Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
m4JIZpBl3o.exe

Overview

General Information

Sample name:m4JIZpBl3o.exe
renamed because original name is a hash value
Original sample name:ec4d29ec887d3f9844b7063a1c95fdf7.exe
Analysis ID:1604498
MD5:ec4d29ec887d3f9844b7063a1c95fdf7
SHA1:a49a4ad50eb9a4b522b9a9f366e71fa9b5e96ad7
SHA256:98ea3d1e0a40ac9ddd3acfd802164ac48748c706dc47dbffc8865d5d26d29868
Tags:exeOffLoaderuser-abuse_ch
Infos:

Detection

Score:45
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • m4JIZpBl3o.exe (PID: 6312 cmdline: "C:\Users\user\Desktop\m4JIZpBl3o.exe" MD5: EC4D29EC887D3F9844B7063A1C95FDF7)
    • emid.exe (PID: 4432 cmdline: "C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exe" MD5: A6529B5DDF3F2B117B6A9E072A5A0930)
      • set_0.exe (PID: 4476 cmdline: "C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exe" --silent --allusers=0 MD5: 206C799080F3319B698699BF6018642A)
        • setup.exe (PID: 3052 cmdline: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --silent --allusers=0 --server-tracking-blob=OGU5YWQzMDgzYzE4ZmRhMWYyZmY0YTM0OTcwYTA1YzA3ZGEzN2JkMjMzM2Y0ZDA2YzNhNWQxMWY1YzlkYjE5Njp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM185MzkzX0REXzM2NjEmdXRtX2lkPWQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwidGltZXN0YW1wIjoiMTczODQyMjQxMS44NTI4IiwidXNlcmFnZW50IjoiSW5ub0Rvd25sb2FkUGx1Z2luLzEuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjNfOTM5M19ERF8zNjYxIiwiaWQiOiJkMGQ1NDBiYWVhMGE0Yjk2YTMzNDQ0YjFlNjkzOWI5MyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY5MDVkNTc0LWRkYzQtNGE2Yy1hNmI1LTRkYWY4OWZmNmFlNSJ9 MD5: 37ACA7CE9C4ABD646AAF1D510D2A8E74)
          • setup.exe (PID: 4948 cmdline: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=116.0.5366.87 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6be22fbc,0x6be22fc8,0x6be22fd4 MD5: 37ACA7CE9C4ABD646AAF1D510D2A8E74)
          • setup.exe (PID: 5828 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version MD5: 37ACA7CE9C4ABD646AAF1D510D2A8E74)
          • setup.exe (PID: 3608 cmdline: "C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3052 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250201114148" --session-guid=a4fb5db4-335e-4f23-8a42-1986c7d4c82a --server-tracking-blob="NzZiYTdjYTIyODZjODIxMDgyOTU0OWM2YjIyMjE2YTQyMWNmOTYxNDM0OTE3MDNmODc2OTdhZTdhMDYyYjI1Yzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM185MzkzX0REXzM2NjEmdXRtX2lkPWQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM4NDIyNDExLjg1MjgiLCJ1c2VyYWdlbnQiOiJJbm5vRG93bmxvYWRQbHVnaW4vMS41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCM185MzkzX0REXzM2NjEiLCJpZCI6ImQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjkwNWQ1NzQtZGRjNC00YTZjLWE2YjUtNGRhZjg5ZmY2YWU1In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2006000000000000 MD5: 37ACA7CE9C4ABD646AAF1D510D2A8E74)
            • setup.exe (PID: 3412 cmdline: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=116.0.5366.87 --initial-client-data=0x364,0x368,0x36c,0x32c,0x370,0x6aeb2fbc,0x6aeb2fc8,0x6aeb2fd4 MD5: 37ACA7CE9C4ABD646AAF1D510D2A8E74)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://toothdigestion.xyz/emi.php?pe=n&p=3942&t=52262822&title=Q3ltYXRpY3MgREVTSVJFICBTZXh5IERyaWxsIAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: m4JIZpBl3o.exeVirustotal: Detection: 51%Perma Link
Source: m4JIZpBl3o.exeReversingLabs: Detection: 44%
Source: m4JIZpBl3o.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20250201114148364.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20250201114149496.logJump to behavior
Source: m4JIZpBl3o.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: installer.exe.pdb source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054209943.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2905536977.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906068313.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000000.2062870724.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071042523.0000000000D28000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000008.00000000.2068101487.0000000000D28000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2905581204.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000000.2072215124.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905534487.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000000.2074980264.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.dr
Source: Binary string: installer_lib.dll.pdb source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.dr
Source: Binary string: installer_lib.dll.pdb@ source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.dr
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_004069DF FindFirstFileW,FindClose,0_2_004069DF
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D8E
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeCode function: 2_2_00405E61 FindFirstFileA,FindClose,2_2_00405E61
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeCode function: 2_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_0040548B
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeCode function: 2_2_0040263E FindFirstFileA,2_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AC8D20 FindFirstFileW,5_2_00AC8D20
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRHJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\Jump to behavior
Source: Joe Sandbox ViewIP Address: 82.145.217.121 82.145.217.121
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: setup.exe.5.drString found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Dig
Source: emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: setup.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/fxTiKZ
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/=2666&on=420&o=1662&cr=no
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/dol.php?paw=431901&spot=6&a=2666&on=244&o=331&cr=
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/dol.php?paw=667905&spot=2&a=2666&on=286&o=1627&cr=
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/dol.php?paw=800564&spot=3&a=2666&on=310&o=365&cr=
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/dol.php?paw=849382&spot=1&a=2666&on=420&o=1662&cr=
Source: emid.exe, 00000002.00000002.2906283888.000000000056D000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2906283888.00000000005D9000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.1982609619.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2906283888.00000000005EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/dol.php?paw=849382&spot=1&a=2666&on=420&o=1662&cr=no
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/dol.php?paw=849382&spot=1&a=2666&on=420&o=1662&cr=noW#.Q
Source: emid.exe, 00000002.00000003.1982609619.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2906283888.00000000005EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/dol.php?paw=849382&spot=1&a=2666&on=420&o=1662&cr=nog
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/dol.php?paw=855840&spot=5&a=2666&on=453&o=1685&cr=
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/dol.php?paw=958462&spot=4&a=2666&on=415&o=1657&cr=
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=no&o=1627&a=2666&dn=286&spot
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=no&o=1657&a=2666&dn=415&spot
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=no&o=1662&a=2666&dn=420&spot
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=no&o=1685&a=2666&dn=453&spot
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=no&o=331&a=2666&dn=244&spot=
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=no&o=365&a=2666&dn=310&spot=
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=yes&o=1627&a=2666&dn=286&spo
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=yes&o=1657&a=2666&dn=415&spo
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=yes&o=1662&a=2666&dn=420&spo
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=yes&o=1685&a=2666&dn=453&spo
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=yes&o=331&a=2666&dn=244&spot
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution&ko=yes&o=365&a=2666&dn=310&spot
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&ko=no&o=1627&a=2666&dn=286
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&ko=no&o=1657&a=2666&dn=415
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&ko=no&o=1662&a=2666&dn=420
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&ko=no&o=1685&a=2666&dn=453
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&ko=no&o=331&a=2666&dn=244&
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_execution_fail&ko=no&o=365&a=2666&dn=310&
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_exists&ko=no&o=1627&a=2666&dn=286&spot=2&
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_exists&ko=no&o=1657&a=2666&dn=415&spot=4&
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_exists&ko=no&o=1662&a=2666&dn=420&spot=1&
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_exists&ko=no&o=1685&a=2666&dn=453&spot=5&
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_exists&ko=no&o=331&a=2666&dn=244&spot=6&t
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://grandfatherfowl.icu/lod.php?fz=&d=nsis&msg=&r=offer_exists&ko=no&o=365&a=2666&dn=310&spot=3&t
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://log.egglamp.xyz/track_inl2.php?tim=1738422384&poid=2666&p=1.25
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://log.egglamp.xyz/track_inl2.php?tim=1738422384&poid=2666&p=1.25Inno
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://log.egglamp.xyz/track_uki.php?tim=1738422384&rcc=US&c=2666&p=0.7
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://log.egglamp.xyz/track_uki.php?tim=1738422384&rcc=US&c=2666&p=0.7http://grandfatherfowl.icu/lo
Source: emid.exe, emid.exe, 00000002.00000002.2905729629.0000000000409000.00000004.00000001.01000000.00000009.sdmp, emid.exe, 00000002.00000000.1856972323.0000000000409000.00000008.00000001.01000000.00000009.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: m4JIZpBl3o.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://ocsp.digicert.com0
Source: emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://ocsp.digicert.com0A
Source: emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://ocsp.digicert.com0X
Source: m4JIZpBl3o.exe, 00000000.00000002.2907282561.0000000000638000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2911197316.0000000002813000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2907282561.00000000006D8000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2907282561.00000000006D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pizzashammer.icu/emio.php?pe=n&p=3942&t=52262822&title=Q3ltYXRpY3MgREVTSVJFICBTZXh5IERyaWxsIE
Source: m4JIZpBl3o.exe, 00000000.00000002.2907282561.00000000006BF000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2907282561.0000000000638000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2911197316.0000000002813000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2907282561.00000000006D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://toothdigestion.xyz/emi.php?pe=n&p=3942&t=52262822&title=Q3ltYXRpY3MgREVTSVJFICBTZXh5IERyaWxsI
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://www.digicert.com/CPS0
Source: emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049631615.00000000047B0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000003.2049786319.0000000004970000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000003.2066524597.0000000003FF5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: http://www.opera.com0
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thedownloadplanet.com/termsofuse
Source: setup.exe.5.drString found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advancedmanager.io/eula
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advancedmanager.io/privacy-policy
Source: setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg/
Source: setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg/B
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://api.config.opr.gg/v0/config
Source: setup.exe, 00000006.00000002.2914515624.0000000038C30000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2907258045.0000000001450000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2907258045.000000000137B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2913936511.0000000004C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB3_9393_DD_3661&utm_medium=pa&utm_source=PW
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://api.config.opr.gg/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&cha
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2907258045.00000000013D7000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://autoupdate.opera.com/
Source: setup.exe, 00000006.00000002.2907258045.00000000013D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.opera.com/K
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://autoupdate.opera.com/https://autoupdate.opera.com/me/OperaDesktopGXhttps://crashstats-collec
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000002.2914515624.0000000038C30000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2907258045.000000000137B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2907258045.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://autoupdate.opera.com/me/
Source: setup.exe, 00000006.00000002.2907258045.00000000013BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.opera.com/me/T
Source: setup.exe, 00000006.00000002.2907258045.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.opera.com/me/s
Source: setup.exe, 00000006.00000002.2907258045.00000000013BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: setup.exe, 00000006.00000002.2907258045.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.opera.com/v5/netinstaller/gx/Stable/windows/x64G
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://crashpad.chromium.org/
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: setup.exe, 0000000A.00000002.2911816651.000000002FAA4000.00000004.00001000.00020000.00000000.sdmp, setup.exe.5.drString found in binary or memory: https://crashstats-collector-2.opera.com/
Source: setup.exe, 00000007.00000002.2912238946.000000004CE14000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000007.00000002.2910805052.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000A.00000002.2910958650.000000002FA14000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 0000000A.00000002.2907262968.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/--annotation=channel=Stable--annotation=plat=Win32--annotat
Source: setup.exe, 00000007.00000002.2913231232.000000004CEA4000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 0000000A.00000002.2911816651.000000002FAA4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/--database=C:
Source: setup.exe, 00000007.00000002.2913231232.000000004CEA4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/--initial-client-data=0x340
Source: setup.exe, 0000000A.00000002.2911816651.000000002FAA4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/--initial-client-data=0x364
Source: setup.exe, 0000000A.00000002.2911607901.000000002FA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com//
Source: setup.exe, 00000007.00000002.2912908595.000000004CE64000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 0000000A.00000002.2911607901.000000002FA64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector-2.opera.com/32--url=https://crashstats-collector-2.opera.com/p
Source: setup.exe, 00000006.00000002.2907258045.00000000013D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: setup.exe, 00000006.00000002.2907258045.00000000013D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/0
Source: setup.exe, 00000006.00000002.2907258045.00000000013D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/D
Source: setup.exe, 00000006.00000002.2907258045.00000000013D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/o
Source: setup.exe, 00000006.00000002.2907258045.000000000140B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2907258045.000000000137B000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2907258045.000000000141D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2907258045.00000000013D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: setup.exe, 00000006.00000002.2907258045.000000000141D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary/
Source: setup.exe, 00000006.00000002.2907258045.000000000140B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary0
Source: setup.exe, 00000006.00000002.2907258045.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary:
Source: setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryG
Source: setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryQ
Source: setup.exe, 00000006.00000002.2907258045.00000000013D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarya
Source: setup.exe, 00000006.00000002.2907258045.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binarys
Source: setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/
Source: setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/Z
Source: setup.exe, 00000006.00000002.2914951212.0000000038C8C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2914915135.0000000038C7C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2907258045.000000000141D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2916184454.0000000038D5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: setup.exe, 00000006.00000002.2914915135.0000000038C7C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=10000https://autoupdate.opera.com/
Source: setup.exe, 00000006.00000002.2907258045.000000000143D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2916184454.0000000038D5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=69885&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: setup.exe, 00000006.00000002.2907258045.000000000143D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/
Source: setup.exe, 00000006.00000002.2907258045.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/_
Source: setup.exe, 00000006.00000002.2907258045.00000000013D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/ftp/pub/opera_gx/116.0.5366.87/win/Opera_GX_116.0.5366.87_Autoupdate_
Source: setup.exe, 00000006.00000002.2915126727.0000000038CB0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2916184454.0000000038D5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1735832006-custom_partner_cont
Source: setup.exe, 00000006.00000002.2907258045.000000000141D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operp
Source: setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/
Source: setup.exe.5.drString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=e7144cdf-9cf3-4155-96
Source: setup.exe, 00000006.00000002.2913936511.0000000004C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/v
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://gamemaker.io
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://gamemaker.io)
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://gamemaker.io/en/education.
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://gamemaker.io/en/get.
Source: emid.exe, 00000002.00000002.2906283888.00000000005C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grandfatherfowl.icu/
Source: emid.exe, 00000002.00000002.2906283888.000000000056D000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grandfatherfowl.icu/star.php?a=3942&cc=US&t=1738422384
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grandfatherfowl.icu/star.php?a=3942&cc=US&t=1738422384InnoDownloadPlugin/1.5/USERAGENT/silen
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://help.instagram.com/581066165581870;
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://help.opera.com/latest/
Source: m4JIZpBl3o.exe, 00000000.00000002.2907282561.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000003.1857116422.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000003.1766652059.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2910035047.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2907282561.000000000069D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://housesletter.icu/
Source: m4JIZpBl3o.exe, 00000000.00000002.2907282561.000000000069D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://housesletter.icu/pe/build.php?pe=n&sub=&source=3942&s1=52262822&title=Q3ltYXRpY3MgREVTSVJFIC
Source: m4JIZpBl3o.exe, 00000000.00000003.1766639676.0000000004E85000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2910035047.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2907282561.000000000069D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://housesletter.icu/pe/output/setup_8515214.exe
Source: m4JIZpBl3o.exe, 00000000.00000003.1857116422.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2910035047.00000000006FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://housesletter.icu/pe/output/setup_8515214.exe8
Source: m4JIZpBl3o.exe, 00000000.00000003.1857116422.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2910035047.00000000006FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://housesletter.icu/pe/output/setup_8515214.exeS
Source: m4JIZpBl3o.exe, 00000000.00000003.1766617928.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000003.1857116422.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2910035047.00000000006FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://housesletter.icu/pe/output/setup_8515214.exea
Source: m4JIZpBl3o.exe, 00000000.00000003.1766617928.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000003.1857116422.00000000006FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://housesletter.icu/pe/output/setup_8515214.exex
Source: m4JIZpBl3o.exe, 00000000.00000002.2907282561.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000003.1766652059.00000000006E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://housesletter.icu/x
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://legal.opera.com/eula/computers
Source: emid.exe, 00000002.00000002.2906283888.0000000000586000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://legal.opera.com/eula/computers/
Source: setup.exe.5.drString found in binary or memory: https://legal.opera.com/privacy
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://legal.opera.com/privacy.
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://legal.opera.com/privacy/
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://legal.opera.com/terms
Source: setup.exe.5.drString found in binary or memory: https://legal.opera.com/terms.
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/$
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/A
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/Q
Source: emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/n
Source: emid.exe, 00000002.00000003.2044054773.0000000005796000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2910652701.000000000579A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/o
Source: emid.exe, 00000002.00000003.2044054773.0000000005796000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2910652701.000000000579A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-2?utm_source=PWNgames&utm_medium=
Source: emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2906283888.00000000005EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-2?utm_source=PWNgames&utm_medium=pa&utm_campai
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/www.savinist.comn5
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://policies.google.com/terms;
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: setup.exe, 00000006.00000002.2915734315.0000000038D00000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2916184454.0000000038D5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB3_9393_DD_3661&utm_id=d0d54
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://sourcecode.opera.com
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://staranalytics.io/EULA.html
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://telegram.org/tos/
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://twitter.com/en/tos;
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.inlogbrowser.com/eula.txt
Source: emid.exe, 00000002.00000002.2906283888.0000000000554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.inlogbrowser.com/pp.txt
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://www.opera.com
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://www.opera.com..
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://www.opera.com/gx/
Source: setup.exe.5.drString found in binary or memory: https://www.opera.com/privacy
Source: emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2906283888.00000000005EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com/
Source: emid.exe, 00000002.00000002.2906283888.0000000000586000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com/6X6S73Q/KLT11XW/?sub1=2666&sub2=2666
Source: emid.exe, 00000002.00000002.2906283888.0000000000586000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com/6X6S73Q/KLT11XW/?sub1=2666&sub2=2666Q
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com/849382&spot=1&a=2666&on=420&o=1662&cr=no4
Source: emid.exe, 00000002.00000002.2910652701.0000000005774000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044068561.0000000005774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com/Y
Source: emid.exe, 00000002.00000003.1982609619.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000003.2044021570.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2906283888.00000000005EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.savinist.com/_1
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.drString found in binary or memory: https://www.whatsapp.com/legal;
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00405846 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405846

System Summary

barindex
PE file has a writeable .text section
Source: idman641build3.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403645
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeCode function: 2_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,2_2_0040323C
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00406DA00_2_00406DA0
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_6E351BFF0_2_6E351BFF
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeCode function: 2_2_004048532_2_00404853
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeCode function: 2_2_004061312_2_00406131
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00ADEE575_2_00ADEE57
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00ACE24E5_2_00ACE24E
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AC46065_2_00AC4606
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00ACF0395_2_00ACF039
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AC115B5_2_00AC115B
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AC55BB5_2_00AC55BB
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AF555C5_2_00AF555C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BBBEBB06_2_6BBBEBB0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BB9E9C06_2_6BB9E9C0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BB908D06_2_6BB908D0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BB90C306_2_6BB90C30
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BC8E35C6_2_6BC8E35C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BC24B606_2_6BC24B60
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BBF12F06_2_6BBF12F0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BBBF9E06_2_6BBBF9E0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BBE10906_2_6BBE1090
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BBE0FB06_2_6BBE0FB0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BCC07006_2_6BCC0700
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BCB469A6_2_6BCB469A
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BC925106_2_6BC92510
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BC074F06_2_6BC074F0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BCB24A96_2_6BCB24A9
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BC8A4006_2_6BC8A400
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B33EBB07_2_6B33EBB0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B31E9C07_2_6B31E9C0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B3108D07_2_6B3108D0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B35E5E07_2_6B35E5E0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B310C307_2_6B310C30
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B375B207_2_6B375B20
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B40E35C7_2_6B40E35C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B3A4B607_2_6B3A4B60
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B3712F07_2_6B3712F0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B37A9307_2_6B37A930
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B33F9E07_2_6B33F9E0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B37D0707_2_6B37D070
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B3610907_2_6B361090
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B4407007_2_6B440700
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B3717607_2_6B371760
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B360FB07_2_6B360FB0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B40EFED7_2_6B40EFED
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B395E307_2_6B395E30
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B412E947_2_6B412E94
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B43469A7_2_6B43469A
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B397D007_2_6B397D00
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B4125107_2_6B412510
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B3775A07_2_6B3775A0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B2625C07_2_6B2625C0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B371C007_2_6B371C00
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B40A4007_2_6B40A400
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B3874F07_2_6B3874F0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B4324A97_2_6B4324A9
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AC4EBB09_2_6AC4EBB0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AC208D09_2_6AC208D0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AC2E9C09_2_6AC2E9C0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AC20C309_2_6AC20C30
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AC812F09_2_6AC812F0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AD1E35C9_2_6AD1E35C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6ACB4B609_2_6ACB4B60
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AC710909_2_6AC71090
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AC4F9E09_2_6AC4F9E0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AD4469A9_2_6AD4469A
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AC70FB09_2_6AC70FB0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AD507009_2_6AD50700
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AC974F09_2_6AC974F0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AD424A99_2_6AD424A9
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AD1A4009_2_6AD1A400
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AD225109_2_6AD22510
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A55EBB010_2_6A55EBB0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A5308D010_2_6A5308D0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A53E9C010_2_6A53E9C0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A530C3010_2_6A530C30
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A57E5E010_2_6A57E5E0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A5912F010_2_6A5912F0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A5C4B6010_2_6A5C4B60
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A62E35C10_2_6A62E35C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A595B2010_2_6A595B20
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A59D07010_2_6A59D070
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A58109010_2_6A581090
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A59A93010_2_6A59A930
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A55F9E010_2_6A55F9E0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A5B5E3010_2_6A5B5E30
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A632E9410_2_6A632E94
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A65469A10_2_6A65469A
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A59176010_2_6A591760
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A66070010_2_6A660700
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A62EFED10_2_6A62EFED
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A580FB010_2_6A580FB0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A591C0010_2_6A591C00
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A62A40010_2_6A62A400
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A5A74F010_2_6A5A74F0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A6524A910_2_6A6524A9
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A5B7D0010_2_6A5B7D00
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A63251010_2_6A632510
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A4825C010_2_6A4825C0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A5975A010_2_6A5975A0
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: String function: 00AE13D0 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: String function: 00AF9103 appears 91 times
Source: setup.exe.5.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: setup.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: m4JIZpBl3o.exe, 00000000.00000002.2911197316.0000000002813000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameinetc.dllF vs m4JIZpBl3o.exe
Source: m4JIZpBl3o.exe, 00000000.00000002.2905729355.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameinetc.dllF vs m4JIZpBl3o.exe
Source: m4JIZpBl3o.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal45.winEXE@15/30@0/11
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B2EB3C0 FormatMessageW,LocalFree,GetLastError,7_2_6B2EB3C0
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403645
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00404AF2 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AF2
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_004021AF CoCreateInstance,0_2_004021AF
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\emio[1].htmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeFile created: C:\Users\user\AppData\Local\Temp\nsg5320.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCommand line argument: Title5_2_00ADEE57
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCommand line argument: BeginPrompt5_2_00ADEE57
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCommand line argument: Progress5_2_00ADEE57
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCommand line argument: yes5_2_00ADEE57
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCommand line argument: RunProgram5_2_00ADEE57
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCommand line argument: ExecuteFile5_2_00ADEE57
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCommand line argument: InstallPath5_2_00ADEE57
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCommand line argument: %%T5_2_00ADEE57
Source: m4JIZpBl3o.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: m4JIZpBl3o.exeVirustotal: Detection: 51%
Source: m4JIZpBl3o.exeReversingLabs: Detection: 44%
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeFile read: C:\Users\user\Desktop\m4JIZpBl3o.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\m4JIZpBl3o.exe "C:\Users\user\Desktop\m4JIZpBl3o.exe"
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeProcess created: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exe "C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exe"
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess created: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --silent --allusers=0 --server-tracking-blob=OGU5YWQzMDgzYzE4ZmRhMWYyZmY0YTM0OTcwYTA1YzA3ZGEzN2JkMjMzM2Y0ZDA2YzNhNWQxMWY1YzlkYjE5Njp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM185MzkzX0REXzM2NjEmdXRtX2lkPWQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwidGltZXN0YW1wIjoiMTczODQyMjQxMS44NTI4IiwidXNlcmFnZW50IjoiSW5ub0Rvd25sb2FkUGx1Z2luLzEuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjNfOTM5M19ERF8zNjYxIiwiaWQiOiJkMGQ1NDBiYWVhMGE0Yjk2YTMzNDQ0YjFlNjkzOWI5MyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY5MDVkNTc0LWRkYzQtNGE2Yy1hNmI1LTRkYWY4OWZmNmFlNSJ9
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=116.0.5366.87 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6be22fbc,0x6be22fc8,0x6be22fd4
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe "C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3052 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250201114148" --session-guid=a4fb5db4-335e-4f23-8a42-1986c7d4c82a --server-tracking-blob="NzZiYTdjYTIyODZjODIxMDgyOTU0OWM2YjIyMjE2YTQyMWNmOTYxNDM0OTE3MDNmODc2OTdhZTdhMDYyYjI1Yzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM185MzkzX0REXzM2NjEmdXRtX2lkPWQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM4NDIyNDExLjg1MjgiLCJ1c2VyYWdlbnQiOiJJbm5vRG93bmxvYWRQbHVnaW4vMS41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCM185MzkzX0REXzM2NjEiLCJpZCI6ImQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjkwNWQ1NzQtZGRjNC00YTZjLWE2YjUtNGRhZjg5ZmY2YWU1In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2006000000000000
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=116.0.5366.87 --initial-client-data=0x364,0x368,0x36c,0x32c,0x370,0x6aeb2fbc,0x6aeb2fc8,0x6aeb2fd4
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeProcess created: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exe "C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess created: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exe" --silent --allusers=0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --silent --allusers=0 --server-tracking-blob=OGU5YWQzMDgzYzE4ZmRhMWYyZmY0YTM0OTcwYTA1YzA3ZGEzN2JkMjMzM2Y0ZDA2YzNhNWQxMWY1YzlkYjE5Njp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM185MzkzX0REXzM2NjEmdXRtX2lkPWQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwidGltZXN0YW1wIjoiMTczODQyMjQxMS44NTI4IiwidXNlcmFnZW50IjoiSW5ub0Rvd25sb2FkUGx1Z2luLzEuNSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjNfOTM5M19ERF8zNjYxIiwiaWQiOiJkMGQ1NDBiYWVhMGE0Yjk2YTMzNDQ0YjFlNjkzOWI5MyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY5MDVkNTc0LWRkYzQtNGE2Yy1hNmI1LTRkYWY4OWZmNmFlNSJ9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=116.0.5366.87 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6be22fbc,0x6be22fc8,0x6be22fd4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --versionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe "C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3052 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250201114148" --session-guid=a4fb5db4-335e-4f23-8a42-1986c7d4c82a --server-tracking-blob="NzZiYTdjYTIyODZjODIxMDgyOTU0OWM2YjIyMjE2YTQyMWNmOTYxNDM0OTE3MDNmODc2OTdhZTdhMDYyYjI1Yzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM185MzkzX0REXzM2NjEmdXRtX2lkPWQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM4NDIyNDExLjg1MjgiLCJ1c2VyYWdlbnQiOiJJbm5vRG93bmxvYWRQbHVnaW4vMS41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCM185MzkzX0REXzM2NjEiLCJpZCI6ImQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjkwNWQ1NzQtZGRjNC00YTZjLWE2YjUtNGRhZjg5ZmY2YWU1In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2006000000000000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=116.0.5366.87 --initial-client-data=0x364,0x368,0x36c,0x32c,0x370,0x6aeb2fbc,0x6aeb2fc8,0x6aeb2fd4Jump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: m4JIZpBl3o.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: installer.exe.pdb source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054209943.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2905536977.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906068313.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000000.2062870724.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000008.00000002.2071042523.0000000000D28000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000008.00000000.2068101487.0000000000D28000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2905581204.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000000.2072215124.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 0000000A.00000002.2905534487.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 0000000A.00000000.2074980264.0000000000738000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.dr
Source: Binary string: installer_lib.dll.pdb source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.dr
Source: Binary string: installer_lib.dll.pdb@ source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000007.00000002.2906366701.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmp, setup.exe, 00000008.00000002.2071079447.0000000000D3A000.00000002.00000001.01000000.00000012.sdmp, setup.exe, 00000009.00000002.2908306666.0000000003670000.00000002.00000001.00040000.0000000E.sdmp, setup.exe, 00000009.00000000.2072254162.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmp, setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmp, setup.exe, 0000000A.00000002.2905629059.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe.5.dr
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_6E351BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6E351BFF
Source: m4JIZpBl3o.exeStatic PE information: real checksum: 0x0 should be: 0x21b5e
Source: OperaGXSetup[1].exe.2.drStatic PE information: real checksum: 0x3da428 should be: 0x3da78a
Source: inetc.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x1255d
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x67cd
Source: INetC.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x69a0
Source: set_0.exe.2.drStatic PE information: real checksum: 0x3da428 should be: 0x3da78a
Source: nsDialogs.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x3e52
Source: Opera_installer_2502011506574613052.dll.6.drStatic PE information: section name: .rodata
Source: Opera_installer_2502011506574613052.dll.6.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2502011506574613052.dll.6.drStatic PE information: section name: malloc_h
Source: Opera_installer_2502011506583934948.dll.7.drStatic PE information: section name: .rodata
Source: Opera_installer_2502011506583934948.dll.7.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2502011506583934948.dll.7.drStatic PE information: section name: malloc_h
Source: Opera_installer_2502011506588375828.dll.8.drStatic PE information: section name: .rodata
Source: Opera_installer_2502011506588375828.dll.8.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2502011506588375828.dll.8.drStatic PE information: section name: malloc_h
Source: Opera_installer_2502011506592413608.dll.9.drStatic PE information: section name: .rodata
Source: Opera_installer_2502011506592413608.dll.9.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2502011506592413608.dll.9.drStatic PE information: section name: malloc_h
Source: Opera_installer_2502011506595243412.dll.10.drStatic PE information: section name: .rodata
Source: Opera_installer_2502011506595243412.dll.10.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2502011506595243412.dll.10.drStatic PE information: section name: malloc_h
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_6E3530DF push eax; ret 0_2_6E3530EE
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AF90E0 push ecx; ret 5_2_00AF90F3
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AF96C8 push ecx; ret 5_2_00AF96DD
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BC8950B push ecx; ret 6_2_6BC8951E
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B40950B push ecx; ret 7_2_6B40951E
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AD1950B push ecx; ret 9_2_6AD1951E
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A62950B push ecx; ret 10_2_6A62951E
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506592413608.dllJump to dropped file
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeFile created: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506583934948.dllJump to dropped file
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeFile created: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_116.0.5366.87_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile created: C:\idman641build3.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile created: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\OperaGXSetup[1].exeJump to dropped file
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeFile created: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\INetC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202502011141481\opera_packageJump to dropped file
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeFile created: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeJump to dropped file
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\setup_8515214[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506574613052.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506588375828.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile created: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506595243412.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202502011141481\opera_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20250201114148364.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20250201114149496.logJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B3783C0 rdtsc 7_2_6B3783C0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506592413608.dllJump to dropped file
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506583934948.dllJump to dropped file
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Opera_GX_116.0.5366.87_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeDropped PE file which has not been started: C:\idman641build3.exeJump to dropped file
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\INetC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202502011141481\opera_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506574613052.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506588375828.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2502011506595243412.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_6-16428
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeAPI coverage: 8.1 %
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeAPI coverage: 8.1 %
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\7zSC71C35F9 FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\7zSC71C35F9 FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_004069DF FindFirstFileW,FindClose,0_2_004069DF
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D8E
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeCode function: 2_2_00405E61 FindFirstFileA,FindClose,2_2_00405E61
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeCode function: 2_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_0040548B
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeCode function: 2_2_0040263E FindFirstFileA,2_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AC8D20 FindFirstFileW,5_2_00AC8D20
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00ACA419 GetSystemInfo,5_2_00ACA419
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRHJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeFile opened: C:\Users\user\Jump to behavior
Source: m4JIZpBl3o.exe, 00000000.00000002.2907282561.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000003.1766652059.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, m4JIZpBl3o.exe, 00000000.00000002.2907282561.00000000006D8000.00000004.00000020.00020000.00000000.sdmp, emid.exe, 00000002.00000002.2906283888.00000000005D9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000002.2907258045.000000000141D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: emid.exe, 00000002.00000002.2906283888.0000000000586000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: setup.exe, 00000006.00000002.2907258045.00000000013BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWxNB
Source: m4JIZpBl3o.exe, 00000000.00000002.2907282561.000000000069D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpzn%SystemRoot%\system32\mswsock.dll
Source: Opera_GX_116.0.5366.87_Autoupdate_x64[1].exe.6.drBinary or memory string: qemUheU
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeAPI call chain: ExitProcess graph end nodegraph_0-4941
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeAPI call chain: ExitProcess graph end nodegraph_0-4946
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeAPI call chain: ExitProcess graph end nodegraph_2-3561
Source: C:\Users\user\AppData\Local\Temp\nsb5351.tmp\emid.exeAPI call chain: ExitProcess graph end nodegraph_2-3559
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B3783C0 rdtsc 7_2_6B3783C0
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AE67CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00AE67CB
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_6E351BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6E351BFF
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_6E541407 CallWindowProcW,DestroyWindow,GetProcessHeap,HeapFree,0_2_6E541407
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AE67CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00AE67CB
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AE0D2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00AE0D2C
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AE162A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00AE162A
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AE17B7 SetUnhandledExceptionFilter,5_2_00AE17B7
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BC9B904 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_6BC9B904
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BC88DC8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_6BC88DC8
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B41B904 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_6B41B904
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 7_2_6B408DC8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6B408DC8
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AD2B904 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_6AD2B904
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 9_2_6AD18DC8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_6AD18DC8
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A63B904 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_6A63B904
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 10_2_6A628DC8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_6A628DC8
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=116.0.5366.87 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6be22fbc,0x6be22fc8,0x6be22fd4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe "C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3052 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250201114148" --session-guid=a4fb5db4-335e-4f23-8a42-1986c7d4c82a --server-tracking-blob="NzZiYTdjYTIyODZjODIxMDgyOTU0OWM2YjIyMjE2YTQyMWNmOTYxNDM0OTE3MDNmODc2OTdhZTdhMDYyYjI1Yzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCM185MzkzX0REXzM2NjEmdXRtX2lkPWQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM4NDIyNDExLjg1MjgiLCJ1c2VyYWdlbnQiOiJJbm5vRG93bmxvYWRQbHVnaW4vMS41IiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCM185MzkzX0REXzM2NjEiLCJpZCI6ImQwZDU0MGJhZWEwYTRiOTZhMzM0NDRiMWU2OTM5YjkzIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjkwNWQ1NzQtZGRjNC00YTZjLWE2YjUtNGRhZjg5ZmY2YWU1In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2006000000000000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=116.0.5366.87 --initial-client-data=0x364,0x368,0x36c,0x32c,0x370,0x6aeb2fbc,0x6aeb2fc8,0x6aeb2fd4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe c:\users\user\appdata\local\temp\7zsc71c35f9\setup.exe --silent --allusers=0 --server-tracking-blob=ogu5ywqzmdgzyze4zmrhmwyyzmy0ytm0otcwyta1yza3zgezn2jkmjmzm2y0zda2yznhnwqxmwy1yzlkyje5njp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcm185mzkzx0rexzm2njemdxrtx2lkpwqwzdu0mgjhzwewytriotzhmzm0ndrimwu2otm5yjkziiwidgltzxn0yw1wijoimtczodqymjqxms44nti4iiwidxnlcmfnzw50ijoisw5ub0rvd25sb2fkugx1z2lulzeunsisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjnfotm5m19erf8znjyxiiwiawqioijkmgq1ndbiywvhmge0yjk2ytmzndq0yjflnjkzowi5myisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imy5mdvkntc0lwrkyzqtnge2yy1hnmi1ltrkywy4owzmnmflnsj9
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe c:\users\user\appdata\local\temp\7zsc71c35f9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=116.0.5366.87 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6be22fbc,0x6be22fc8,0x6be22fd4
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe "c:\users\user\appdata\local\temp\7zsc71c35f9\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3052 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20250201114148" --session-guid=a4fb5db4-335e-4f23-8a42-1986c7d4c82a --server-tracking-blob="nzziytdjytiyodzjodixmdgyotu0owm2yjiymje2ytqymwnmotyxndm0ote3mdnmodc2otdhztdhmdyyyji1yzp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcm185mzkzx0rexzm2njemdxrtx2lkpwqwzdu0mgjhzwewytriotzhmzm0ndrimwu2otm5yjkziiwic3lzdgvtijp7inbsyxrmb3jtijp7imfyy2gioij4odzfnjqilcjvchn5cyi6ildpbmrvd3milcjvchn5cy12zxjzaw9uijoimtailcjwywnrywdlijoirvhfin19lcj0aw1lc3rhbxaioiixnzm4ndiyndexljg1mjgilcj1c2vyywdlbnqioijjbm5vrg93bmxvywrqbhvnaw4vms41iiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcm185mzkzx0rexzm2njeilcjpzci6imqwzdu0mgjhzwewytriotzhmzm0ndrimwu2otm5yjkziiwibwvkaxvtijoicgeilcjzb3vyy2uioijqv05nyw1lcyj9lcj1dwlkijoizjkwnwq1nzqtzgrjnc00ytzjlwe2yjutngrhzjg5zmy2ywu1in0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2006000000000000
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe c:\users\user\appdata\local\temp\7zsc71c35f9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=116.0.5366.87 --initial-client-data=0x364,0x368,0x36c,0x32c,0x370,0x6aeb2fbc,0x6aeb2fc8,0x6aeb2fd4
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe c:\users\user\appdata\local\temp\7zsc71c35f9\setup.exe --silent --allusers=0 --server-tracking-blob=ogu5ywqzmdgzyze4zmrhmwyyzmy0ytm0otcwyta1yza3zgezn2jkmjmzm2y0zda2yznhnwqxmwy1yzlkyje5njp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcm185mzkzx0rexzm2njemdxrtx2lkpwqwzdu0mgjhzwewytriotzhmzm0ndrimwu2otm5yjkziiwidgltzxn0yw1wijoimtczodqymjqxms44nti4iiwidxnlcmfnzw50ijoisw5ub0rvd25sb2fkugx1z2lulzeunsisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjnfotm5m19erf8znjyxiiwiawqioijkmgq1ndbiywvhmge0yjk2ytmzndq0yjflnjkzowi5myisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imy5mdvkntc0lwrkyzqtnge2yy1hnmi1ltrkywy4owzmnmflnsj9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe c:\users\user\appdata\local\temp\7zsc71c35f9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=116.0.5366.87 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6be22fbc,0x6be22fc8,0x6be22fd4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe "c:\users\user\appdata\local\temp\7zsc71c35f9\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3052 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20250201114148" --session-guid=a4fb5db4-335e-4f23-8a42-1986c7d4c82a --server-tracking-blob="nzziytdjytiyodzjodixmdgyotu0owm2yjiymje2ytqymwnmotyxndm0ote3mdnmodc2otdhztdhmdyyyji1yzp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcm185mzkzx0rexzm2njemdxrtx2lkpwqwzdu0mgjhzwewytriotzhmzm0ndrimwu2otm5yjkziiwic3lzdgvtijp7inbsyxrmb3jtijp7imfyy2gioij4odzfnjqilcjvchn5cyi6ildpbmrvd3milcjvchn5cy12zxjzaw9uijoimtailcjwywnrywdlijoirvhfin19lcj0aw1lc3rhbxaioiixnzm4ndiyndexljg1mjgilcj1c2vyywdlbnqioijjbm5vrg93bmxvywrqbhvnaw4vms41iiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcm185mzkzx0rexzm2njeilcjpzci6imqwzdu0mgjhzwewytriotzhmzm0ndrimwu2otm5yjkziiwibwvkaxvtijoicgeilcjzb3vyy2uioijqv05nyw1lcyj9lcj1dwlkijoizjkwnwq1nzqtzgrjnc00ytzjlwe2yjutngrhzjg5zmy2ywu1in0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2006000000000000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exe c:\users\user\appdata\local\temp\7zsc71c35f9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=116.0.5366.87 --initial-client-data=0x364,0x368,0x36c,0x32c,0x370,0x6aeb2fbc,0x6aeb2fc8,0x6aeb2fd4Jump to behavior
Source: setup.exe, 00000007.00000002.2914369029.000000006B4FE000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: )kCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: setup.exe, 00000006.00000002.2917596278.000000006BD7E000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: kCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: set_0.exe, 00000005.00000003.2049817524.0000000003B95000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000006.00000000.2054241268.000000000074A000.00000002.00000001.01000000.0000000E.sdmp, setup.exe, 00000006.00000002.2909213209.0000000003420000.00000002.00000001.00040000.0000000E.sdmpBinary or memory string: Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: setup.exe, 00000009.00000002.2914057346.000000006AE0E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: jCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: setup.exe, 0000000A.00000002.2913167369.000000006A71E000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: KjCannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AE144A cpuid 5_2_00AE144A
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: GetLocaleInfoEx,FormatMessageA,5_2_00AE239E
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: EnumSystemLocalesW,5_2_00AECA14
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: GetLocaleInfoW,5_2_00AECF23
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: EnumSystemLocalesW,5_2_00AF33C3
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: EnumSystemLocalesW,5_2_00AF33C1
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: EnumSystemLocalesW,5_2_00AF34A9
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: EnumSystemLocalesW,5_2_00AF340E
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_00AF3534
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: GetLocaleInfoW,5_2_00AF3787
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_00AF38B0
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: GetLocaleInfoW,5_2_00AF39B6
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_00AF3A8C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_6BCACAE0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,6_2_6BCA8A5C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,6_2_6BCACA38
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,6_2_6BCAD06D
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_6BCAC7E7
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,6_2_6BCA8F9D
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_6BCACF67
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,6_2_6BCACEC0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,6_2_6BCACE75
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,6_2_6BCACDA0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,6_2_6BCACD33
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,7_2_6B428A5C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,7_2_6B42CA38
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_6B42CAE0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,7_2_6B42D06D
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_6B42CF67
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_6B42C7E7
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,7_2_6B428F9D
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,7_2_6B42CE75
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,7_2_6B42CEC0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,7_2_6B42CD33
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,7_2_6B42CDA0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,9_2_6AD3CAE0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,9_2_6AD38A5C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,9_2_6AD3CA38
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,9_2_6AD3D06D
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,9_2_6AD3CEC0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,9_2_6AD3CE75
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_6AD3C7E7
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,9_2_6AD38F9D
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_6AD3CF67
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,9_2_6AD3CDA0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,9_2_6AD3CD33
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,10_2_6A648A5C
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,10_2_6A64CA38
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,10_2_6A64CAE0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,10_2_6A64D06D
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,10_2_6A64CE75
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,10_2_6A64CEC0
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,10_2_6A64CF67
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,10_2_6A64C7E7
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,10_2_6A648F9D
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: EnumSystemLocalesW,10_2_6A64CD33
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: GetLocaleInfoW,10_2_6A64CDA0
Source: C:\Users\user\AppData\Local\Temp\nspCEF9.tmp\set_0.exeCode function: 5_2_00AE1821 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_00AE1821
Source: C:\Users\user\AppData\Local\Temp\7zSC71C35F9\setup.exeCode function: 6_2_6BC9F98C GetTimeZoneInformation,6_2_6BC9F98C
Source: C:\Users\user\Desktop\m4JIZpBl3o.exeCode function: 0_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403645

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
Command and Scripting Interpreter		1
DLL Side-Loading		1
Access Token Manipulation		11
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Native API		Boot or Logon Initialization Scripts12
Process Injection		1
Access Token Manipulation		LSASS Memory1
Query Registry		Remote Desktop Protocol1
Clipboard Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		12
Process Injection		Security Account Manager31
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets3
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials26
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1604498 Sample: m4JIZpBl3o.exe Startdate: 01/02/2025 Architecture: WINDOWS Score: 45 85 Antivirus detection for URL or domain 2->85 87 Multi AV Scanner detection for submitted file 2->87 89 PE file has a writeable .text section 2->89 10 m4JIZpBl3o.exe 34 2->10         started        process3 dnsIp4 75 104.21.21.60 CLOUDFLARENETUS United States 10->75 77 104.21.8.104 CLOUDFLARENETUS United States 10->77 53 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 10->53 dropped 55 C:\Users\user\AppData\Local\Temp\...\emid.exe, PE32 10->55 dropped 57 C:\Users\user\AppData\Local\...\System.dll, PE32 10->57 dropped 59 2 other files (none is malicious) 10->59 dropped 14 emid.exe 30 10->14         started        file5 process6 dnsIp7 79 185.26.182.111 NO-OPERANO Norway 14->79 81 104.21.36.165 CLOUDFLARENETUS United States 14->81 83 188.114.97.3 CLOUDFLARENETUS European Union 14->83 61 C:\idman641build3.exe, PE32 14->61 dropped 63 C:\Users\user\AppData\Local\...\set_0.exe, PE32 14->63 dropped 65 C:\Users\user\AppData\Local\...\inetc.dll, PE32 14->65 dropped 67 C:\Users\user\AppData\...\OperaGXSetup[1].exe, PE32 14->67 dropped 18 set_0.exe 2 14->18         started        file8 process9 file10 37 C:\Users\user\AppData\Local\...\setup.exe, PE32 18->37 dropped 21 setup.exe 32 18->21         started        process11 dnsIp12 69 185.26.182.123 NO-OPERANO Norway 21->69 71 82.145.216.15 NO-OPERANO United Kingdom 21->71 73 4 other IPs or domains 21->73 39 Opera_installer_2502011506574613052.dll, PE32 21->39 dropped 41 C:\Users\user\AppData\Local\...\setup.exe, PE32 21->41 dropped 43 C:\Users\user\AppData\Local\...\opera_package, PE32 21->43 dropped 45 Opera_GX_116.0.536...toupdate_x64[1].exe, PE32 21->45 dropped 25 setup.exe 1 6 21->25         started        28 setup.exe 5 21->28         started        30 setup.exe 1 21->30         started        file13 process14 file15 47 Opera_installer_2502011506592413608.dll, PE32 25->47 dropped 32 setup.exe 4 25->32         started        49 Opera_installer_2502011506583934948.dll, PE32 28->49 dropped 51 Opera_installer_2502011506588375828.dll, PE32 30->51 dropped process16 file17 35 Opera_installer_2502011506595243412.dll, PE32 32->35 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.