File name:

OperaGXSetup.exe

Full analysis: https://app.any.run/tasks/c23cebba-795f-4f9e-aff8-7d0061a2bd80
Verdict: Malicious activity
Analysis date: December 14, 2024, 05:22:38
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

A05765164A443CCE47DA0C1197F05132

SHA1:

001CDFD9F2B25013B0067059F8EFFD9FDFBB655E

SHA256:

4E4F751C3452BA755844C4EBDA93E0DE734D8FE7CA61AD103D991A4295BCFB82

SSDEEP:

98304:ywyWSeMgtOGg5W0wnjpicZiMq0Y6CsMPqVDsC/9cXPcWayHMz3sa391BWIbZFJub:yI91qN4zou+p

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • setup.exe (PID: 6512)
      • OperaGXSetup.exe (PID: 6476)
      • setup.exe (PID: 6996)
      • setup.exe (PID: 6628)
      • setup.exe (PID: 7020)
      • setup.exe (PID: 6236)
      • setup.exe (PID: 5464)
      • setup.exe (PID: 6548)

    • Starts itself from another location

      • setup.exe (PID: 6512)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6512)

    • Checks Windows Trust Settings

      • setup.exe (PID: 6512)

    • Application launched itself

      • setup.exe (PID: 6996)
      • setup.exe (PID: 6236)
      • setup.exe (PID: 6512)

  • INFO

    • Creates files or folders in the user directory

      • setup.exe (PID: 6548)
      • setup.exe (PID: 6512)

    • Checks supported languages

      • setup.exe (PID: 6548)
      • setup.exe (PID: 6512)
      • OperaGXSetup.exe (PID: 6476)
      • setup.exe (PID: 6628)
      • setup.exe (PID: 6996)
      • setup.exe (PID: 7020)
      • setup.exe (PID: 6236)
      • setup.exe (PID: 5464)
      • identity_helper.exe (PID: 5080)
      • identity_helper.exe (PID: 1576)

    • Reads the computer name

      • setup.exe (PID: 6512)
      • setup.exe (PID: 6996)
      • setup.exe (PID: 6236)
      • identity_helper.exe (PID: 5080)
      • identity_helper.exe (PID: 1576)

    • The sample compiled with english language support

      • setup.exe (PID: 6548)
      • setup.exe (PID: 6512)
      • OperaGXSetup.exe (PID: 6476)
      • setup.exe (PID: 6628)
      • setup.exe (PID: 6996)
      • setup.exe (PID: 5464)
      • setup.exe (PID: 6236)
      • setup.exe (PID: 7020)

    • Create files in a temporary directory

      • setup.exe (PID: 6548)
      • setup.exe (PID: 6512)
      • setup.exe (PID: 6628)
      • setup.exe (PID: 6996)
      • setup.exe (PID: 7020)
      • setup.exe (PID: 6236)
      • setup.exe (PID: 5464)
      • OperaGXSetup.exe (PID: 6476)

    • Checks proxy server information

      • setup.exe (PID: 6512)

    • Reads the software policy settings

      • setup.exe (PID: 6512)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6512)

    • Application launched itself

      • msedge.exe (PID: 6348)
      • msedge.exe (PID: 6388)

    • Reads Environment values

      • identity_helper.exe (PID: 5080)
      • identity_helper.exe (PID: 1576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

Stream: Stable
Productname: Opera installer
LegalCopyright: Opera Software 2024
CompanyName:
FileDescription: Opera installer SFX
ProductVersion: 115.0.5322.89
FileVersion: 115.0.5322.89
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Unknown
FileOS: Windows NT 32-bit
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 115.0.5322.89
FileVersionNumber: 115.0.5322.89
Subsystem: Windows GUI
SubsystemVersion: 6
ImageVersion: -
OSVersion: 6
EntryPoint: 0x213c0
UninitializedDataSize: -
InitializedDataSize: 92672
CodeSize: 238080
LinkerVersion: 14.39
PEType: PE32
ImageFileCharacteristics: Executable, 32-bit
TimeStamp: 2024:06:12 14:59:19+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
40
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start operagxsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe setup.exe setup.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6476"C:\Users\admin\Desktop\OperaGXSetup.exe" C:\Users\admin\Desktop\OperaGXSetup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Version:
115.0.5322.89
Modules
Images
c:\users\admin\desktop\operagxsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6512C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe --server-tracking-blob=YzgzNTMxMWRjNzA2ZWJmYjhjZmUyZTg1YmQ2OGQzNGI3OWMwNmM4MDk0MjgzMDdiOTYyOGM1MDg3NWJiYzc0Zjp7ImNvdW50cnkiOiJVUyIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1vc2UmdXRtX2NhbXBhaWduPSUyOG5vbmUlMjkmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5nb29nbGUuY29tJTJGJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZ3gtYnJvd3NlciZkbF90b2tlbj01OTA1Nzk4OCIsInRpbWVzdGFtcCI6IjE3MzQxNTM3MjguNjYxNSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjguMC4wLjAgU2FmYXJpLzUzNy4zNiBPUFIvMTE0LjAuMC4wIChFZGl0aW9uIHN0ZC0xKSIsInV0bSI6eyJjYW1wYWlnbiI6Iihub25lKSIsImxhc3RwYWdlIjoib3BlcmEuY29tL2d4LWJyb3dzZXIiLCJtZWRpdW0iOiJvc2UiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiZ29vZ2xlIn0sInV1aWQiOiI1YzZmOWMyYy1hYjFkLTQwZGItOTQ1Mi01OGU5OGNjNWUzNzIifQ==C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe
OperaGXSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
115.0.5322.89
Modules
Images
c:\users\admin\appdata\local\temp\7zsc49c2403\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6548C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.89 --initial-client-data=0x338,0x33c,0x340,0x2fc,0x344,0x74d52d9c,0x74d52da8,0x74d52db4C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
115.0.5322.89
Modules
Images
c:\users\admin\appdata\local\temp\7zsc49c2403\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6628"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6996"C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6512 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241214052250" --session-guid=3d7fa704-fd09-4a4a-ac9e-ac0b87c3f2f1 --server-tracking-blob=NzI2Mzc3MDYyM2M3ZmE5MTJiYzYwYzBjNjlkNzEyYmUxODE2ODMwN2EyMDE1NmI0YTk4OTIxYmEyNzI4MDY4ODp7ImNvdW50cnkiOiJVUyIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1vc2UmdXRtX2NhbXBhaWduPSUyOG5vbmUlMjkmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5nb29nbGUuY29tJTJGJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZ3gtYnJvd3NlciZkbF90b2tlbj01OTA1Nzk4OCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczNDE1MzcyOC42NjE1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOC4wLjAuMCBTYWZhcmkvNTM3LjM2IE9QUi8xMTQuMC4wLjAgKEVkaXRpb24gc3RkLTEpIiwidXRtIjp7ImNhbXBhaWduIjoiKG5vbmUpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3gtYnJvd3NlciIsIm1lZGl1bSI6Im9zZSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJnb29nbGUifSwidXVpZCI6IjVjNmY5YzJjLWFiMWQtNDBkYi05NDUyLTU4ZTk4Y2M1ZTM3MiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=180A000000000000C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
120
Version:
115.0.5322.89
Modules
Images
c:\users\admin\appdata\local\temp\7zsc49c2403\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
7020C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.89 --initial-client-data=0x344,0x348,0x34c,0x318,0x350,0x724a2d9c,0x724a2da8,0x724a2db4C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
115.0.5322.89
Modules
Images
c:\users\admin\appdata\local\temp\7zsc49c2403\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6236"C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6512 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241214052250" --session-guid=3d7fa704-fd09-4a4a-ac9e-ac0b87c3f2f1 --server-tracking-blob=NzI2Mzc3MDYyM2M3ZmE5MTJiYzYwYzBjNjlkNzEyYmUxODE2ODMwN2EyMDE1NmI0YTk4OTIxYmEyNzI4MDY4ODp7ImNvdW50cnkiOiJVUyIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1vc2UmdXRtX2NhbXBhaWduPSUyOG5vbmUlMjkmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5nb29nbGUuY29tJTJGJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGZ3gtYnJvd3NlciZkbF90b2tlbj01OTA1Nzk4OCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczNDE1MzcyOC42NjE1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyOC4wLjAuMCBTYWZhcmkvNTM3LjM2IE9QUi8xMTQuMC4wLjAgKEVkaXRpb24gc3RkLTEpIiwidXRtIjp7ImNhbXBhaWduIjoiKG5vbmUpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3gtYnJvd3NlciIsIm1lZGl1bSI6Im9zZSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJnb29nbGUifSwidXVpZCI6IjVjNmY5YzJjLWFiMWQtNDBkYi05NDUyLTU4ZTk4Y2M1ZTM3MiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=500A000000000000C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
101
Version:
115.0.5322.89
Modules
Images
c:\users\admin\appdata\local\temp\7zsc49c2403\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
5464C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.89 --initial-client-data=0x34c,0x350,0x354,0x314,0x358,0x724a2d9c,0x724a2da8,0x724a2db4C:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
115.0.5322.89
Modules
Images
c:\users\admin\appdata\local\temp\7zsc49c2403\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6348"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller&arch=x64C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3952"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x31c,0x320,0x324,0x314,0x32c,0x7ff822245fd8,0x7ff822245fe4,0x7ff822245ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
9 595
Read events
9 567
Write events
27
Delete events
1

Modification events

(PID) Process:(6512) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6512) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6512) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6996) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(6996) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:delete valueName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(6512) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(6348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6348) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
Executable files
9
Suspicious files
62
Text files
67
Unknown types
0

Dropped files

PID
Process
Filename
Type
6996setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2412140523007426996.dllexecutable
MD5:BE12A3550124E852E52FA2EFFA9D48DA
SHA256:41D5B126B9D1885A0E4F42B67366CDE76ECB7573E93213AD6D6EF398D5787706
5464setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2412140524140215464.dllexecutable
MD5:BE12A3550124E852E52FA2EFFA9D48DA
SHA256:41D5B126B9D1885A0E4F42B67366CDE76ECB7573E93213AD6D6EF398D5787706
6348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF14c031.TMPtext
MD5:C5C8E14929BCE261B2B5B899CB479AF7
SHA256:73DBFF8A366CFF6972A38C091782EF62C89E28FDA1423A47448A60343F921754
6348msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:1C42329800C95BC1DB27E7657711FF1E
SHA256:D58993216FB0CBF52CED6DA4FCAEBFC8FCC7C1A37191954397BA77951B16BE9B
6548setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2412140522497106548.dllexecutable
MD5:BE12A3550124E852E52FA2EFFA9D48DA
SHA256:41D5B126B9D1885A0E4F42B67366CDE76ECB7573E93213AD6D6EF398D5787706
6996setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20241214052301319.logtext
MD5:40E1DD051C06EBC386F01184D7215E30
SHA256:57F04ED122D1D412C9DB3E31A3DCA2A8D2FD65FD5C6F41DA44A421DE75E00A95
6512setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeexecutable
MD5:49E7EBDA27B78F0995322E0FA63336B3
SHA256:4CB3D4754510E21DBD794A59EB47FF4D811064CCB9C74B02B1D62A96C9F2DE7D
6512setup.exeC:\Users\admin\AppData\Local\Temp\opera_installer_ui.lckbinary
MD5:DB233043573AEA54CE49988F0AA24D5C
SHA256:F346EC950791E014ED9754987FC9EE76D81283D10F622124889CDDA721E58536
6476OperaGXSetup.exeC:\Users\admin\AppData\Local\Temp\7zSC49C2403\setup.exeexecutable
MD5:49E7EBDA27B78F0995322E0FA63336B3
SHA256:4CB3D4754510E21DBD794A59EB47FF4D811064CCB9C74B02B1D62A96C9F2DE7D
6236setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2412140524137086236.dllexecutable
MD5:BE12A3550124E852E52FA2EFFA9D48DA
SHA256:41D5B126B9D1885A0E4F42B67366CDE76ECB7573E93213AD6D6EF398D5787706
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
85
DNS requests
39
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6512
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted
6512
setup.exe
185.26.182.123:443
autoupdate.geo.opera.com
Opera Software AS
whitelisted
6512
setup.exe
185.26.182.124:443
autoupdate.geo.opera.com
Opera Software AS
whitelisted
3976
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1016
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3848
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
www.bing.com
  • 2.23.209.185
  • 2.23.209.149
  • 2.23.209.189
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.179
  • 2.23.209.130
  • 2.23.209.182
  • 2.23.209.140
whitelisted
google.com
  • 142.250.184.206
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
autoupdate.geo.opera.com
  • 185.26.182.123
  • 185.26.182.124
whitelisted
autoupdate.opera.com
  • 185.26.182.124
  • 185.26.182.123
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
download.opera.com
  • 185.26.182.122
  • 185.26.182.117
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup.exe