File name:

OperaGXSetup.exe

Full analysis: https://app.any.run/tasks/a0cadc53-8d9a-4aa8-b42d-a813ba1fcf4e
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: April 17, 2026, 22:35:29
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
opera
tool
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

FFB545EF23536572FF49398319C5CC11

SHA1:

A7E9379780DE2E31746D0DE7F1C1F8627ACE1E50

SHA256:

1A8714F9ABBA32CCFD0AE91A527E37FF2ED21590BC11EDECC3605C0137F72BCF

SSDEEP:

98304:gwyWSeMgt458ikD6BgslI3dvLjTvIpbSp8ntOmSrF31TccZOTpDN79b5/bCjENm5:gBqtlwWM9vW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • assistant_installer.exe (PID: 7996)
      • opera.exe (PID: 7356)

    • Steals credentials from Web Browsers

      • opera.exe (PID: 7356)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaGXSetup.exe (PID: 2576)
      • installer.exe (PID: 7224)
      • Opera_GX_assistant_130.0.5847.58_Setup.exe_sfx.exe (PID: 2164)
      • installer.exe (PID: 4708)
      • installer.exe (PID: 6592)
      • assistant_installer.exe (PID: 7996)

    • Starts itself from another location

      • installer.exe (PID: 7224)
      • assistant_installer.exe (PID: 7996)

    • Application launched itself

      • assistant_installer.exe (PID: 4324)
      • installer.exe (PID: 4708)
      • installer.exe (PID: 6592)
      • assistant_installer.exe (PID: 7996)
      • assistant_installer.exe (PID: 8152)
      • browser_assistant.exe (PID: 7476)
      • installer.exe (PID: 7224)
      • opera.exe (PID: 7356)
      • installer.exe (PID: 9484)
      • opera_autoupdate.exe (PID: 9668)
      • opera_autoupdate.exe (PID: 9648)

    • Searches for installed software

      • installer.exe (PID: 6592)
      • browser_assistant.exe (PID: 7476)

    • Reads the date of Windows installation

      • installer.exe (PID: 6592)
      • opera.exe (PID: 7356)

    • Possible stealing from browsers

      • opera_crashreporter.exe (PID: 8164)
      • opera.exe (PID: 7356)
      • opera_crashreporter.exe (PID: 6500)
      • opera_crashreporter.exe (PID: 7176)
      • opera_crashreporter.exe (PID: 4916)
      • opera_crashreporter.exe (PID: 6148)
      • opera_crashreporter.exe (PID: 7832)
      • browser_assistant.exe (PID: 8104)
      • browser_assistant.exe (PID: 7476)
      • opera_crashreporter.exe (PID: 8520)
      • opera_autoupdate.exe (PID: 9832)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 7356)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 9648)

  • INFO

    • Reads the computer name

      • installer.exe (PID: 7224)
      • installer.exe (PID: 4708)
      • assistant_installer.exe (PID: 4324)
      • installer.exe (PID: 6592)
      • assistant_installer.exe (PID: 7996)
      • assistant_installer.exe (PID: 8152)
      • opera.exe (PID: 2528)
      • opera.exe (PID: 7356)
      • opera.exe (PID: 2204)
      • browser_assistant.exe (PID: 7476)
      • opera.exe (PID: 6556)
      • opera.exe (PID: 5632)
      • opera.exe (PID: 4336)
      • opera.exe (PID: 7576)
      • opera.exe (PID: 5800)
      • opera_gx_splash.exe (PID: 7428)
      • opera.exe (PID: 8500)
      • opera.exe (PID: 6096)
      • installer.exe (PID: 9484)
      • opera_autoupdate.exe (PID: 9748)
      • opera_autoupdate.exe (PID: 9668)
      • opera_autoupdate.exe (PID: 9832)
      • opera_autoupdate.exe (PID: 9648)

    • Checks supported languages

      • OperaGXSetup.exe (PID: 2576)
      • installer.exe (PID: 2876)
      • Opera_GX_assistant_130.0.5847.58_Setup.exe_sfx.exe (PID: 2164)
      • assistant_installer.exe (PID: 4324)
      • installer.exe (PID: 2588)
      • assistant_installer.exe (PID: 7660)
      • installer.exe (PID: 4708)
      • installer.exe (PID: 6592)
      • installer.exe (PID: 2092)
      • assistant_installer.exe (PID: 7996)
      • assistant_installer.exe (PID: 7248)
      • assistant_installer.exe (PID: 8152)
      • browser_assistant.exe (PID: 7476)
      • opera.exe (PID: 2528)
      • opera.exe (PID: 7356)
      • assistant_installer.exe (PID: 7488)
      • opera_crashreporter.exe (PID: 7176)
      • opera_crashreporter.exe (PID: 8164)
      • opera.exe (PID: 2204)
      • opera_crashreporter.exe (PID: 6500)
      • browser_assistant.exe (PID: 8104)
      • opera_crashreporter.exe (PID: 4916)
      • opera.exe (PID: 6556)
      • opera_crashreporter.exe (PID: 6148)
      • opera.exe (PID: 5632)
      • opera_crashreporter.exe (PID: 7832)
      • opera.exe (PID: 4336)
      • opera.exe (PID: 7576)
      • opera.exe (PID: 5800)
      • installer.exe (PID: 7224)
      • installer.exe (PID: 8020)
      • opera.exe (PID: 2652)
      • opera.exe (PID: 7484)
      • opera.exe (PID: 5196)
      • opera.exe (PID: 5200)
      • opera.exe (PID: 7896)
      • opera.exe (PID: 8184)
      • opera.exe (PID: 4348)
      • opera_gx_splash.exe (PID: 7428)
      • browser_assistant.exe (PID: 8472)
      • opera_crashreporter.exe (PID: 8520)
      • opera.exe (PID: 8672)
      • opera.exe (PID: 8656)
      • opera.exe (PID: 8812)
      • opera.exe (PID: 8768)
      • opera.exe (PID: 8804)
      • opera.exe (PID: 8500)
      • opera.exe (PID: 8604)
      • opera.exe (PID: 9028)
      • opera.exe (PID: 9172)
      • opera.exe (PID: 9192)
      • opera.exe (PID: 8328)
      • opera.exe (PID: 8472)
      • opera.exe (PID: 8340)
      • opera.exe (PID: 6096)
      • opera.exe (PID: 8792)
      • opera.exe (PID: 8820)
      • opera.exe (PID: 8880)
      • opera.exe (PID: 8600)
      • opera.exe (PID: 8588)
      • opera.exe (PID: 9024)
      • opera.exe (PID: 8516)
      • opera.exe (PID: 8520)
      • opera.exe (PID: 8720)
      • opera.exe (PID: 8556)
      • opera.exe (PID: 8564)
      • opera.exe (PID: 6556)
      • opera.exe (PID: 8540)
      • opera.exe (PID: 9444)
      • opera.exe (PID: 8180)
      • opera.exe (PID: 8592)
      • opera.exe (PID: 8568)
      • opera.exe (PID: 8468)
      • opera.exe (PID: 9468)
      • installer.exe (PID: 9484)
      • opera.exe (PID: 9476)
      • opera_autoupdate.exe (PID: 9748)
      • installer.exe (PID: 9628)
      • opera_autoupdate.exe (PID: 9668)
      • opera_autoupdate.exe (PID: 9648)
      • opera.exe (PID: 9452)
      • opera.exe (PID: 10168)
      • opera.exe (PID: 9768)
      • opera.exe (PID: 10060)
      • opera.exe (PID: 10020)
      • opera.exe (PID: 10108)
      • opera.exe (PID: 10116)
      • opera_autoupdate.exe (PID: 9832)
      • opera.exe (PID: 9284)
      • opera.exe (PID: 9036)
      • opera.exe (PID: 8792)
      • opera.exe (PID: 9384)
      • opera.exe (PID: 9108)
      • installer.exe (PID: 9628)
      • opera.exe (PID: 8740)
      • opera.exe (PID: 9256)

    • Create files in a temporary directory

      • OperaGXSetup.exe (PID: 2576)
      • installer.exe (PID: 7224)
      • Opera_GX_assistant_130.0.5847.58_Setup.exe_sfx.exe (PID: 2164)
      • installer.exe (PID: 6592)
      • opera.exe (PID: 7356)
      • opera_autoupdate.exe (PID: 9648)

    • Creates files or folders in the user directory

      • installer.exe (PID: 7224)
      • installer.exe (PID: 4708)
      • installer.exe (PID: 6592)
      • assistant_installer.exe (PID: 7996)
      • opera.exe (PID: 7356)
      • installer.exe (PID: 8020)
      • opera.exe (PID: 5800)
      • browser_assistant.exe (PID: 7476)
      • opera_autoupdate.exe (PID: 9748)
      • opera_autoupdate.exe (PID: 9668)
      • opera_autoupdate.exe (PID: 9648)

    • The sample compiled with english language support

      • installer.exe (PID: 7224)
      • Opera_GX_assistant_130.0.5847.58_Setup.exe_sfx.exe (PID: 2164)
      • installer.exe (PID: 4708)
      • installer.exe (PID: 6592)
      • assistant_installer.exe (PID: 7996)
      • OperaGXSetup.exe (PID: 2576)

    • Reads security settings of Internet Explorer

      • installer.exe (PID: 7224)
      • installer.exe (PID: 6592)
      • browser_assistant.exe (PID: 7476)

    • Reads the machine GUID from the registry

      • installer.exe (PID: 7224)
      • installer.exe (PID: 6592)
      • opera.exe (PID: 7356)
      • browser_assistant.exe (PID: 7476)
      • opera_autoupdate.exe (PID: 9668)
      • opera_autoupdate.exe (PID: 9748)
      • opera_autoupdate.exe (PID: 9832)
      • opera_autoupdate.exe (PID: 9648)

    • There is functionality for taking screenshot (YARA)

      • installer.exe (PID: 7224)
      • installer.exe (PID: 8020)

    • Creates a software uninstall entry

      • installer.exe (PID: 6592)

    • Launching a file from a Registry key

      • assistant_installer.exe (PID: 7996)
      • opera.exe (PID: 7356)

    • OPERA mutex has been found

      • browser_assistant.exe (PID: 7476)
      • opera.exe (PID: 7356)
      • opera_autoupdate.exe (PID: 9668)
      • opera_autoupdate.exe (PID: 9648)

    • Reads CPU info

      • opera.exe (PID: 7356)

    • Process checks computer location settings

      • opera.exe (PID: 7356)
      • opera.exe (PID: 5200)
      • opera.exe (PID: 8604)
      • opera.exe (PID: 8656)
      • opera.exe (PID: 8672)
      • opera.exe (PID: 8768)
      • opera.exe (PID: 8880)
      • opera.exe (PID: 9028)
      • opera.exe (PID: 9192)
      • opera.exe (PID: 9172)
      • opera.exe (PID: 8328)
      • opera.exe (PID: 8472)
      • opera.exe (PID: 9024)
      • opera.exe (PID: 8468)
      • opera.exe (PID: 9768)
      • opera.exe (PID: 10116)
      • opera.exe (PID: 8792)
      • opera.exe (PID: 9384)
      • opera.exe (PID: 9108)

    • Manual execution by a user

      • browser_assistant.exe (PID: 8472)
      • opera.exe (PID: 8500)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 130.0.5847.58
ProductVersionNumber: 130.0.5847.58
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 130.0.5847.58
ProductVersion: 130.0.5847.58
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2026
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
232
Monitored processes
97
Malicious processes
5
Suspicious processes
4

Behavior graph

Click at the process to see the details
start operagxsetup.exe installer.exe installer.exe installer.exe no specs opera_gx_assistant_130.0.5847.58_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe installer.exe installer.exe installer.exe installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe browser_assistant.exe opera.exe no specs opera.exe opera_crashreporter.exe opera_crashreporter.exe opera.exe no specs opera_crashreporter.exe browser_assistant.exe opera.exe no specs opera_crashreporter.exe opera.exe no specs opera_crashreporter.exe opera.exe no specs opera_crashreporter.exe unsecapp.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs browser_assistant.exe no specs opera.exe no specs opera_crashreporter.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe no specs installer.exe opera_autoupdate.exe opera_autoupdate.exe opera_autoupdate.exe opera.exe no specs opera_autoupdate.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2092"C:\Users\admin\AppData\Local\Programs\Opera GX\130.0.5847.58\installer.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=130.0.5847.58 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff67079e6d8,0x7ff67079e6e4,0x7ff67079e6f0C:\Users\admin\AppData\Local\Programs\Opera GX\130.0.5847.58\installer.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\130.0.5847.58\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2164"C:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\opera_package_202604171835361\assistant\Opera_GX_assistant_130.0.5847.58_Setup.exe_sfx.exe"C:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\opera_package_202604171835361\assistant\Opera_GX_assistant_130.0.5847.58_Setup.exe_sfx.exe
installer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Exit code:
0
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 opera gx installer temp\opera_package_202604171835361\assistant\opera_gx_assistant_130.0.5847.58_setup.exe_sfx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2204"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --streamC:\Users\admin\AppData\Local\Programs\Opera GX\opera.exebrowser_assistant.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Internet Browser
Exit code:
0
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\130.0.5847.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
2528"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --streamC:\Users\admin\AppData\Local\Programs\Opera GX\opera.exebrowser_assistant.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Internet Browser
Exit code:
0
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\130.0.5847.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
2576"C:\Users\admin\AppData\Local\Temp\OperaGXSetup.exe" C:\Users\admin\AppData\Local\Temp\OperaGXSetup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Exit code:
0
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\temp\operagxsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2588C:\Users\admin\AppData\Local\Temp\7zS01A4A1ED\installer.exe --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=130.0.5847.58 --initial-client-data=0x29c,0x2ac,0x2b0,0x284,0x2b4,0x7ff73f42e6d8,0x7ff73f42e6e4,0x7ff73f42e6f0C:\Users\admin\AppData\Local\Temp\7zS01A4A1ED\installer.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\temp\7zs01a4a1ed\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2652"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:address-bar-intent-competitors=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:cashback-assistant=off --with-feature:certificate-transparency-enforcement=on --with-feature:continue-filter=on --with-feature:domain-suggestions-competitors=on --with-feature:domain-suggestions-with-misspells=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-add-partners-attributions=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --ab-tests=GXCTest25-test:DNA-99214_GXCTest25 --metrics-shmem-handle=2436,i,10695300440740267223,2293776365602145685,524288 --field-trial-handle=1936,i,7605871748341891809,17279613040864989549,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor,PermissionElement,PlatformSoftwareH264EncoderInGpu --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,SkiaGraphite,SyncWorkspacesInSessions --variations-seed-version --pseudonymization-salt-handle=1940,i,17392131711254414478,12141127619987456878,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2456 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\130.0.5847.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2876"C:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\installer.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\installer.exeinstaller.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 opera gx installer temp\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4324"C:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\opera_package_202604171835361\assistant\assistant_installer.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\opera_package_202604171835361\assistant\assistant_installer.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Browser Assistant Installer
Exit code:
0
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 opera gx installer temp\opera_package_202604171835361\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4336"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --streamC:\Users\admin\AppData\Local\Programs\Opera GX\opera.exebrowser_assistant.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Internet Browser
Exit code:
0
Version:
130.0.5847.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\130.0.5847.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
Total events
17 319
Read events
17 188
Write events
121
Delete events
10

Modification events

(PID) Process:(7224) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7224) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7224) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4708) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(6592) installer.exeKey:HKEY_CLASSES_ROOT\Opera GXStable
Operation:writeName:FriendlyTypeName
Value:
Opera GX Web Document
(PID) Process:(6592) installer.exeKey:HKEY_CLASSES_ROOT\Opera GXStable
Operation:writeName:URL Protocol
Value:
(PID) Process:(6592) installer.exeKey:HKEY_CLASSES_ROOT\.gxanimations\OpenWithProgIDs
Operation:writeName:Opera GXStable
Value:
(PID) Process:(6592) installer.exeKey:HKEY_CLASSES_ROOT\.opdownload\OpenWithProgIDs
Operation:writeName:Opera GXStable
Value:
(PID) Process:(6592) installer.exeKey:HKEY_CLASSES_ROOT\.htm\OpenWithProgids
Operation:writeName:Opera GXStable
Value:
(PID) Process:(6592) installer.exeKey:HKEY_CLASSES_ROOT\.html\OpenWithProgids
Operation:writeName:Opera GXStable
Value:
Executable files
35
Suspicious files
364
Text files
234
Unknown types
3

Dropped files

PID
Process
Filename
Type
7224installer.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\Opera_GX_130.0.5847.58_Autoupdate_x64[1].exe
MD5:
SHA256:
7224installer.exeC:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\opera_package_202604171835361\opera_package
MD5:
SHA256:
2576OperaGXSetup.exeC:\Users\admin\AppData\Local\Temp\7zS01A4A1ED\installer.exeexecutable
MD5:00960BB6459D87C6C2074E9807CFA485
SHA256:FFE37C5E6519B2992735665C5001C9364824B2148BAEB6AC8799CA7F208AE00E
7224installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\819F061E7E96737A1F8899F54577F194_E518283D6FFE49F982551655D964F960binary
MD5:CD8AC44FD8F922A1757D0AE426884C27
SHA256:56E2F52EA2B19258F6ED5AB439B72D51A5799F8B288F01CFADA02F33C9B0D5F3
7224installer.exeC:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\installer.exeexecutable
MD5:00960BB6459D87C6C2074E9807CFA485
SHA256:FFE37C5E6519B2992735665C5001C9364824B2148BAEB6AC8799CA7F208AE00E
7224installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CB77E3D8FE906716C4DEE1FAFFCB74A5binary
MD5:9FD770B1715E63815171F3ADABA63D30
SHA256:15D27C741BE1D085749B8C2F9C5403B6A09810B997B12EC5D7DDDB628F555A11
7224installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:3CBF92BBA1AFE033CB5C6462ECE21425
SHA256:662FE4F0D70B97C5E844DCBFEED07E1742AFB5DF5C1A4F0BBED46643BAAA4E89
7224installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141binary
MD5:AD5D0A6456C9AFFE2D0FCCA59F5D0EBD
SHA256:1345D234AF619F656CB2940AB028EAE20FF4375EB8DA1834A02599D3C10E02B6
7224installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:047F3E9D21D6B325D592B1959E4362E6
SHA256:D2BB091268ADE68AD8121D2184D0FBCE128070156304BD4DE312E6FBD267409C
7224installer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_B7ED31D77D311A56FDCB56A0083B3E0Bbinary
MD5:43C0B6601673F27FAFDCD8A05575133B
SHA256:F3E35F2C7EB2292711518623BF5078F569FBD8F6D58AC3A9AC215110C4CD2480
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
134
DNS requests
112
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7224
installer.exe
GET
404
104.18.24.17:443
https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_HVR_9571_WEB_3753&utm_medium=pa&utm_source=PWNgames&product=gx&channel=Stable&client=netinstaller&edition=std-2
US
unknown
7224
installer.exe
GET
302
82.145.216.49:443
https://download.opera.com/download/get/?id=77359&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_US_HVR_9571_WEB_3753&utm_id=ec8393b1199940eda9967bea1c5e98a7&utm_lastpage=opera.com/get/opera-gx&utm_medium=pa&utm_site=opera_com&utm_source=PWNgames&niuid=1cc2008f-744c-40b8-949e-1905907a2ab4
NO
unknown
7224
installer.exe
GET
2.16.241.210:443
https://download3.operacdn.com/ftp/pub/opera_gx/130.0.5847.58/win/Opera_GX_130.0.5847.58_Autoupdate_x64.exe
NL
unknown
7224
installer.exe
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
NO
text
36 b
unknown
7224
installer.exe
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
NO
text
36 b
unknown
7224
installer.exe
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
NO
text
36 b
unknown
7224
installer.exe
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
NO
text
36 b
unknown
7224
installer.exe
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA7EEe3wAvcwNsTl1C8%2BNPI%3D
NL
binary
471 b
whitelisted
7224
installer.exe
GET
200
23.11.41.157:80
http://statusd.digitalcertvalidation.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRNolijWxrE%2B4oss3hMFE8Heagz1AQU9VYiH9m%2Fa1kkUrDhas3A4Vdn6egCEAaV2Cvjf8%2BY2vZ6CGdVSuk%3D
NL
binary
471 b
unknown
7224
installer.exe
GET
200
142.251.20.94:80
http://c.pki.goog/r/gsr1.crl
US
binary
1.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6260
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7224
installer.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
NO-OPERA
NO
whitelisted
7224
installer.exe
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
7224
installer.exe
185.26.182.124:443
autoupdate.opera.com
NO-OPERA
NO
whitelisted
7224
installer.exe
107.167.96.31:443
features.opera-api2.com
OPERASOFTWARE
US
whitelisted
7224
installer.exe
104.18.24.17:443
api.config.opr.gg
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 20.73.194.208
  • 51.104.136.2
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
google.com
  • 142.251.20.138
  • 142.251.20.139
  • 142.251.20.101
  • 142.251.20.100
  • 142.251.20.113
  • 142.251.20.102
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
ocsp.digicert.com
  • 23.11.41.157
whitelisted
statusd.digitalcertvalidation.com
  • 23.11.41.157
whitelisted
autoupdate.opera.com
  • 185.26.182.124
  • 185.26.182.123
whitelisted
features.opera-api2.com
  • 107.167.96.31
  • 107.167.96.44
  • 107.167.96.30
  • 107.167.96.43
  • 185.26.182.118
  • 185.26.182.93
  • 185.26.182.106
  • 185.26.182.94
  • 185.26.182.111
  • 185.26.182.112
whitelisted
api.config.opr.gg
  • 104.18.24.17
  • 104.18.25.17
whitelisted
c.pki.goog
  • 142.251.20.94
whitelisted

Threats

PID
Process
Class
Message
5800
opera.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
5800
opera.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6260
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Process
Message
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
assistant_installer.exe
[0417/183547.460:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:171] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\opera_package_202604171835361\assistant\assistant_installer.exe" --version
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
assistant_installer.exe
[0417/183602.404:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:171] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\5f852725-9275-4d68-a3ff-5ab1abb76998 Opera GX Installer Temp\opera_package_202604171835361\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX\assistant" --copyonly=0 --allusers=0
assistant_installer.exe
[0417/183602.436:INFO:opera\desktop\windows\assistant\installer\assistant_installer.cc:312] Setting up the registry
assistant_installer.exe
[0417/183602.529:INFO:opera\desktop\windows\assistant\installer\assistant_installer.cc:264] Running Assistant from: C:\Users\admin\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup.exe