File name:

OperaGXSetup(1).exe

Full analysis: https://app.any.run/tasks/5063dacf-3afa-43cb-bbd1-f9254a66dc32
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: July 08, 2025, 21:31:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
opera
tool
stealer
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

975BCA5011C7903DFB0748117DD3D6A5

SHA1:

96A1E7078794EBE89A575CEDE18869752AEB2B23

SHA256:

1355EDA8AB4F5142A5F2A7A4A3644C21C73F17C0F3CA942E9AA20442EA905E72

SSDEEP:

98304:EwyWSeMgtGxIvYAh71sJ40iKtQnCptp0KBH3lxVmBBln8EB9PU+WHdSx/IC8Kxlj:E5AgURRiy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • opera.exe (PID: 6368)

    • Actions looks like stealing of personal data

      • opera.exe (PID: 6368)

    • Steals credentials from Web Browsers

      • opera.exe (PID: 6368)

  • SUSPICIOUS

    • Application launched itself

      • setup.exe (PID: 6808)
      • setup.exe (PID: 2032)
      • assistant_installer.exe (PID: 4528)
      • installer.exe (PID: 6220)
      • opera.exe (PID: 6368)
      • opera_autoupdate.exe (PID: 7280)
      • installer.exe (PID: 4968)
      • opera_autoupdate.exe (PID: 7972)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 1044)
      • OperaGXSetup(1).exe (PID: 2972)
      • setup.exe (PID: 6808)
      • setup.exe (PID: 4648)
      • setup.exe (PID: 2120)
      • setup.exe (PID: 2032)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 3948)
      • installer.exe (PID: 6220)
      • installer.exe (PID: 6548)
      • installer.exe (PID: 4968)
      • installer.exe (PID: 8264)
      • opera_autoupdate.exe (PID: 7972)
      • installer.exe (PID: 9168)

    • Starts itself from another location

      • setup.exe (PID: 6808)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6808)
      • installer.exe (PID: 6220)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 6808)
      • setup.exe (PID: 1044)

    • Creates a software uninstall entry

      • installer.exe (PID: 6220)

    • Searches for installed software

      • installer.exe (PID: 6220)

    • Reads the date of Windows installation

      • installer.exe (PID: 6220)
      • opera.exe (PID: 6368)

    • The process checks if it is being run in the virtual environment

      • opera.exe (PID: 6368)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 7972)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 6368)

  • INFO

    • Checks supported languages

      • OperaGXSetup(1).exe (PID: 2972)
      • setup.exe (PID: 6808)
      • setup.exe (PID: 1044)
      • setup.exe (PID: 4648)
      • setup.exe (PID: 2120)
      • installer.exe (PID: 6220)
      • assistant_installer.exe (PID: 4528)
      • installer.exe (PID: 6548)
      • opera.exe (PID: 6368)
      • opera_crashreporter.exe (PID: 6512)
      • opera.exe (PID: 3944)
      • opera.exe (PID: 6552)
      • setup.exe (PID: 2032)
      • opera.exe (PID: 6400)
      • opera.exe (PID: 6704)
      • opera.exe (PID: 2508)
      • opera.exe (PID: 5644)
      • opera.exe (PID: 5768)
      • opera.exe (PID: 7032)
      • opera_gx_splash.exe (PID: 7316)
      • opera.exe (PID: 7612)
      • opera.exe (PID: 7712)
      • opera.exe (PID: 7824)
      • opera.exe (PID: 6148)
      • opera.exe (PID: 7628)
      • opera.exe (PID: 7744)
      • opera.exe (PID: 7848)
      • opera.exe (PID: 7812)
      • opera.exe (PID: 7840)
      • opera.exe (PID: 7756)
      • assistant_installer.exe (PID: 6812)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 3948)
      • opera.exe (PID: 7944)
      • opera.exe (PID: 2804)
      • opera.exe (PID: 8140)
      • opera.exe (PID: 8044)
      • opera.exe (PID: 7980)
      • opera.exe (PID: 7076)
      • opera.exe (PID: 6524)
      • opera.exe (PID: 7536)
      • opera.exe (PID: 7320)
      • opera.exe (PID: 1212)
      • opera.exe (PID: 7508)
      • opera.exe (PID: 5780)
      • opera.exe (PID: 6720)
      • opera.exe (PID: 4088)
      • opera.exe (PID: 2696)
      • opera.exe (PID: 2848)
      • opera.exe (PID: 2464)
      • opera_autoupdate.exe (PID: 7280)
      • opera_autoupdate.exe (PID: 7296)
      • opera.exe (PID: 7324)
      • opera.exe (PID: 1356)
      • installer.exe (PID: 8264)
      • opera_autoupdate.exe (PID: 7972)
      • opera.exe (PID: 6220)
      • opera_autoupdate.exe (PID: 8300)
      • opera.exe (PID: 6408)
      • opera.exe (PID: 8620)
      • installer.exe (PID: 4968)
      • opera.exe (PID: 8464)
      • opera.exe (PID: 8992)
      • opera.exe (PID: 9136)
      • opera.exe (PID: 8376)
      • opera.exe (PID: 9052)
      • opera.exe (PID: 9096)
      • opera.exe (PID: 8540)
      • opera.exe (PID: 6240)
      • opera.exe (PID: 6724)
      • opera.exe (PID: 8392)
      • opera.exe (PID: 4444)
      • opera.exe (PID: 7440)
      • opera.exe (PID: 7436)
      • opera.exe (PID: 8564)
      • opera.exe (PID: 6772)
      • opera.exe (PID: 5884)
      • opera.exe (PID: 8484)
      • opera.exe (PID: 320)
      • opera.exe (PID: 7196)
      • opera.exe (PID: 7336)
      • opera.exe (PID: 5368)
      • opera.exe (PID: 2124)
      • opera.exe (PID: 8056)
      • opera.exe (PID: 6700)
      • opera.exe (PID: 2428)
      • opera.exe (PID: 8368)
      • opera.exe (PID: 8576)
      • opera.exe (PID: 8240)
      • opera.exe (PID: 8212)
      • opera.exe (PID: 7592)
      • opera.exe (PID: 7824)
      • opera.exe (PID: 9108)
      • installer.exe (PID: 9168)
      • opera.exe (PID: 9172)
      • opera.exe (PID: 7060)
      • opera.exe (PID: 8424)
      • opera.exe (PID: 8392)
      • opera.exe (PID: 7976)
      • opera.exe (PID: 7440)
      • opera.exe (PID: 8972)
      • opera.exe (PID: 7500)
      • opera.exe (PID: 8480)

    • Create files in a temporary directory

      • OperaGXSetup(1).exe (PID: 2972)
      • setup.exe (PID: 1044)
      • setup.exe (PID: 6808)
      • setup.exe (PID: 2120)
      • setup.exe (PID: 4648)
      • setup.exe (PID: 2032)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 3948)
      • installer.exe (PID: 6220)
      • installer.exe (PID: 6548)
      • opera.exe (PID: 6368)
      • installer.exe (PID: 4968)
      • installer.exe (PID: 8264)
      • opera_autoupdate.exe (PID: 7972)
      • installer.exe (PID: 9168)

    • The sample compiled with english language support

      • OperaGXSetup(1).exe (PID: 2972)
      • setup.exe (PID: 1044)
      • setup.exe (PID: 2120)
      • setup.exe (PID: 4648)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 3948)
      • setup.exe (PID: 6808)
      • setup.exe (PID: 2032)
      • installer.exe (PID: 6220)
      • installer.exe (PID: 6548)
      • installer.exe (PID: 4968)
      • installer.exe (PID: 8264)
      • installer.exe (PID: 9168)

    • Reads the computer name

      • setup.exe (PID: 6808)
      • setup.exe (PID: 2032)
      • assistant_installer.exe (PID: 4528)
      • installer.exe (PID: 6220)
      • opera.exe (PID: 6368)
      • opera.exe (PID: 6552)
      • opera.exe (PID: 3944)
      • opera_gx_splash.exe (PID: 7316)
      • opera.exe (PID: 7076)
      • opera_autoupdate.exe (PID: 7280)
      • installer.exe (PID: 4968)
      • opera_autoupdate.exe (PID: 7972)

    • Checks proxy server information

      • setup.exe (PID: 6808)
      • opera.exe (PID: 6368)
      • opera_autoupdate.exe (PID: 7280)
      • opera_autoupdate.exe (PID: 7972)

    • Creates files or folders in the user directory

      • setup.exe (PID: 1044)
      • setup.exe (PID: 6808)
      • setup.exe (PID: 2032)
      • installer.exe (PID: 6220)
      • opera.exe (PID: 6552)
      • opera.exe (PID: 6368)
      • opera_autoupdate.exe (PID: 7972)

    • Reads the software policy settings

      • setup.exe (PID: 6808)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6808)
      • opera.exe (PID: 6368)
      • opera_autoupdate.exe (PID: 7296)
      • opera_autoupdate.exe (PID: 7972)
      • opera_autoupdate.exe (PID: 7280)
      • opera_autoupdate.exe (PID: 8300)

    • OPERA mutex has been found

      • opera.exe (PID: 6368)
      • opera_autoupdate.exe (PID: 7280)
      • opera_autoupdate.exe (PID: 7972)

    • Launching a file from a Registry key

      • opera.exe (PID: 6368)

    • Process checks computer location settings

      • opera.exe (PID: 6368)
      • opera.exe (PID: 7612)
      • opera.exe (PID: 6148)
      • opera.exe (PID: 7628)
      • opera.exe (PID: 7712)
      • opera.exe (PID: 7744)
      • opera.exe (PID: 7756)
      • opera.exe (PID: 7944)
      • opera.exe (PID: 8140)
      • opera.exe (PID: 7980)
      • opera.exe (PID: 8056)
      • opera.exe (PID: 8044)
      • opera.exe (PID: 7320)
      • opera.exe (PID: 6220)
      • opera.exe (PID: 6408)
      • opera.exe (PID: 8620)
      • opera.exe (PID: 8992)
      • opera.exe (PID: 320)
      • opera.exe (PID: 7336)
      • opera.exe (PID: 7592)
      • opera.exe (PID: 7824)
      • opera.exe (PID: 9172)
      • opera.exe (PID: 7500)
      • opera.exe (PID: 8480)
      • opera.exe (PID: 8392)
      • opera.exe (PID: 7976)
      • opera.exe (PID: 7440)
      • opera.exe (PID: 8972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 119.0.5497.186
ProductVersionNumber: 119.0.5497.186
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 119.0.5497.186
ProductVersion: 119.0.5497.186
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2025
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
241
Monitored processes
105
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start operagxsetup(1).exe no specs setup.exe setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe no specs assistant_installer.exe assistant_installer.exe no specs installer.exe no specs installer.exe no specs opera.exe no specs opera_crashreporter.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs comppkgsrv.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe installer.exe no specs opera.exe no specs opera_autoupdate.exe opera.exe no specs opera_autoupdate.exe no specs installer.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs slui.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
320"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 OPR/119.0.0.0 (Edition std-2)" --no-pre-read-main-dll --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-travel-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:hide-navigations-from-extensions=on --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=on --with-feature:tiktok-panel=on --with-feature:vpn-pro-v4-support=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=2028,i,16010501927305540039,17742171260897631989,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=PlatformSoftwareH264EncoderInGpu,UpdatableKeyPins --variations-seed-version --mojo-platform-channel-handle=8700 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
119.0.5497.186
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\119.0.5497.186\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1044C:\Users\admin\AppData\Local\Temp\7zSC9B22947\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.186 --initial-client-data=0x298,0x29c,0x2a0,0x27c,0x2a4,0x7ffc43edb388,0x7ffc43edb394,0x7ffc43edb3a0C:\Users\admin\AppData\Local\Temp\7zSC9B22947\setup.exesetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
119.0.5497.186
Modules
Images
c:\users\admin\appdata\local\temp\7zsc9b22947\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1212"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-travel-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:hide-navigations-from-extensions=on --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=on --with-feature:tiktok-panel=on --with-feature:vpn-pro-v4-support=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --field-trial-handle=2028,i,16010501927305540039,17742171260897631989,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=PlatformSoftwareH264EncoderInGpu,UpdatableKeyPins --variations-seed-version --mojo-platform-channel-handle=8020 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
119.0.5497.186
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\119.0.5497.186\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1356"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-travel-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:hide-navigations-from-extensions=on --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=on --with-feature:tiktok-panel=on --with-feature:vpn-pro-v4-support=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --field-trial-handle=2028,i,16010501927305540039,17742171260897631989,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=PlatformSoftwareH264EncoderInGpu,UpdatableKeyPins --variations-seed-version --mojo-platform-channel-handle=10312 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
119.0.5497.186
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\119.0.5497.186\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2032"C:\Users\admin\AppData\Local\Temp\7zSC9B22947\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6808 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250708213133" --session-guid=5c0f90bf-a21e-402a-8904-7f404d73adce --server-tracking-blob="MWVkMzA1NmI5N2MwODNkZDhhOTQ1MTAyNDhhMmQyZjM3ZDAyZTQwZTljODVlY2FmNDJiNWEyNWVlNTdlOGM5MTp7ImNvdW50cnkiOiJQVCIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL2FwcC5oZXljYXNoLmNvbS8iLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhR1hTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYV9neCJ9LCJxdWVyeSI6Ii9vcGVyYV9neC9zdGFibGUvZWRpdGlvbi9zdGQtMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTc1MjAxMDI2Ni45NjQxIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTQwLjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTQwLjAiLCJ1dG0iOnt9LCJ1dWlkIjoiYmVhNGUwNTctNzZlOS00ZTZhLWE5MmEtYjJmYmNhOGY0NThmIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=8808000000000000C:\Users\admin\AppData\Local\Temp\7zSC9B22947\setup.exesetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
119.0.5497.186
Modules
Images
c:\users\admin\appdata\local\temp\7zsc9b22947\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2120"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exesetup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2124"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-travel-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:hide-navigations-from-extensions=on --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=on --with-feature:tiktok-panel=on --with-feature:vpn-pro-v4-support=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --field-trial-handle=2028,i,16010501927305540039,17742171260897631989,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=PlatformSoftwareH264EncoderInGpu,UpdatableKeyPins --variations-seed-version --mojo-platform-channel-handle=3436 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
119.0.5497.186
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\119.0.5497.186\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2200C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2428"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-travel-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:hide-navigations-from-extensions=on --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=on --with-feature:tiktok-panel=on --with-feature:vpn-pro-v4-support=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --field-trial-handle=2028,i,16010501927305540039,17742171260897631989,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=PlatformSoftwareH264EncoderInGpu,UpdatableKeyPins --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
119.0.5497.186
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\119.0.5497.186\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2464"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-travel-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:hide-navigations-from-extensions=on --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=on --with-feature:tiktok-panel=on --with-feature:vpn-pro-v4-support=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --field-trial-handle=2028,i,16010501927305540039,17742171260897631989,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=PlatformSoftwareH264EncoderInGpu,UpdatableKeyPins --variations-seed-version --mojo-platform-channel-handle=10640 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
119.0.5497.186
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\119.0.5497.186\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
18 181
Read events
17 168
Write events
1 001
Delete events
12

Modification events

(PID) Process:(6808) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6808) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6808) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2032) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(6220) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(6220) installer.exeKey:HKEY_CLASSES_ROOT\Opera GXStable
Operation:writeName:FriendlyTypeName
Value:
Opera GX Web Document
(PID) Process:(6220) installer.exeKey:HKEY_CLASSES_ROOT\Opera GXStable
Operation:writeName:URL Protocol
Value:
(PID) Process:(6220) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
121
(PID) Process:(6220) installer.exeKey:HKEY_CLASSES_ROOT\.gxanimations\OpenWithProgIDs
Operation:writeName:Opera GXStable
Value:
(PID) Process:(6220) installer.exeKey:HKEY_CLASSES_ROOT\.opdownload\OpenWithProgIDs
Operation:writeName:Opera GXStable
Value:
Executable files
22
Suspicious files
770
Text files
707
Unknown types
252

Dropped files

PID
Process
Filename
Type
6808setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\Opera_GX_119.0.5497.186_Autoupdate_x64[1].exe
MD5:
SHA256:
6808setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507082131331\opera_package
MD5:
SHA256:
6808setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_9AD8E6D69BA520C5190A9B86E29789D5binary
MD5:5C3867E6F5203264EEB7ED8FBC897DBF
SHA256:B7C6319268737833CA85C7C600BB7F00859DD5035A81314D8828E971169A411D
6808setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:699D68AE57F6D6F5879C3F7FC5A79A16
SHA256:0FC0374F6034F73AEADF420B924AAC8B9D2793E8939DFBD5A2354CCC4E7B2D8E
2032setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2507082131450782032.dllexecutable
MD5:5098A3D34F39B77F13954ACBAD891223
SHA256:155518D4A5DA4D0978DECCF532D3295417330E377AF4EBC5D2F3213086C9C012
1044setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2507082131326041044.dllexecutable
MD5:5098A3D34F39B77F13954ACBAD891223
SHA256:155518D4A5DA4D0978DECCF532D3295417330E377AF4EBC5D2F3213086C9C012
2972OperaGXSetup(1).exeC:\Users\admin\AppData\Local\Temp\7zSC9B22947\setup.exeexecutable
MD5:71CD6742D4E6C94EBFA7B9D0F48E1BD2
SHA256:94DCA3E340926B2B19FD7D70BAFABC61B6F7C3055BD905B26A36D7DD55AD54A1
6808setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12der
MD5:CA8A9BDCA7AD59F5C8B7E1AA63160039
SHA256:81B7FA53B692B4D26E2E8943F2DDA2F9563CFCB0E11F48679EB2BE4F8C375B90
6808setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBder
MD5:B76305D38E809707BDFF210103AE47A6
SHA256:BF482D979565CF0D1D1A7AAC321325E17713E3A9A177CB0DDBB7D387597BACC1
6808setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_9AD8E6D69BA520C5190A9B86E29789D5der
MD5:3221500E20059343DEF0570723EFAF1D
SHA256:54E83B7707417033250F9C71D9ECAAE37F7E93E03C4E3AB8B6C9B2C15E78DE32
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
149
DNS requests
147
Threats
46

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6808
setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6808
setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAsA6S1NbXMfyjBZx8seGIY%3D
unknown
whitelisted
6808
setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEA17ZgsSl63KHstWnAbUez0%3D
unknown
whitelisted
6808
setup.exe
GET
200
142.250.185.195:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.20:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6808
setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA3ri9giEg1QVRsEGETa5zg%3D
unknown
whitelisted
2072
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6808
setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6808
setup.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6256
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6808
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted
6808
setup.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
6808
setup.exe
82.145.216.47:443
autoupdate.opera.com
Opera Software AS
NO
whitelisted
6808
setup.exe
82.145.216.58:443
features.opera-api2.com
Opera Software AS
NO
whitelisted
6808
setup.exe
104.18.24.17:443
api.config.opr.gg
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.46
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 2.17.190.73
whitelisted
autoupdate.opera.com
  • 82.145.216.47
  • 82.145.216.19
  • 82.145.216.46
  • 82.145.216.20
whitelisted
features.opera-api2.com
  • 82.145.216.58
  • 82.145.216.15
  • 82.145.216.59
  • 82.145.216.16
malicious
api.config.opr.gg
  • 104.18.24.17
  • 104.18.25.17
unknown
c.pki.goog
  • 142.250.185.195
whitelisted
download.opera.com
  • 185.26.182.122
  • 185.26.182.117
whitelisted
download5.operacdn.com
  • 104.18.11.89
  • 104.18.10.89
malicious

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO Outgoing Basic Auth Base64 HTTP Password detected unencrypted
6552
opera.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6552
opera.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6552
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
6552
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
6552
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
6552
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
6552
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
6552
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
6552
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Process
Message
assistant_installer.exe
[0708/213147.156:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202507082131331\assistant\assistant_installer.exe" --version
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup(1).exe