File name:

OperaGXSetup.exe

Full analysis: https://app.any.run/tasks/2bbafc0d-7c69-4c20-a2f2-c5961ebae928
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 19, 2024, 15:38:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
crypto-regex
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

33E72CB0CB78FF80940554E3CB0F7B8E

SHA1:

397C56C949FAF980C6486C0807C9541EC72F43F2

SHA256:

0F98DDFE7D2CBA02DF1741E97CAB052FED5248EEC0DDCE33C8D2879B6D5BBF6A

SSDEEP:

98304:ywyWSeMgtFcVXflfLg2z85cwLUCqfDe+gk/jlxQElzyp2nS/AolvEOepMUyJWN/Y:ybFFPHrAT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • opera.exe (PID: 6832)

    • Actions looks like stealing of personal data

      • opera.exe (PID: 6832)

    • Steals credentials from Web Browsers

      • opera.exe (PID: 6832)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • OperaGXSetup.exe (PID: 6952)
      • setup.exe (PID: 7008)
      • setup.exe (PID: 6984)
      • setup.exe (PID: 6284)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 6428)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6268)
      • installer.exe (PID: 6972)
      • installer.exe (PID: 1640)
      • installer.exe (PID: 8116)
      • installer.exe (PID: 8140)
      • opera_autoupdate.exe (PID: 7576)
      • installer.exe (PID: 7456)
      • opera.exe (PID: 2088)
      • opera.exe (PID: 6384)

    • Executable content was dropped or overwritten

      • OperaGXSetup.exe (PID: 6952)
      • setup.exe (PID: 6984)
      • setup.exe (PID: 7008)
      • setup.exe (PID: 6284)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 6428)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6268)
      • installer.exe (PID: 1640)
      • installer.exe (PID: 6972)
      • installer.exe (PID: 8116)
      • installer.exe (PID: 8140)
      • opera_autoupdate.exe (PID: 7576)
      • installer.exe (PID: 7456)
      • opera.exe (PID: 2088)
      • opera.exe (PID: 6384)

    • Application launched itself

      • setup.exe (PID: 6984)
      • setup.exe (PID: 6284)
      • assistant_installer.exe (PID: 6304)
      • installer.exe (PID: 6972)
      • opera.exe (PID: 6832)
      • installer.exe (PID: 8116)
      • opera_autoupdate.exe (PID: 7812)
      • opera_autoupdate.exe (PID: 7576)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6984)
      • installer.exe (PID: 6972)

    • Starts itself from another location

      • setup.exe (PID: 6984)

    • Checks Windows Trust Settings

      • setup.exe (PID: 6984)

    • Searches for installed software

      • installer.exe (PID: 6972)

    • Creates a software uninstall entry

      • installer.exe (PID: 6972)

    • Reads the date of Windows installation

      • installer.exe (PID: 6972)
      • opera.exe (PID: 6832)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 6832)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 7576)

    • Connects to unusual port

      • opera.exe (PID: 6736)

    • Found regular expressions for crypto-addresses (YARA)

      • opera.exe (PID: 6736)
      • opera.exe (PID: 6832)
      • opera.exe (PID: 6792)

  • INFO

    • Create files in a temporary directory

      • OperaGXSetup.exe (PID: 6952)
      • setup.exe (PID: 6984)
      • setup.exe (PID: 7008)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 6284)
      • setup.exe (PID: 6428)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6268)
      • installer.exe (PID: 6972)
      • installer.exe (PID: 1640)
      • opera.exe (PID: 6832)
      • installer.exe (PID: 8116)
      • installer.exe (PID: 8140)
      • opera_autoupdate.exe (PID: 7576)
      • installer.exe (PID: 7456)

    • Checks supported languages

      • OperaGXSetup.exe (PID: 6952)
      • setup.exe (PID: 7008)
      • setup.exe (PID: 7088)
      • setup.exe (PID: 6984)
      • setup.exe (PID: 6284)
      • setup.exe (PID: 6428)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6268)
      • assistant_installer.exe (PID: 6304)
      • assistant_installer.exe (PID: 1928)
      • installer.exe (PID: 6972)
      • installer.exe (PID: 1640)
      • opera.exe (PID: 6832)
      • opera_crashreporter.exe (PID: 3448)
      • opera.exe (PID: 6792)
      • opera.exe (PID: 6736)
      • opera.exe (PID: 4248)
      • opera.exe (PID: 1480)
      • opera.exe (PID: 5276)
      • opera.exe (PID: 6400)
      • opera.exe (PID: 7144)
      • opera.exe (PID: 5264)
      • opera_gx_splash.exe (PID: 5904)
      • opera.exe (PID: 6408)
      • opera.exe (PID: 6168)
      • opera.exe (PID: 6448)
      • opera.exe (PID: 4404)
      • opera.exe (PID: 2212)
      • opera.exe (PID: 2092)
      • opera.exe (PID: 6344)
      • opera.exe (PID: 3140)
      • opera.exe (PID: 3980)
      • opera.exe (PID: 2068)
      • opera.exe (PID: 3992)
      • opera.exe (PID: 1848)
      • opera.exe (PID: 2204)
      • opera.exe (PID: 1356)
      • opera.exe (PID: 6108)
      • opera.exe (PID: 6888)
      • opera.exe (PID: 6784)
      • opera.exe (PID: 1084)
      • opera.exe (PID: 5556)
      • opera.exe (PID: 5248)
      • opera.exe (PID: 5532)
      • opera.exe (PID: 5516)
      • opera.exe (PID: 6368)
      • opera.exe (PID: 7068)
      • opera.exe (PID: 7184)
      • opera.exe (PID: 7076)
      • opera.exe (PID: 6392)
      • opera.exe (PID: 6632)
      • opera.exe (PID: 6356)
      • opera.exe (PID: 6848)
      • opera.exe (PID: 7192)
      • opera.exe (PID: 7200)
      • opera.exe (PID: 7176)
      • opera.exe (PID: 7220)
      • opera.exe (PID: 4772)
      • opera.exe (PID: 7212)
      • opera.exe (PID: 6332)
      • opera.exe (PID: 2388)
      • opera.exe (PID: 7960)
      • installer.exe (PID: 8140)
      • opera.exe (PID: 7404)
      • opera.exe (PID: 7308)
      • installer.exe (PID: 8116)
      • opera_autoupdate.exe (PID: 7812)
      • opera_autoupdate.exe (PID: 7188)
      • opera_autoupdate.exe (PID: 7576)
      • opera.exe (PID: 7120)
      • opera_autoupdate.exe (PID: 8004)
      • opera.exe (PID: 6788)
      • opera.exe (PID: 7612)
      • opera.exe (PID: 7460)
      • opera.exe (PID: 6368)
      • opera.exe (PID: 2092)
      • opera.exe (PID: 7928)
      • opera.exe (PID: 7900)
      • opera.exe (PID: 7612)
      • opera.exe (PID: 7084)
      • opera.exe (PID: 6344)
      • opera.exe (PID: 7492)
      • opera.exe (PID: 7804)
      • opera.exe (PID: 7468)
      • opera.exe (PID: 6848)
      • opera.exe (PID: 7332)
      • opera.exe (PID: 6328)
      • opera.exe (PID: 4316)
      • opera.exe (PID: 3660)
      • opera.exe (PID: 6224)
      • opera.exe (PID: 7540)
      • opera.exe (PID: 7216)
      • opera.exe (PID: 6576)
      • opera.exe (PID: 6652)
      • opera.exe (PID: 6692)
      • opera.exe (PID: 8120)
      • installer.exe (PID: 7456)
      • opera.exe (PID: 8132)
      • opera.exe (PID: 2616)
      • opera.exe (PID: 2088)
      • opera.exe (PID: 8152)
      • opera.exe (PID: 8048)
      • opera.exe (PID: 6384)
      • opera.exe (PID: 7596)
      • opera.exe (PID: 6424)

    • Reads the computer name

      • setup.exe (PID: 6984)
      • setup.exe (PID: 6284)
      • assistant_installer.exe (PID: 6304)
      • installer.exe (PID: 6972)
      • opera.exe (PID: 6832)
      • opera.exe (PID: 6792)
      • opera.exe (PID: 6736)
      • opera_gx_splash.exe (PID: 5904)
      • opera.exe (PID: 2068)
      • opera.exe (PID: 2204)
      • installer.exe (PID: 8116)
      • opera_autoupdate.exe (PID: 7812)
      • opera_autoupdate.exe (PID: 7576)
      • opera.exe (PID: 8152)

    • Checks proxy server information

      • setup.exe (PID: 6984)
      • opera.exe (PID: 6832)
      • opera_autoupdate.exe (PID: 7812)
      • opera_autoupdate.exe (PID: 7576)

    • Creates files or folders in the user directory

      • setup.exe (PID: 7008)
      • setup.exe (PID: 6984)
      • setup.exe (PID: 6284)
      • installer.exe (PID: 6972)
      • opera.exe (PID: 6832)
      • opera.exe (PID: 6736)
      • opera_autoupdate.exe (PID: 7576)
      • opera.exe (PID: 8152)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6984)
      • opera.exe (PID: 6832)
      • opera_autoupdate.exe (PID: 7812)
      • opera_autoupdate.exe (PID: 7188)
      • opera_autoupdate.exe (PID: 7576)
      • opera_autoupdate.exe (PID: 8004)
      • opera.exe (PID: 8152)

    • Reads the software policy settings

      • setup.exe (PID: 6984)

    • Process checks computer location settings

      • opera.exe (PID: 6832)
      • opera.exe (PID: 6168)
      • opera.exe (PID: 6448)
      • opera.exe (PID: 6408)
      • opera.exe (PID: 4404)
      • opera.exe (PID: 3980)
      • opera.exe (PID: 6108)
      • opera.exe (PID: 6784)
      • opera.exe (PID: 1848)
      • opera.exe (PID: 3992)
      • opera.exe (PID: 6888)
      • opera.exe (PID: 1084)
      • opera.exe (PID: 6332)
      • opera.exe (PID: 7200)
      • opera.exe (PID: 5264)
      • opera.exe (PID: 7120)
      • opera.exe (PID: 7612)
      • opera.exe (PID: 7332)
      • opera.exe (PID: 7804)
      • opera.exe (PID: 6424)
      • opera.exe (PID: 8132)

    • Reads CPU info

      • opera.exe (PID: 6832)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 112.0.5197.74
ProductVersionNumber: 112.0.5197.74
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 112.0.5197.74
ProductVersion: 112.0.5197.74
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2024
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
234
Monitored processes
106
Malicious processes
7
Suspicious processes
2

Behavior graph

Click at the process to see the details
start operagxsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe no specs installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs THREAT opera.exe opera_crashreporter.exe no specs THREAT opera.exe no specs THREAT opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs comppkgsrv.exe no specs opera.exe no specs installer.exe installer.exe opera.exe no specs opera.exe no specs opera_autoupdate.exe opera.exe no specs opera_autoupdate.exe opera_autoupdate.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
1084"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:gx-wallpaper-takeover-2-animation=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7340,i,9884013788070618427,8933605151442457995,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7352 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.74
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.74\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1356"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:gx-wallpaper-takeover-2-animation=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8412,i,9884013788070618427,8933605151442457995,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8432 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.74
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.74\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1480"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:gx-wallpaper-takeover-2-animation=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=2376,i,9884013788070618427,8933605151442457995,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
112.0.5197.74
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.74\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1640"C:\Users\admin\AppData\Local\Programs\Opera GX\112.0.5197.74\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.74 --initial-client-data=0x2a0,0x2a4,0x2a8,0x280,0x2ac,0x7fffd2e5ee10,0x7fffd2e5ee1c,0x7fffd2e5ee28C:\Users\admin\AppData\Local\Programs\Opera GX\112.0.5197.74\installer.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
112.0.5197.74
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.74\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1848"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:gx-wallpaper-takeover-2-animation=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6608,i,9884013788070618427,8933605151442457995,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
112.0.5197.74
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.74\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1928"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408191538271\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2bc,0x2c0,0x2c4,0x298,0x2c8,0xce4f48,0xce4f58,0xce4f64C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408191538271\assistant\assistant_installer.exeassistant_installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Browser Assistant Installer
Exit code:
0
Version:
73.0.3856.382
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\opera_package_202408191538271\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2068"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:gx-wallpaper-takeover-2-animation=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=1568,i,9884013788070618427,8933605151442457995,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
112.0.5197.74
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.74\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
2088"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:gx-wallpaper-takeover-2-animation=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=5760,i,9884013788070618427,8933605151442457995,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8596 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe
opera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.74
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.74\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
2092"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=opera.lights.mojom.Razer --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:gx-wallpaper-takeover-2-animation=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=5028,i,9884013788070618427,8933605151442457995,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.74
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.74\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
2092"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:gx-wallpaper-takeover-2-animation=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8472,i,9884013788070618427,8933605151442457995,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8240 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.74
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.74\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
Total events
29 357
Read events
28 356
Write events
985
Delete events
16

Modification events

(PID) Process:(6984) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6984) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6984) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6984) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6984) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6984) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6984) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6284) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(6972) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(6972) installer.exeKey:HKEY_CLASSES_ROOT\Opera GXStable
Operation:writeName:FriendlyTypeName
Value:
Opera GX Web Document
Executable files
29
Suspicious files
861
Text files
455
Unknown types
212

Dropped files

PID
Process
Filename
Type
6952OperaGXSetup.exeC:\Users\admin\AppData\Local\Temp\7zS82BE0881\setup.exeexecutable
MD5:24CEB5521EC9DAF20512EECDB1695958
SHA256:9B400311B1B05422BE39C6AA1410534EDB32CF46DA21348364CBCDE7E8167AD8
7088setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2408191538273827088.dllexecutable
MD5:7916599E12EE8885E6A27D0D4573439F
SHA256:3D3E546FBCD332E4A3BDADB2933A705BBC39E7A0C2F1E012A5269742A612AFE2
6984setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\Opera_GX_112.0.5197.74_Autoupdate_x64[1].exe
MD5:
SHA256:
6984setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408191538271\opera_package
MD5:
SHA256:
6984setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419der
MD5:29D09E7393544D920237159477947802
SHA256:345359FCEB27B419F3877A6739636E9D248899281F3DC46445FB2DDE6201CDDF
7008setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2408191538269137008.dllexecutable
MD5:7916599E12EE8885E6A27D0D4573439F
SHA256:3D3E546FBCD332E4A3BDADB2933A705BBC39E7A0C2F1E012A5269742A612AFE2
6984setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:33DA06D02B4A6C4C6FF5BD5EC8EF5F88
SHA256:2C0BADCCFE6796B9AA1076FCB1938CB14B47195ACCA948556CCA9FD39E9F133E
6984setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.datbinary
MD5:A0A420E4D5411261FADA03FDC5CC14FE
SHA256:828E084C4ACF4D416898BA0885BDD0C11DCE8AAD124A43C49933041E2C2ED6E3
6984setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:83ABEE51DB78FFD7F994FCFDBCDDABAA
SHA256:70A262EF80BE3CF2AC94945CBF912561DB79DDE8B3FACC9CA3EEF646AA633086
6984setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeexecutable
MD5:24CEB5521EC9DAF20512EECDB1695958
SHA256:9B400311B1B05422BE39C6AA1410534EDB32CF46DA21348364CBCDE7E8167AD8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
161
DNS requests
147
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6984
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6984
setup.exe
GET
200
142.250.186.35:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
6984
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAfyOr5A1UWlCmQhXhy%2Bwwk%3D
unknown
whitelisted
6984
setup.exe
GET
200
142.250.186.35:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
6984
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAsA6S1NbXMfyjBZx8seGIY%3D
unknown
whitelisted
6984
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
4708
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6812
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6984
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6984
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4876
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3840
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
192.168.100.255:138
whitelisted
6984
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
unknown
6984
setup.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6984
setup.exe
82.145.216.20:443
autoupdate.geo.opera.com
Opera Software AS
NO
unknown
6984
setup.exe
82.145.216.15:443
features.opera-api2.com
Opera Software AS
NO
malicious
6984
setup.exe
104.18.24.17:443
api.config.opr.gg
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.206
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
autoupdate.geo.opera.com
  • 82.145.216.20
  • 82.145.216.19
whitelisted
features.opera-api2.com
  • 82.145.216.15
  • 82.145.216.16
malicious
api.config.opr.gg
  • 104.18.24.17
  • 104.18.25.17
unknown
c.pki.goog
  • 142.250.186.35
whitelisted
download.opera.com
  • 185.26.182.117
  • 185.26.182.122
whitelisted
download3.operacdn.com
  • 23.53.42.195
  • 23.53.42.122
  • 2.23.209.3
  • 2.23.209.50
whitelisted

Threats

No threats detected
Process
Message
assistant_installer.exe
[0819/153951.975:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408191538271\assistant\assistant_installer.exe" --version
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup.exe