Malware activity

I got tricked to download a malware, which apparently stole the content of my opera passwords safe. Now I need to know if they had a chance to read from RAM all the passwords or only those used during the unlucky session.
The same question about crypto wallets from the browser: did the memory contain/expose just the security content of unlocked wallets or all of them? Could it expose my password to the browser extension or secret data of the crypto accounts directly? (like seed phrase, perhaps)

@leocg Yes, something like a web.

Have you created a new (blue-white) icon on the starting page, in the center above the search bar? Or is it malicious? Today I noticed something looking like a white-lined project of a drop with sparkles around...