.1713386541.old (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-LDLTG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Assistant_109.0.5097.45_Setup[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041166342520.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_crashreporter.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\PS5UI.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-LD694.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\assistant\dbgcore.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\dbghelp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\CuteWriter.exe	File created: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\PSMON.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\launcher.exe.1713386541.old (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\CutePDFWriter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-IGGEH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041180917624.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\converter.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	File created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\x64\is-0HCHF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_autoupdate.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	File created: C:\Windows\System32\cpwmon64_v40.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Windows\System32\spool\drivers\x64\PS5UI.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\opera_package			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\assistant_package			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Code function: 3_2_00403160 #1134,__p___argc,_mbsicmp,__p___argv,#537,_mbscmp,#2764,#2764,#4129,_mbsicmp,#4129,_mbsicmp,#800,#4129,_mbsicmp,#800,#800,#4129,_mbsicmp,#4129,_mbsicmp,#800,#4129,_mbsicmp,#800,#800,#4129,_mbsicmp,#4129,_mbsicmp,#800,#800,#4129,_mbsicmp,#800,#4277,#858,#4277,#858,#800,#4277,#858,#800,#4129,#858,#800,#4129,#858,#800,#800,#800,__p___argc,#2621,#540,#823,#1168,GetModuleFileNameA,_splitpath,#860,#941,#858,#941,#858,#941,#825,#540,#354,#5186,#5442,#823,#5442,#5442,#823,#5442,#1979,#825,#403,#6389,#825,#5445,#5445,#2919,#5445,#5445,#2919,#5445,#5445,#2919,#5445,#5445,#5445,#5445,#2919,#5445,#5445,#5445,#2919,#5445,#5445,#5445,#5445,#5445,#5445,#924,PathFileExistsA,PathFileExistsA,#800,#924,#858,#800,PathFileExistsA,#924,#858,#800,PathFileExistsA,#924,#858,#800,PathFileExistsA,#924,#858,#800,PathFileExistsA,#860,#703,GetPrivateProfileStringA,atoi,GetUserDefaultLCID,#860,#1168,lstrcpyA,GetVersionExA,RegOpenKeyExA,RegCloseKey,LoadStringA,wsprintfA,#537,#924,#924,MessageBoxA,#800,#800,#800,#665,#800,#800,EnumMonitorsA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcmpA,lstrcpyA,lstrcpyA,lstrcpyA,DeletePrinterDriverA,DeletePortA,DeleteMonitorA,GetSystemDirectoryA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,DeleteFileA,CreateProcessA,GetExitCodeProcess,WaitForSingleObject,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,lstrcatA,lstrcatA,lstrcpyA,lstrcpyA,lstrcpyA,DeletePrinterDriverA,DeletePortA,DeleteMonitorA,GetSystemDirectoryA,lstrcpyA,lstrcatA,lstrcatA,DeleteFileA,CreateProcessA,GetExitCodeProcess,WaitForSingleObject,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,lstrcpyA,lstrcpyA,lstrcpyA,DeletePrinterDriverA,DeletePortA,DeleteMonitorA,GetSystemDirectoryA,lstrcpyA,lstrcatA,lstrcatA,DeleteFileA,CreateProcessA,GetExitCodeProcess,WaitForSingleObject,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,lstrcatA,LoadStringA,#540,#2818,#537,#924,#924,MessageBoxA,#800,#800,#800,#800,#665,#800,#800,#800,#2818,#924,#858,#800,#2514,#800,#800,#656,#641,#665,#800,#800,#800,#800,#656,#641,#540,#537,#922,#858,#800,#800,#860,SHGetSpecialFolderPathA,#860,#940,#858,#939,RegOpenKeyExA,RegQueryValueExA,#860,#940,#858,#939,RegCloseKey,GetPrivateProfileStringA,#860,#2514,#800,#656,#641,#800,#665,#800,#800,#860,#800,#656,#641,#800,RegCreateKeyExA,RegSetValueExA,RegSetValueExA,RegSetValueExA,RegSetValueExA,RegSetValueExA,GetPrivateProfileStringA,RegSetValueExA,GetPrivateProfileStringA,RegSetValueExA,RegCloseKey,RegCreateKeyExA,RegSetValueExA,RegCloseKey,GetSystemDirectoryA,lstrcatA,GetModuleFileNameA,strrchr,CreateDirectoryA,#5683,#4129,#800,CreateDirectoryA,#537,#5683,#4129,#800,CreateDirectoryA,#4129,#800,CreateDirectoryA,#800,CreateDirectoryA,#800,lstrcpyA,lstrcpyA,lstrcatA,lstrcpyA,lstrcatA,lstrcpyA,lstrcatA,CopyFileA,CopyFileA,#537,lstrcpyA,lstrcatA,lstrcpyA,lstrcatA,CopyFileA,#537,lstrcpyA,lstrcatA,lstrcpyA,lstrcatA,PathFileExistsA,CopyFileA,#537,#537,#941,#941,WinExec,#800,lstrcpyA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,CopyFileA,#537,lstrcpyA,lstrcatA,lstrcpyA,lstrcatA,C		3_2_00403160
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Code function: 3_2_00401D90 lstrcatA,GetPrivateProfileStringA,atoi,OpenPrinterA,lstrcmpA,SetLastError,GetPrinterA,GetLastError,GlobalAlloc,GetPrinterA,DocumentPropertiesA,malloc,DocumentPropertiesA,free,lstrcmpA,lstrcpynA,DocumentPropertiesA,SetPrinterA,GetPrinterA,GlobalAlloc,GlobalLock,GetPrinterA,lstrcmpA,lstrcmpA,lstrcmpA,DocumentPropertiesA,SetPrinterA,MessageBoxA,GetLastError,GlobalFree,GlobalFree,GlobalUnlock,GlobalFree,ClosePrinter,		3_2_00401D90

Creates install or setup log file

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20240417224117808.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20240417224119169.log
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240417224144.log
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20240417224221297.log
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240417224227.log
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	File created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240417224228.log

Creates license or readme file

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe

File created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\resources\opera_intro_extension\index.js.LICENSE.txt

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF Writer	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF Writer\Readme.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF Writer\Try Free CutePDF Editor.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Opera Browser Assistant
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Opera Browser Assistant

Hooking and other Techniques for Hiding and Protection

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0042286C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	1_2_0042286C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423C1C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423C1C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004241EC IsIconic,SetActiveWindow,SetFocus,	1_2_004241EC
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004241A4 IsIconic,SetActiveWindow,	1_2_004241A4
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00418394 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	1_2_00418394
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004843A8 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	1_2_004843A8
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0042F2F0 IsIconic,GetWindowLongA,GetWindowLongA,GetActiveWindow,MessageBoxA,SetActiveWindow,GetActiveWindow,MessageBoxA,SetActiveWindow,	1_2_0042F2F0
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004175A8 IsIconic,GetCapture,	1_2_004175A8
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00417CDE IsIconic,SetWindowPos,	1_2_00417CDE
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00417CE0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	1_2_00417CE0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Code function: 3_2_004069D0 IsIconic,#470,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#755,#2379,	3_2_004069D0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Code function: 7_2_00403000 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,	7_2_00403000

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_0041F128 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

1_2_0041F128

Stores large binary data to the registry

Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband FavoritesResolve

Source: C:\Users\user\Desktop\CuteWriter.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe

Code function: 10_2_6BFC9620 rdtsc

10_2_6BFC9620

Found decision node followed by non-executed suspicious APIs

Source: C:\Users\user\AppData\Local\Temp\converter.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_6-2022

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-UFSC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CutePDF Writer\CPWriter2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\dxcompiler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-3BEAI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\pdfwriter32.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-ICRHC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_gx_splash.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\ICONLIB.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041175667228.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\x64\PSCRIPT5.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CutePDF Writer\CPWSave.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Dropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\PS5UI.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\x64\PS5UI.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\CutePDF Writer\CutePDFWriter.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\GPLGS\gswin32c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_autoupdate.exe.1713386541.old (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-QV01T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-LDLTG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\win10_share_handler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-ER5M7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041166342520.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_crashreporter.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\PS5UI.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\pdfwriter64.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-PO6AU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\cpwmon32_v40.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Dropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-LD694.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172042207667120.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\PSCRIPT5.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\PSMON.DLL (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\dxil.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\x64\is-327TJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041189647756.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_109.0.5097.45_Autoupdate_x64[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\launcher.exe.1713386541.old (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\opera_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\assistant_package	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-IGGEH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\CutePDFWriter.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172042210696156.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer_helper_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041180917624.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\mojo_core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-KT3FM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\is-FDP4K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\PSCRIPT.DRV (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\is-INHJ3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\win8_importing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WZSE0.TMP\GPLGS\gsdll32.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041185797716.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\CPWriter2.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Driver\x64\is-0HCHF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_browser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_autoupdate.exe	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\Desktop\CuteWriter.exe

Evasive API call chain: GetSystemTime,DecisionNodes

graph_0-5454

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	API coverage: 7.9 %
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	API coverage: 3.8 %

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File Volume queried: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00452AD4 FindFirstFileA,GetLastError,	1_2_00452AD4
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_0046417C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0046417C
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_004645F8 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_004645F8
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00462BF0 FindFirstFileA,FindNextFileA,FindClose,	1_2_00462BF0
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00498FDC FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00498FDC
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: 1_2_00475798 FindFirstFileA,FindNextFileA,FindClose,	1_2_00475798
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Code function: 6_2_00403285 GlobalAlloc,FindFirstFileA,lstrcpyA,FindClose,	6_2_00403285
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Code function: 6_2_004010A3 FindFirstFileA,FindClose,	6_2_004010A3
Source: C:\Users\user\AppData\Local\Temp\converter.exe	Code function: 6_2_00403DAF lstrlenA,lstrcpyA,lstrcatA,FindFirstFileA,GetTickCount,lstrcpyA,lstrcatA,RemoveDirectoryA,GetTickCount,GetTickCount,FindNextFileA,FindClose,RemoveDirectoryA,MessageBoxA,	6_2_00403DAF
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Code function: 7_2_00401140 lstrcpyA,strrchr,FindFirstFileA,lstrcpyA,lstrcatA,DeleteFileA,FindNextFileA,FindClose,	7_2_00401140

Source: C:\Users\user\Desktop\CuteWriter.exe

Code function: 0_2_00409B78 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

0_2_00409B78

Source: C:\Windows\splwow64.exe

Thread delayed: delay time: 120000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	File opened: C:\Users\user\	Jump to behavior

Source: chrome.exe, 00000009.00000002.3032378072.00000C4400ABC000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware
Source: chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual USB Mouse
Source: CuteWriter.tmp, 00000001.00000003.2102141728.00000000006BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: Setup.exe, 00000003.00000003.2051296710.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000057E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115240271.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857546430.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2108011233.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2112391984.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2341396918.00000000012F4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: chrome.exe, 00000009.00000002.3035389263.00000C4400CFC000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=edeea39c-9110-4e78-bd88-ed0632847fda
Source: Setup.exe, 00000003.00000003.2051296710.0000000000527000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.000000000052A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: OperaSetup.exe, 0000000A.00000002.2976627785.000000000129F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: chrome.exe, 00000009.00000002.2991873723.000001A61AB0B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe

Code function: 10_2_6BFC9620 rdtsc

10_2_6BFC9620

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe

Code function: 10_2_6C03F604 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

10_2_6C03F604

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_00450334 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_00450334

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe	Code function: 7_2_004031D0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_004031D0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C03F604 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_6C03F604
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 10_2_6C02CB98 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_6C02CB98
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9DCB98 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_6B9DCB98
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: 13_2_6B9EF604 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_6B9EF604

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtOpenKeyEx: Direct from: 0x76F02B9C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtOpenKeyEx: Direct from: 0x76F03C9C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtSetInformationProcess: Direct from: 0x76F02C5C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtUnmapViewOfSection: Direct from: 0x76F02D3C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtCreateMutant: Direct from: 0x76F035CC
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtMapViewOfSection: Direct from: 0x76F02D1C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtOpenSection: Direct from: 0x76F02E0C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtQueryValueKey: Direct from: 0x76F02BEC
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtAddAtomEx: Direct from: 0x76F0312C
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtCreateFile: Direct from: 0x76F02FEC
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtOpenFile: Direct from: 0x76F02DCC
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtSetInformationThread: Direct from: 0x76F02ECC
Source: C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe	NtQueryInformationProcess: Direct from: 0x76F02C26

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_00478DC4 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

1_2_00478DC4

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.cutepdf-editor.com/support/writer.asp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe unInstcpw64.exe /copy	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6c1821c8,0x6c1821d4,0x6c1821e0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe "C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2520 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240417224118" --session-guid=b69c0d3b-1d60-4a71-a3bd-8c5c22cda97a --server-tracking-blob="YThhOWJmMmM2OGU3MjdiOGJmODcxZmRlNTU1NzlkYjYyMGVkYzBmZTg5OGNiYjI0MTA4MWRiNDExOTk2NTA1NDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFjcm8mdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249Y3BkZl9zb2Z0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NzUwNjU3LjEzNTciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjcGRmX3NvZnQiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImFjcm8ifSwidXVpZCI6Ijc4YjU5NzQyLTQyM2EtNGRkMi1hMDNkLTg5MzU2YWNjM2ZmYSJ9 " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6805000000000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --version	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x300,0x304,0x308,0x2c8,0x30c,0x6b5d21c8,0x6b5d21d4,0x6b5d21e0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x9a6038,0x9a6044,0x9a6050
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x278,0x27c,0x280,0x274,0x250,0x7ffdf9937c80,0x7ffdf9937c8c,0x7ffdf9937c98
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x9a6038,0x9a6044,0x9a6050
Source: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	Process created: C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x210,0x208,0x234,0x20c,0x238,0x1126038,0x1126044,0x1126050

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_0042EE28 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA,

1_2_0042EE28

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_0042E0AC AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,

1_2_0042E0AC

Source: OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: k..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: chrome.exe, 00000009.00000002.2993699207.000001A61B3D0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: OperaSetup.exe	Binary or memory string: Progman
Source: OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: l..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: chrome.exe, 00000009.00000002.2993699207.000001A61B3D0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: chrome.exe, 00000009.00000002.2993699207.000001A61B3D0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Language, Device and Operating System Detection

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: GetLocaleInfoA,	0_2_0040520C
Source: C:\Users\user\Desktop\CuteWriter.exe	Code function: GetLocaleInfoA,	0_2_00405258
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: GetLocaleInfoA,	1_2_00408578
Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp	Code function: GetLocaleInfoA,	1_2_004085C4
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: EnumSystemLocalesW,	10_2_6C050CA5
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,	10_2_6C050CF0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	10_2_6C050D97
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: EnumSystemLocalesW,	10_2_6C04CDCD
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	10_2_6C050617
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,	10_2_6C050E9D
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: EnumSystemLocalesW,	10_2_6C050868
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,	10_2_6C04C88C
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	10_2_6C050910
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: EnumSystemLocalesW,	10_2_6C050B63
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,	10_2_6C050BD0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,	13_2_6BA00BD0
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: EnumSystemLocalesW,	13_2_6BA00B63
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	13_2_6BA00910
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,	13_2_6B9FC88C
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: EnumSystemLocalesW,	13_2_6BA00868
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,	13_2_6BA00E9D
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	13_2_6BA00617
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	13_2_6BA00D97
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: EnumSystemLocalesW,	13_2_6B9FCDCD
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: EnumSystemLocalesW,	13_2_6BA00CA5
Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Code function: GetLocaleInfoW,	13_2_6BA00CF0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\installer_prefs_include.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\root_files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\extensions_files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\installer_prefs_include.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\resources\default_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\extra_apps VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\files_list VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_00458670 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,

1_2_00458670

Source: C:\Users\user\Desktop\CuteWriter.exe

Code function: 0_2_004026C4 GetSystemTime,

0_2_004026C4

Source: C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp

Code function: 1_2_00455644 GetUserNameA,

1_2_00455644

Source: C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe

Code function: 10_2_6C04364A GetTimeZoneInformation,

10_2_6C04364A

Source: C:\Users\user\Desktop\CuteWriter.exe

Code function: 0_2_00405CF4 GetVersionExA,

0_2_00405CF4

Lowering of HIPS / PFW / Operating System Security Settings

Source: C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	2 Native API	1 Scripting	1 Exploitation for Privilege Escalation	1 Deobfuscate/Decode Files or Information	1 Credential API Hooking	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	12 Command and Scripting Interpreter	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Abuse Elevation Control Mechanism	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	1 Credential API Hooking	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 DLL Search Order Hijacking	1 DLL Side-Loading	31 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 Windows Service	1 DLL Search Order Hijacking	1 Software Packing	NTDS	26 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	1 Scheduled Task/Job	1 Access Token Manipulation	1 Timestomp	LSA Secrets	21 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	11 Registry Run Keys / Startup Folder	1 Windows Service	1 DLL Side-Loading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	13 Process Injection	1 DLL Search Order Hijacking	DCSync	1 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	1 Scheduled Task/Job	32 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	11 Registry Run Keys / Startup Folder	11 Modify Registry	/etc/passwd and /etc/shadow	3 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Virtualization/Sandbox Evasion	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Access Token Manipulation	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	13 Process Injection	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
CuteWriter.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\CutePDF Writer\CPWSave.exe	0%	ReversingLabs
C:\Program Files (x86)\CutePDF Writer\CPWriter2.exe	0%	ReversingLabs
C:\Program Files (x86)\CutePDF Writer\CutePDFWriter.exe	0%	ReversingLabs
C:\Program Files (x86)\CutePDF Writer\unInstcpw64.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\gplgs[1].exe	2%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Assistant_109.0.5097.45_Setup[1].exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_109.0.5097.45_Autoupdate_x64[1].exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\assistant_package	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\dxcompiler.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\dxil.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer_helper_64.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\launcher.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\launcher.exe.1713386541.old (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\mojo_core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\notification_helper.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_autoupdate.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_autoupdate.exe.1713386541.old (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_browser.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_crashreporter.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_elf.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\opera_gx_splash.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\vk_swiftshader.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\vulkan-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\win10_share_handler.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\win8_importing.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\assistant\dbgcore.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\assistant\dbghelp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\assistant\mojo_core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera\opera.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\additional_file0.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\browser_assistant.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\dbgcore.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\dbghelp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\launcher.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\mojo_core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\opera_package	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041166342520.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041175667228.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\Opera_installer_2404172041180917624.dll	0%	ReversingLabs

Name	Malicious	Antivirus Detection	Reputation
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=90&slotname=6092711011&adk=1854165047&adf=3987798746&pi=t.ma~as.6092711011&w=728&lmt=1713386480&format=728x90&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713386479204&bpp=4&bdt=1014&idt=1034&shv=r20240415&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=464567931983&frm=20&pv=2&ga_vid=983432702.1713386479&ga_sid=1713386480&ga_hid=274577743&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=144&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31082771%2C42532523%2C44798934%2C95328467%2C95329428%2C31082835%2C95322329%2C95329830&oid=2&pvsid=1167234827264558&tmod=1431185080&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1048	false
about:blank	false
https://www.cutepdf-editor.com/support/writer.asp#google_vignette	false
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&h=600&slotname=8138180617&adk=373269726&adf=126291155&pi=t.ma~as.8138180617&w=160&lmt=1713386480&format=160x600&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1713386479208&bpp=1&bdt=1018&idt=1057&shv=r20240415&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=728x90&correlator=464567931983&frm=20&pv=1&ga_vid=983432702.1713386479&ga_sid=1713386480&ga_hid=274577743&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=867&ady=420&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31082771%2C42532523%2C44798934%2C95328467%2C95329428%2C31082835%2C95322329%2C95329830&oid=2&pvsid=1167234827264558&tmod=1431185080&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=d%7C%7CoeE%7Cn&abl=XS&pfx=0&fu=0&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1063	false
https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271803&client=ca-pub-6555658820068848&fa=3&ifi=7&uci=a!7&btvi=2	false

URLs from Memory and Binaries

Name	Source	Malicious
https://www.cutepdf-editor.com/images/htabs3.gif	chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	false
https://get.geo.opera.com/.private/assistserv/opera-intro/102.0.53-DNA-116018-opera_intro.crxWh)3	OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	false
https://download.opera.com/y	OperaSetup.exe, 0000000A.00000003.2120759479.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115000891.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2340254789.0000000001321000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software(	OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/1	OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
https://www.cutepdf-editor.com/images/footbg.gifageHandler	chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	false
http://anglebug.com/4633	chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/l	OperaSetup.exe, 0000000A.00000003.2382423451.00000000012F4000.00000004.00000020.00020000.00000000.sdmp	false
https://anglebug.com/7382	chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/i	OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
http://autoupdate-staging.services.ams.osa/	OperaSetup.exe	false
https://www.google.com/recaptcha/api2/aframetml/r20240415/r20110914/zrt_lookup_fy2021.html#RS-3-&adk	chrome.exe, 00000009.00000002.3041482531.00000C4401098000.00000004.00000001.00020000.00000000.sdmp	false
https://csp.withgoogle.com/csp/gws/otherrj	chrome.exe, 00000009.00000002.3006431561.000001A620C1D000.00000004.00000001.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.3041906351.00000C44010D4000.00000004.00000001.00020000.00000000.sdmp	false
http://localhost:3001api/prefs/?product=$1&version=$2..	OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	false
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	OperaSetup.exe, 0000000A.00000002.2957530474.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000A.00000002.2994288210.000000006C0E7000.00000002.00000001.01000000.0000000E.sdmp, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/SysWOW64	OperaSetup.exe, 0000000A.00000003.2115240271.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2245114633.00000000012F4000.00000004.00000020.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/a	OperaSetup.exe, 0000000A.00000003.2331879799.000000000131E000.00000004.00000020.00020000.00000000.sdmp	false
https://www.opera.com/download/	OperaSetup.exe, OperaSetup.exe, 0000000D.00000002.2957534795.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000D.00000002.2989234157.000000006BA97000.00000002.00000001.01000000.00000011.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	false
http://dns-tunnel-check.googlezip.net/connect	chrome.exe, 00000009.00000002.3049873467.00000C440180C000.00000004.00000001.00020000.00000000.sdmp	false
https://features.opera-api2.com/E:Y1	OperaSetup.exe, 0000000A.00000003.2115000891.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2112391984.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244869940.000000000130F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2108011233.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2120877007.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/W	OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
https://www.cutepdf-editor.com/images/DocProp.pnggeHandler	chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/U	OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software	OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	false
http://unisolated.invalid/	chrome.exe, 00000009.00000002.3031153629.00000C44009BC000.00000004.00000001.00020000.00000000.sdmp	false
https://addons.opera.com	OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.000000000129F000.00000004.00000020.00020000.00000000.sdmp	false
https://fundingchoicesmessages.google.com/i/ca-pub-6555658820068848?ers=2	chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp	false
http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan	chrome.exe, 00000009.00000002.3057855919.00000C4402110000.00000004.00000001.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/L	OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	false
https://doubleclick.net/etm	chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp	false
http://anglebug.com/6929	chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/C	OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
https://get.geo.opera.com/.private/assistserv/opera-intro/102.0.53-DNA-116018-opera_intro.crxxh	OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382286095.000000000131E000.00000004.00000020.00020000.00000000.sdmp	false
https://i1.wp.com	OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	false
https://download.opera.com/C	OperaSetup.exe, 0000000A.00000003.2120759479.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2115000891.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2111299021.0000000001329000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244729565.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/i	OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
https://anglebug.com/7246	chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	false
https://www.cutepdf-editor.com/support/writer.asphttps://www.cutepdf-editor.com/supports	CuteWriter.tmp, 00000001.00000002.2105393779.00000000032D0000.00000004.00000020.00020000.00000000.sdmp	false
http://www.google.com/dl/release2/chrome_component/nujou4crtv5zkn6bgthixtooam_2024.3.25.1/kiabhabjdb	chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	false
https://anglebug.com/7369	chrome.exe, 00000009.00000002.3028337867.00000C44007E0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3023531674.00000C44003B4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3026675618.00000C440067C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	false
https://anglebug.com/7489	chrome.exe, 00000009.00000002.3034144116.00000C4400C54000.00000004.00000001.00020000.00000000.sdmp	false
https://crashstats-collector.opera.com/collector/submit	OperaSetup.exe, 0000000D.00000002.2974456633.00000000013A0000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.0000000000735000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000003.2106095274.000000003E4D0000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 00000010.00000002.2917593347.00000000001F5000.00000040.00000001.01000000.0000000D.sdmp	false
http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea	chrome.exe, 00000009.00000002.3018877748.00000C4400128000.00000004.00000001.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/s	OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3	chrome.exe, 00000009.00000002.3064180517.00000C44036DC000.00000004.00000001.00020000.00000000.sdmp	false
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline	CuteWriter.exe, CuteWriter.exe, 00000000.00000002.2107375002.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false
https://pcapp.store	chrome.exe, 00000009.00000002.3006803549.000001A620C91000.00000002.00000001.00040000.00000026.sdmp	false
https://issuetracker.google.com/161903006	chrome.exe, 00000009.00000002.3038379620.00000C4400EFC000.00000004.00000001.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	chrome.exe, 00000009.00000002.3032552754.00000C4400B34000.00000004.00000001.00020000.00000000.sdmp	false
https://www.opera.com/eula/computers	CuteWriter.tmp, 00000001.00000003.2080092115.0000000002154000.00000004.00001000.00020000.00000000.sdmp	false
https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crxt	OperaSetup.exe, 0000000A.00000002.2976627785.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	false
https://www.google.com/dl/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebndkojlmpp	chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	false
https://addons-media.operacdn.com/media/;	OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	false
http://anglebug.com/5375xE	chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	false
http://www.CutePDF.comInstallLocationDisplayIconPublisherAcro	Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	false
https://drive-daily-5.corp.google.com/	chrome.exe, 00000009.00000002.3022822662.00000C4400320000.00000004.00000001.00020000.00000000.sdmp	false
https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crxy	OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000009.00000002.3027563051.00000C440072C000.00000004.00000001.00020000.00000000.sdmp	false
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000009.00000002.3028102423.00000C4400790000.00000004.00000001.00020000.00000000.sdmp	false
https://www.google.com/dl/release2/chrome_component/ad6eob6nunr64xlqs3i7jpbbwlqa_20230923.567854667.	chrome.exe, 00000009.00000002.3019622614.00000C440018C000.00000004.00000001.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwareC	OperaSetup.exe, 0000000A.00000002.2978199704.0000000001308000.00000004.00000020.00020000.00000000.sdmp	false
https://download.opera.com/download/get/?id=65593&autoupdate=1&ni=1&stream=stable&utm_campaign=cpdf_	OperaSetup.exe, 0000000A.00000003.2112391984.00000000012F4000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2341267748.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244869940.000000000130F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2976627785.000000000129F000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2244979109.0000000001327000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2120877007.0000000001311000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2324192832.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2151832624.0000000056AB8000.00000004.00001000.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.0000000001308000.00000004.00000020.00020000.00000000.sdmp	false
http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa	chrome.exe, 00000009.00000002.3024507556.00000C44004B8000.00000004.00000001.00020000.00000000.sdmp	false
https://sWgic.cVd://wb	chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	false
http://anglebug.com/4722	chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	false
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000009.00000002.3020231299.00000C44001C4000.00000004.00000001.00020000.00000000.sdmp	false
https://chrome.google.com/webstoreD	chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	false
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000009.00000002.3027563051.00000C440072C000.00000004.00000001.00020000.00000000.sdmp	false
https://www.cutepdf-editor.com/021	Setup.exe, 00000003.00000003.2051296710.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000003.00000002.2051877549.0000000000565000.00000004.00000020.00020000.00000000.sdmp	false
https://gamemaker.io/en/get.	OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	false
https://gamemaker.io	OperaSetup.exe, OperaSetup.exe, 0000000D.00000001.2089349383.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp, OperaSetup.exe, 0000000E.00000002.2097078614.000000000070A000.00000040.00000001.01000000.00000012.sdmp, OperaSetup.exe, 0000000F.00000002.2896641067.00000000001CA000.00000040.00000001.01000000.0000000D.sdmp	false
https://www.cutepdf-editor.com/support/writer.asp#google_vignettebId	chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp	false
https://get.geo.opera.com/.private/assistserv/opera-intro/102.0.53-DNA-116018-opera_intro.crxl	OperaSetup.exe, 0000000A.00000003.2390127095.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417726132.0000000001301000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2374926208.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2402190945.0000000001308000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2382423451.0000000001308000.00000004.00000020.00020000.00000000.sdmp	false
https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01uSGNvRHZ	chrome.exe, 00000009.00000002.3032049652.00000C4400A68000.00000004.00000001.00020000.00000000.sdmp	false
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/W	OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
https://convertgetpdf.com%22	chrome.exe, 00000009.00000002.3040654036.00000C4401030000.00000004.00000001.00020000.00000000.sdmp	false
https://www.cutepdf-editor.comShortcut	Setup.exe, 00000003.00000000.1873116795.000000000040A000.00000008.00000001.01000000.00000009.sdmp, Setup.exe, 00000003.00000002.2051611524.000000000040A000.00000004.00000001.01000000.00000009.sdmp	false
https://dl.google.com/release2/chrome_component/dvwmczhfksazn5mwlykzsdqv6u_2024.3.27.0/gonpemdgkjcec	chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	false
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA0	chrome.exe, 00000009.00000002.3050037957.00000C4401824000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050666604.00000C44018C0000.00000004.00000001.00020000.00000000.sdmp	false
http://unisolated.invalid/a	chrome.exe, 00000009.00000002.3031153629.00000C44009BC000.00000004.00000001.00020000.00000000.sdmp	false
https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crx.	OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
https://addons-extensions.operacdn.com/media/direct/90/287790/2c461151f9ffff27314ebfffe3c4ccf3.crx2	OperaSetup.exe, 0000000A.00000003.2429099653.0000000001308000.00000004.00000020.00020000.00000000.sdmp	false
http://anglebug.com/3502	chrome.exe, 00000009.00000002.3033429125.00000C4400BE0000.00000004.00000001.00020000.00000000.sdmp	false
http://anglebug.com/3623	chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	false
https://doubleclick.net/	chrome.exe, 00000009.00000002.3050923090.00000C4401920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045870949.00000C440150C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050250427.00000C4401850000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3037731272.00000C4400EA8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3047798139.00000C4401630000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3049873467.00000C440180C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059391260.00000C4402730000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3058899250.00000C440256C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3047558244.00000C440161C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061653198.00000C4402B18000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045456901.00000C440149C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3050666604.00000C44018C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045973971.00000C4401530000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3059452971.00000C4402740000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3057982443.00000C4402134000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060493740.00000C44028E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3044918462.00000C4401428000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3060868982.00000C4402934000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3061776441.00000C4402B64000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3056261193.00000C4401F80000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3045707399.00000C44014DC000.00000004.00000001.00020000.00000000.sdmp	false
http://anglebug.com/3625	chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	false
http://dl.google.com/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocm	chrome.exe, 00000009.00000002.3018877748.00000C4400128000.00000004.00000001.00020000.00000000.sdmp	false
http://anglebug.com/3624	chrome.exe, 00000009.00000002.3037321005.00000C4400E54000.00000004.00000001.00020000.00000000.sdmp	false
https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4fionKeyBackward	OperaSetup.exe, 0000000A.00000003.2402123887.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2390127095.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2417621442.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2428940437.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000003.2857057713.0000000001325000.00000004.00000020.00020000.00000000.sdmp, OperaSetup.exe, 0000000A.00000002.2978199704.0000000001325000.00000004.00000020.00020000.00000000.sdmp	false
https://www.cutepdf-editor.com/images/headerbg.gif	chrome.exe, 00000009.00000002.3043743155.00000C4401170000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.3041089797.00000C4401068000.00000004.00000001.00020000.00000000.sdmp	false
https://www.google.com/dl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnk	chrome.exe, 00000009.00000002.3038733835.00000C4400F2C000.00000004.00000001.00020000.00000000.sdmp	false
http://anglebug.com/3862	chrome.exe, 00000009.00000002.3026500155.00000C440063C000.00000004.00000001.00020000.00000000.sdmp	false
https://googleads.g.doubleclick.net/	chrome.exe, 00000009.00000002.3031252078.00000C44009D0000.00000004.00000001.00020000.00000000.sdmp	false
https://csp.withgoogle.com/csp/report-to/gws/other	chrome.exe, 00000009.00000002.3006431561.000001A620C1D000.00000004.00000001.00040000.00000000.sdmp	false
https://googleads.g.doubleclick.net/pagead/html/r20240415/r20110914/zrt_lookup_fy2021.html#RS-2-&adk	chrome.exe, 00000009.00000002.3056530111.00000C4401FCC000.00000004.00000001.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.215.100	unknown	United States	15169	GOOGLEUS	false
142.250.105.84	unknown	United States	15169	GOOGLEUS	false
142.250.105.156	unknown	United States	15169	GOOGLEUS	false
173.194.219.157	unknown	United States	15169	GOOGLEUS	false
37.228.108.133	unknown	Norway	39832	NO-OPERANO	false
142.250.105.154	unknown	United States	15169	GOOGLEUS	false
173.194.219.132	unknown	United States	15169	GOOGLEUS	false
74.125.136.181	unknown	United States	15169	GOOGLEUS	false
64.233.185.154	unknown	United States	15169	GOOGLEUS	false
23.11.231.170	unknown	United States	20940	AKAMAI-ASN1EU	false
185.26.182.111	unknown	Norway	39832	NO-OPERANO	false
37.228.108.149	unknown	Norway	39832	NO-OPERANO	false
172.217.215.97	unknown	United States	15169	GOOGLEUS	false
74.125.138.94	unknown	United States	15169	GOOGLEUS	false
107.167.96.31	unknown	United States	53755	IOFLOODUS	false
74.125.138.155	unknown	United States	15169	GOOGLEUS	false
172.217.215.155	unknown	United States	15169	GOOGLEUS	false
74.125.138.147	unknown	United States	15169	GOOGLEUS	false
64.233.177.94	unknown	United States	15169	GOOGLEUS	false
172.253.124.155	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
74.125.136.94	unknown	United States	15169	GOOGLEUS	false
74.125.136.95	unknown	United States	15169	GOOGLEUS	false
142.250.105.94	unknown	United States	15169	GOOGLEUS	false
74.125.136.138	unknown	United States	15169	GOOGLEUS	false
142.250.105.101	unknown	United States	15169	GOOGLEUS	false
64.34.201.145	unknown	Canada	13768	COGECO-PEER1CA	false
64.34.201.144	unknown	Canada	13768	COGECO-PEER1CA	false
172.253.124.94	unknown	United States	15169	GOOGLEUS	false
142.250.9.181	unknown	United States	15169	GOOGLEUS	false
142.251.15.154	unknown	United States	15169	GOOGLEUS	false
142.251.15.156	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
107.167.110.217	unknown	United States	21837	OPERASOFTWAREUS	false
104.18.11.89	unknown	United States	13335	CLOUDFLARENETUS	false
74.125.136.157	unknown	United States	15169	GOOGLEUS	false
74.125.136.154	unknown	United States	15169	GOOGLEUS	false
108.177.122.103	unknown	United States	15169	GOOGLEUS	false
107.167.125.189	unknown	United States	21837	OPERASOFTWAREUS	false
64.233.177.181	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427639
Start date and time:	2024-04-17 22:39:45 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	31
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	12
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	CuteWriter.exe
Detection:	SUS
Classification:	sus24.evad.winEXE@65/773@0/41
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: CuteWriter.exe

Simulations

Behavior and APIs

Time	Type	Description
21:42:29	Task Scheduler	Run new task: Opera scheduled assistant Autoupdate 1713386547 path: C:\Users\user\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe s>--scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Users\user\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0)
21:42:30	Task Scheduler	Run new task: Opera scheduled Autoupdate 1713386541 path: C:\Users\user\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe s>--scheduledtask --bypasslauncher $(Arg0)
21:42:32	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Opera Browser Assistant C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
21:42:42	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Opera Stable C:\Users\user\AppData\Local\Programs\Opera\opera.exe
21:42:56	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Opera Browser Assistant C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
22:41:13	API Interceptor	1x Sleep call for process: splwow64.exe modified
22:42:25	API Interceptor	113x Sleep call for process: explorer.exe modified

Process:	C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	47952
Entropy (8bit):	6.092206964821143
Encrypted:	false
SSDEEP:	768:VLH4eXvYyHdRtM/Mc1mjGtzg5OfIKVjCsyfAPPYA042+CVMEpYiaXx2+4:VT4eQYdbgmSxfDWfbA042+Cf7aXx2L
MD5:	E51710187732025BA13E1AB2B093CF50
SHA1:	A4EA6D9ACEFAEA9D33A99058AEA0FEF5F7DA8E53
SHA-256:	4694DC1D06A72BBA2DB202B86A18A74F9293520A9125229202671B09B3DB9497
SHA-512:	050C9470A6FAA47E70B30672FECAFF361DCCD62A17973CE4B94852359AB9622686A3A8879A96F94DAD02594942FF79B2835EA08C79EB96894587F961249C722C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w-=.3LSH3LSH3LSHe4=H0LSHe4(H1LSHE.(H"LSH3LRH.LSHE.>H8LSHE..H1LSHE.=H7LSHE./H2LSHE.+H2LSHRich3LSH................PE..d....8.^..........#......P...@.......[........@..............................................................................................y..........................P-...........................................................`...............................text...LO.......P.................. ..`.rdata...&...`...(...T..............@..@.data...@............\|..............@....pdata...............~..............@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	111512
Entropy (8bit):	4.0255200825467385
Encrypted:	false
SSDEEP:	768:a07FuniAqkiGcXwr4jk0SWrEGexWOBNOL+OLJvnSIxLcRR1vseQGFpmnypo3UDMJ:mqkYXVrj4WUjMhsiIGsn6nFwKdCyUw
MD5:	2FD3A469137CB31D7B1D9037AF66C579
SHA1:	15DE601FE2F074F7787FE3C01E6A8FCF91015138
SHA-256:	EBAC86DF599EB76720B2FD910DB49E519DF1ACF9834E925F9E2760D8EFE3A96E
SHA-512:	5D1CF1FA6498F98039D3370BF5ED057C946AF4D58BF429762E78B5B29C1CCD4934DBEA4AF259FF7DE1950C3CBE2DFB7650DFEB53D2B70EBF05FAF764A7EDFA56
Malicious:	false
Reputation:	unknown
Preview:	....h... ...............P...............\.......c..........x...........Z.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

Process:	C:\Users\user\AppData\Local\Temp\converter.exe
File Type:	data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:
MD5:	EB43845F541811F33B8888493929F08C
SHA1:	C15FC8D01B7891A5BF788D0AC2C1E682C562CB09
SHA-256:	B80D00FF2021D295C1D7AC48B7F3B9D2C3B33094FC76E5739DB883E3A2D63C3F
SHA-512:	84DCAC5F6C9B8C84B5B5E96FD91817FC58215AB04E68C5CAB5B96FD2FF379C812863F3D5147AEBA02B9AD12DA8F89D8D1FDAFDC41853EDEF92D92889DB2DF2BA
Malicious:	false
Reputation:	unknown
Preview:	..

Process:	C:\Users\user\AppData\Local\Temp\is-NLVSG.tmp\CuteWriter.tmp
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	642
Entropy (8bit):	4.905333753716299
Encrypted:	false
SSDEEP:
MD5:	D8385D9758B759942365B1ACC0E414FE
SHA1:	09EA59189959295B260B6165CAE34FED4EB33EEE
SHA-256:	278BCF994BFBD8C625E1FCC67610280200908BA984DC6C99DF5EBAF379754491
SHA-512:	5162CEBC3B4CEFF55818AF845E7174023F4ADB7FFD0B298D142590BA566BD09A25B80C4CF5E8368BEE75D26D8E58F3E4AF5527EBD935A17D5A63EDAB701ACCBB
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> .. <assemblyIdentity version="3.0.0.1".. processorArchitecture="X86".. name="CPWSave".. type="win32"/> .. <description>CutePDF Writer Application</description> .. Identify the application security requirements. -->.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel.. level="asInvoker".. uiAccess="false"/>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>..

Process:	C:\Users\user\Desktop\CuteWriter.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	711168
Entropy (8bit):	6.513782388052726
Encrypted:	false
SSDEEP:
MD5:	FFCF263A020AA7794015AF0EDEE5DF0B
SHA1:	BCE1EB5F0EFB2C83F416B1782EA07C776666FDAB
SHA-256:	1D07CFB7104B85FC0DFFD761F6848AD176117E146BBB4079FE993EFA06B94C64
SHA-512:	49F2B062ADFB99C0C7F1012C56F0B52A8850D9F030CC32073B90025B372E4EB373F06A351E9B33264967427B8174C060C8A6110979F0EAF0872F7DA6D5E4308A
Malicious:	false
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@.......................................@......@...............................&........................................................... ......................................................CODE....$........................... ..`DATA.... ...........................@...BSS......................................idata...&.......(..................@....tls.....................................rdata....... ......................@..P.reloc......0......................@..P.rsrc...............................@..P.....................f..............@..P........................................................................................................................................

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 34108, version 1.0
Category:	downloaded
Size (bytes):	34108
Entropy (8bit):	7.993096562158293
Encrypted:	true
SSDEEP:
MD5:	C15D33A9508923BE839D315A999AB9C7
SHA1:	D17F6E786A1464E13D4EC8E842F4EB121B103842
SHA-256:	65C99D3B9F1A1B905046E30D00A97F2D4D605E565C32917E7A89A35926E04B98
SHA-512:	959490E7AE26D4821170482D302E8772DD641FFBBE08CFEE47F3AA2D7B1126DCCD6DEC5F1448CA71A4A8602981966EF8790AE0077429857367A33718B5097D06
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Preview:	wOF2.......<..........................................\..4?HVAR.t.`?STAT..'...J/<.....`..(..Z.0..,.6.$.... ..B..K..[.h...c.....nC .../.V.v..6>nT.R...b.8.@.......ON.ch.......k..."..".9..\D...JBJ."T%5...Z2..Q.)wJ...sA.h..m....n..F.....t..ig.=..y.s@............t..j.....n.h(...........N..)9.....v`\|z....8.7..kTq....^.......[.K.O..1ZP.....;.HP.......>..+..j:.V.......A......[.f.l..v`x....F_..vo...e....n...H..X.2.v}...(.1J...x.....}.....5.3.....?..?..7...S..0.9..C.0.M..M9..e.b....bc..b4.0"e.G.....XT....z............E'c.(."...x`].]..e.rQ..ye.z........kFh;....Y.yPt.._Q.._-q..mi.Og.W.-qUI...m5..r.mvA~o....S.f........s..ql.aXD...H..wy.P..k...f$.V^.2...8U{...f.....]]..G..cf.......D.c&B'S.2~..N..........R;..).5...../... 6....b....]d6."C..T..........OI\+V'...E.[.g.u.E....,!F.....*U.q. :x.s..1..C....H..S%..)....h......K..........pw.f...f.......an3....9....@......%.2.c.+........cXD..F...B.....0'...O.z8.B....4...\..&c...H....;..p....@.l...:........L..`...5..xo&.

Entrypoint:	0x40a5f8
Entrypoint Section:	CODE
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	1
OS Version Minor:	0
File Version Major:	1
File Version Minor:	0
Subsystem Version Major:	1
Subsystem Version Minor:	0
Import Hash:	884310b1928934402ea6fec1dbd3cf5e

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	11/07/2022 01:00:00 11/07/2024 00:59:59
Subject Chain	CN=Acro Software Inc, O=Acro Software Inc, L=HAYMARKET, S=Virginia, C=US
Version:	3
Thumbprint MD5:	B58A5D8BF8CA535E13F479C32D234C47
Thumbprint SHA-1:	DA1E4E87ECC3846B475C2DC95830B9F2DD6335C5
Thumbprint SHA-256:	3503D4D0BDDB57ED36B9E2642252C6F3BBD5A028F65ECCD58C0F07B502AD05B6
Serial:	02666CA0DD43F1A728C9BE2D123CF804

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xd000	0x950	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x11000	0x2c00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x5eeea0	0x2d50
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xf000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
CODE	0x1000	0x9d30	0x9e00	611a4d7a24dd9b18a256468a5d7453f5	False	0.6052956882911392	data	6.631747641055028	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
DATA	0xb000	0x250	0x400	2f7f9f859c8b4b133abf78cebd99cc90	False	0.306640625	data	2.7547169534996403	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
BSS	0xc000	0xe90	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xd000	0x950	0xa00	bb5485bf968b970e5ea81292af2acdba	False	0.414453125	data	4.430733069799036	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0xe000	0x8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xf000	0x18	0x200	9ba824905bf9c7922b6fc87a38b74366	False	0.052734375	data	0.2044881574398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.reloc	0x10000	0x8c4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.rsrc	0x11000	0x2c00	0x2c00	8d23e5ba2ab7ed51b633260d61f03139	False	0.3358487215909091	data	4.597730295668722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x11354	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	Dutch	Netherlands	0.5675675675675675
RT_ICON	0x1147c	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	Dutch	Netherlands	0.4486994219653179
RT_ICON	0x119e4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	Dutch	Netherlands	0.4637096774193548
RT_ICON	0x11ccc	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	Dutch	Netherlands	0.3935018050541516
RT_STRING	0x12574	0x2f2	data			0.35543766578249336
RT_STRING	0x12868	0x30c	data			0.3871794871794872
RT_STRING	0x12b74	0x2ce	data			0.42618384401114207
RT_STRING	0x12e44	0x68	data			0.75
RT_STRING	0x12eac	0xb4	data			0.6277777777777778
RT_STRING	0x12f60	0xae	data			0.5344827586206896
RT_RCDATA	0x13010	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0x1303c	0x3e	data	English	United States	0.8387096774193549
RT_VERSION	0x1307c	0x4f4	data	English	United States	0.29574132492113564
RT_MANIFEST	0x13570	0x62c	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4240506329113924

DLL	Import
kernel32.dll	DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
user32.dll	MessageBoxA
oleaut32.dll	VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
kernel32.dll	WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
user32.dll	TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
comctl32.dll	InitCommonControls
advapi32.dll	AdjustTokenPrivileges

Target ID:	0
Start time:	22:40:33
Start date:	17/04/2024
Path:	C:\Users\user\Desktop\CuteWriter.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\CuteWriter.exe"
Imagebase:	0x400000
File size:	6'233'072 bytes
MD5 hash:	4BA5A70C0123A687EDD954946156C04F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	3
Start time:	22:40:55
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\Setup.exe" /inscpw4 -d"C:\Program Files (x86)\CutePDF Writer"
Imagebase:	0x400000
File size:	64'848 bytes
MD5 hash:	A8EFE2A017079497FE948191F8904A17
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	6
Start time:	22:41:11
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Temp\converter.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\\converter.exe /auto
Imagebase:	0x400000
File size:	8'108'488 bytes
MD5 hash:	BF9F58A65F6954406E6DCD29BB458A19
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	7
Start time:	22:41:12
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\unInstcpw64.exe
Wow64 process (32bit):	false
Commandline:	unInstcpw64.exe /copy
Imagebase:	0x400000
File size:	36'176 bytes
MD5 hash:	7B17AE1C9AED3C8C89FF6CDEF68F9FD5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	9
Start time:	22:41:16
Start date:	17/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.cutepdf-editor.com/support/writer.asp
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	13
Start time:	22:41:17
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x6c1821c8,0x6c1821d4,0x6c1821e0
Imagebase:	0x170000
File size:	2'960'944 bytes
MD5 hash:	3C51B6EED283BBE7D10772DDE9BFFFB7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	15
Start time:	22:41:18
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-8HLGO.tmp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2520 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240417224118" --session-guid=b69c0d3b-1d60-4a71-a3bd-8c5c22cda97a --server-tracking-blob="YThhOWJmMmM2OGU3MjdiOGJmODcxZmRlNTU1NzlkYjYyMGVkYzBmZTg5OGNiYjI0MTA4MWRiNDExOTk2NTA1NDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFjcm8mdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249Y3BkZl9zb2Z0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NzUwNjU3LjEzNTciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjcGRmX3NvZnQiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImFjcm8ifSwidXVpZCI6Ijc4YjU5NzQyLTQyM2EtNGRkMi1hMDNkLTg5MzU2YWNjM2ZmYSJ9 " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6805000000000000
Imagebase:	0x170000
File size:	2'960'944 bytes
MD5 hash:	3C51B6EED283BBE7D10772DDE9BFFFB7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	19
Start time:	22:41:41
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe"
Imagebase:	0x400000
File size:	2'569'880 bytes
MD5 hash:	15D8C8F36CEF095A67D156969ECDB896
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	20
Start time:	22:41:44
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181\assistant\assistant_installer.exe" --version
Imagebase:	0x7d0000
File size:	1'998'752 bytes
MD5 hash:	976BC8E5FE65F9BB56831E20F1747150
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report CuteWriter.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

Privilege Escalation

Phishing

Bitcoin Miner

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\CutePDF Writer\CPWSave.exe

C:\Program Files (x86)\CutePDF Writer\CPWSave.exe.manifest

C:\Program Files (x86)\CutePDF Writer\CPWriter2.exe

C:\Program Files (x86)\CutePDF Writer\CuteEdit.ico

C:\Program Files (x86)\CutePDF Writer\CutePDFWriter.exe

C:\Program Files (x86)\CutePDF Writer\PDFWrite.rsp

C:\Program Files (x86)\CutePDF Writer\README.HTM

C:\Program Files (x86)\CutePDF Writer\setup.inf

C:\Program Files (x86)\CutePDF Writer\setup.ini

C:\Program Files (x86)\CutePDF Writer\unInstcpw64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF Writer\Readme.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF Writer\Try Free CutePDF Editor.lnk

Windows Analysis Report
CuteWriter.exe

Target ID:	23
Start time:	22:42:20
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Opera\109.0.5097.45\installer.exe" --backend --initial-pid=2520 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --show-intro-overlay --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404172241181" --session-guid=b69c0d3b-1d60-4a71-a3bd-8c5c22cda97a --server-tracking-blob="YThhOWJmMmM2OGU3MjdiOGJmODcxZmRlNTU1NzlkYjYyMGVkYzBmZTg5OGNiYjI0MTA4MWRiNDExOTk2NTA1NDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFjcm8mdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249Y3BkZl9zb2Z0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzA5NzUwNjU3LjEzNTciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJjcGRmX3NvZnQiLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6ImFjcm8ifSwidXVpZCI6Ijc4YjU5NzQyLTQyM2EtNGRkMi1hMDNkLTg5MzU2YWNjM2ZmYSJ9 " --silent --desktopshortcut=1 --install-subfolder=109.0.5097.45
Imagebase:	0x7ff67b510000
File size:	6'568'864 bytes
MD5 hash:	053ADC8C34F1ECB38BCA1C6832DD27AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Target ID:	26
Start time:	22:42:22
Start date:	17/04/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	29
Start time:	22:42:26
Start date:	17/04/2024
Path:	C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe"
Imagebase:	0xec0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	34
Start time:	22:42:27
Start date:	17/04/2024
Path:	C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\NgafYbgtcPjnJCrIURWNAMDnEdkNRdILKvplyxVhxQAEx\WJViQqIQpkJHwwlXNjpzvf.exe"
Imagebase:	0xec0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	42
Start time:	22:42:28
Start date:	17/04/2024
Path:	C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x210,0x208,0x234,0x20c,0x238,0x1126038,0x1126044,0x1126050
Imagebase:	0xf50000
File size:	1'998'752 bytes
MD5 hash:	976BC8E5FE65F9BB56831E20F1747150
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Execution Coverage:	23.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.4%
Total number of Nodes:	1471
Total number of Limit Nodes:	21

Execution Coverage:	15.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	7.4%
Total number of Nodes:	2000
Total number of Limit Nodes:	107

Execution Coverage:	46.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	55.3%
Total number of Nodes:	740
Total number of Limit Nodes:	26

Execution Coverage:	42.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	723
Total number of Limit Nodes:	11

Execution Coverage:	9.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.1%
Total number of Nodes:	231
Total number of Limit Nodes:	2