File name:

OperaInstaller.exe

Full analysis: https://app.any.run/tasks/ac222c11-86a1-44f7-8dd8-fb5e93ec4c5e
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: April 26, 2025, 20:48:13
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
opera
tool
discord
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

9476256F46500D7B10360680EC8E473B

SHA1:

2A7379C294A646D5A9B930FAB23E652D68873906

SHA256:

5255AA5F489C656C6BA3557C47AA26805C7C5B29C8E5E107C87DCDC9B08ACBE8

SSDEEP:

6144:fVNDuHmByrOPrDsBkfJfWQs/yO0DDDDDDDDDDDgrDDDDDDXfKBS/:dN/BU+rwBkh+QzDDDDDDDDDDDgrDDDDx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • setup.exe (PID: 7892)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 8064)
      • setup.exe (PID: 8116)
      • assistant_installer.exe (PID: 7216)
      • assistant_installer.exe (PID: 6272)
      • installer.exe (PID: 208)
      • installer.exe (PID: 5400)
      • assistant_installer.exe (PID: 3156)
      • assistant_installer.exe (PID: 2664)
      • assistant_installer.exe (PID: 7228)
      • assistant_installer.exe (PID: 6048)
      • opera_crashreporter.exe (PID: 7820)
      • opera.exe (PID: 7456)
      • opera_crashreporter.exe (PID: 7244)
      • opera_crashreporter.exe (PID: 8204)
      • opera.exe (PID: 8332)
      • opera_crashreporter.exe (PID: 8368)
      • opera.exe (PID: 7452)
      • opera.exe (PID: 8576)
      • opera_crashreporter.exe (PID: 8624)
      • browser_assistant.exe (PID: 3032)
      • browser_assistant.exe (PID: 7276)
      • opera.exe (PID: 7224)
      • opera_crashreporter.exe (PID: 8768)
      • opera.exe (PID: 8748)
      • opera_crashreporter.exe (PID: 8908)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 7892)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 8064)
      • setup.exe (PID: 8116)
      • assistant_installer.exe (PID: 7216)
      • assistant_installer.exe (PID: 6272)
      • installer.exe (PID: 208)
      • installer.exe (PID: 5400)
      • assistant_installer.exe (PID: 2664)
      • assistant_installer.exe (PID: 3156)
      • assistant_installer.exe (PID: 6048)
      • assistant_installer.exe (PID: 7228)
      • opera_crashreporter.exe (PID: 7820)
      • opera_crashreporter.exe (PID: 7244)
      • opera.exe (PID: 7452)
      • opera.exe (PID: 7456)
      • opera_crashreporter.exe (PID: 8204)
      • opera.exe (PID: 8332)
      • opera_crashreporter.exe (PID: 8368)
      • opera.exe (PID: 7224)
      • opera_crashreporter.exe (PID: 8624)
      • browser_assistant.exe (PID: 3032)
      • opera.exe (PID: 8576)
      • opera_crashreporter.exe (PID: 8768)
      • opera.exe (PID: 8748)
      • opera_crashreporter.exe (PID: 8908)
      • browser_assistant.exe (PID: 7276)

    • Changes the autorun value in the registry

      • assistant_installer.exe (PID: 2664)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaInstaller.exe (PID: 7444)
      • OpInst.exe (PID: 7740)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 7892)
      • setup.exe (PID: 8008)
      • setup.exe (PID: 8064)
      • setup.exe (PID: 8116)
      • Assistant_118.0.5461.41_Setup.exe_sfx.exe (PID: 2600)
      • installer.exe (PID: 208)
      • installer.exe (PID: 5400)
      • assistant_installer.exe (PID: 2664)
      • installer.exe (PID: 8688)
      • opera_autoupdate.exe (PID: 7200)
      • installer.exe (PID: 3992)
      • opera.exe (PID: 9116)
      • opera.exe (PID: 8876)
      • OperaInstaller.exe (PID: 5960)
      • OpInst.exe (PID: 472)
      • installer.exe (PID: 8672)
      • setup.exe (PID: 3956)
      • setup.exe (PID: 9412)
      • setup.exe (PID: 9484)
      • setup.exe (PID: 9544)
      • Assistant_118.0.5461.41_Setup.exe_sfx.exe (PID: 10116)
      • opera.exe (PID: 9744)
      • setup.exe (PID: 9292)
      • opera.exe (PID: 9512)

    • Reads security settings of Internet Explorer

      • OperaInstaller.exe (PID: 7444)
      • setup.exe (PID: 7804)
      • installer.exe (PID: 5400)
      • browser_assistant.exe (PID: 7276)

    • Application launched itself

      • setup.exe (PID: 7804)
      • setup.exe (PID: 8064)
      • assistant_installer.exe (PID: 7216)
      • installer.exe (PID: 5400)
      • assistant_installer.exe (PID: 2664)
      • assistant_installer.exe (PID: 6048)
      • browser_assistant.exe (PID: 7276)
      • opera.exe (PID: 7224)
      • installer.exe (PID: 8672)
      • opera_autoupdate.exe (PID: 4608)
      • opera_autoupdate.exe (PID: 7200)
      • setup.exe (PID: 3956)
      • opera.exe (PID: 8876)
      • setup.exe (PID: 9484)
      • assistant_installer.exe (PID: 10236)

    • Starts itself from another location

      • setup.exe (PID: 7804)
      • setup.exe (PID: 3956)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 7804)
      • setup.exe (PID: 7892)
      • setup.exe (PID: 8064)
      • setup.exe (PID: 8116)

    • Process drops legitimate windows executable

      • Assistant_118.0.5461.41_Setup.exe_sfx.exe (PID: 2600)
      • assistant_installer.exe (PID: 2664)
      • Assistant_118.0.5461.41_Setup.exe_sfx.exe (PID: 10116)

    • Creates a software uninstall entry

      • installer.exe (PID: 5400)

    • Searches for installed software

      • installer.exe (PID: 5400)
      • browser_assistant.exe (PID: 7276)

    • Reads the date of Windows installation

      • installer.exe (PID: 5400)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 7200)

  • INFO

    • Checks proxy server information

      • OperaInstaller.exe (PID: 7444)
      • setup.exe (PID: 7804)
      • opera.exe (PID: 7224)
      • browser_assistant.exe (PID: 7276)

    • Reads the computer name

      • OperaInstaller.exe (PID: 7444)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 8064)
      • assistant_installer.exe (PID: 7216)
      • installer.exe (PID: 5400)
      • assistant_installer.exe (PID: 2664)
      • assistant_installer.exe (PID: 6048)
      • opera.exe (PID: 7224)
      • browser_assistant.exe (PID: 7276)
      • opera.exe (PID: 7452)
      • opera.exe (PID: 7456)
      • opera.exe (PID: 8316)
      • opera.exe (PID: 8324)
      • opera.exe (PID: 8332)
      • opera.exe (PID: 8576)
      • opera.exe (PID: 8876)
      • opera.exe (PID: 8748)

    • Creates files or folders in the user directory

      • OperaInstaller.exe (PID: 7444)
      • setup.exe (PID: 7892)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 8064)
      • installer.exe (PID: 5400)
      • assistant_installer.exe (PID: 2664)
      • opera.exe (PID: 7224)
      • browser_assistant.exe (PID: 7276)

    • Reads the software policy settings

      • OperaInstaller.exe (PID: 7444)
      • setup.exe (PID: 7804)
      • installer.exe (PID: 5400)

    • Reads the machine GUID from the registry

      • OperaInstaller.exe (PID: 7444)
      • setup.exe (PID: 7804)
      • installer.exe (PID: 5400)
      • opera.exe (PID: 7224)

    • Create files in a temporary directory

      • OperaInstaller.exe (PID: 7444)
      • OpInst.exe (PID: 7740)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 7892)
      • setup.exe (PID: 8064)
      • setup.exe (PID: 8008)
      • Assistant_118.0.5461.41_Setup.exe_sfx.exe (PID: 2600)
      • installer.exe (PID: 5400)
      • installer.exe (PID: 208)
      • setup.exe (PID: 8116)
      • opera.exe (PID: 7224)

    • Checks supported languages

      • OperaInstaller.exe (PID: 7444)
      • OpInst.exe (PID: 7740)
      • setup.exe (PID: 7892)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 8008)
      • setup.exe (PID: 8116)
      • setup.exe (PID: 8064)
      • Assistant_118.0.5461.41_Setup.exe_sfx.exe (PID: 2600)
      • assistant_installer.exe (PID: 7216)
      • assistant_installer.exe (PID: 6272)
      • installer.exe (PID: 5400)
      • installer.exe (PID: 208)
      • assistant_installer.exe (PID: 3156)
      • assistant_installer.exe (PID: 6048)
      • assistant_installer.exe (PID: 2664)
      • assistant_installer.exe (PID: 7228)
      • opera.exe (PID: 7456)
      • opera_crashreporter.exe (PID: 7820)
      • browser_assistant.exe (PID: 3032)
      • opera_crashreporter.exe (PID: 8204)
      • opera_crashreporter.exe (PID: 7244)
      • opera.exe (PID: 7452)
      • opera.exe (PID: 8332)
      • opera.exe (PID: 8316)
      • opera_crashreporter.exe (PID: 8368)
      • opera.exe (PID: 8324)
      • opera.exe (PID: 7224)
      • opera_crashreporter.exe (PID: 8624)
      • opera.exe (PID: 8420)
      • opera.exe (PID: 8576)
      • browser_assistant.exe (PID: 7276)
      • opera_crashreporter.exe (PID: 8768)
      • opera.exe (PID: 8876)
      • opera_crashreporter.exe (PID: 8908)
      • opera.exe (PID: 8748)

    • Process checks computer location settings

      • OperaInstaller.exe (PID: 7444)
      • opera.exe (PID: 7224)

    • The sample compiled with english language support

      • OpInst.exe (PID: 7740)
      • setup.exe (PID: 7892)
      • setup.exe (PID: 8064)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 8116)
      • Assistant_118.0.5461.41_Setup.exe_sfx.exe (PID: 2600)
      • installer.exe (PID: 208)
      • installer.exe (PID: 5400)
      • assistant_installer.exe (PID: 2664)
      • setup.exe (PID: 8008)
      • installer.exe (PID: 8688)
      • opera_autoupdate.exe (PID: 7200)
      • installer.exe (PID: 3992)
      • OpInst.exe (PID: 472)
      • installer.exe (PID: 8672)
      • setup.exe (PID: 9292)
      • setup.exe (PID: 9412)
      • setup.exe (PID: 9484)
      • setup.exe (PID: 9544)
      • opera.exe (PID: 9744)
      • Assistant_118.0.5461.41_Setup.exe_sfx.exe (PID: 10116)
      • setup.exe (PID: 3956)
      • opera.exe (PID: 9512)

    • Application launched itself

      • firefox.exe (PID: 6660)
      • firefox.exe (PID: 6252)

    • Manual execution by a user

      • firefox.exe (PID: 6660)
      • assistant_installer.exe (PID: 6048)

    • OPERA mutex has been found

      • opera.exe (PID: 7224)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:11 00:41:00+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.41
CodeSize: 87040
InitializedDataSize: 74240
UninitializedDataSize: -
EntryPoint: 0x4757
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
312
Monitored processes
177
Malicious processes
31
Suspicious processes
2

Behavior graph

Click at the process to see the details
start operainstaller.exe sppextcomobj.exe no specs slui.exe opinst.exe setup.exe setup.exe setup.exe setup.exe setup.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs assistant_118.0.5461.41_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe firefox.exe no specs firefox.exe no specs installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs assistant_installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe browser_assistant.exe opera.exe opera.exe opera_crashreporter.exe opera_crashreporter.exe browser_assistant.exe opera.exe opera_crashreporter.exe opera.exe no specs opera.exe no specs opera.exe opera_crashreporter.exe opera.exe no specs opera.exe opera_crashreporter.exe opera.exe opera_crashreporter.exe opera.exe opera_crashreporter.exe unsecapp.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs firefox.exe no specs opera_gx_splash.exe no specs slui.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe opera_autoupdate.exe opera_autoupdate.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe firefox.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs operainstaller.exe opinst.exe opera.exe no specs setup.exe opera.exe no specs setup.exe setup.exe setup.exe setup.exe opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs assistant_118.0.5461.41_setup.exe_sfx.exe opera.exe no specs opera.exe no specs opera.exe no specs assistant_installer.exe no specs assistant_installer.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs firefox.exe no specs opera.exe no specs opera.exe no specs opera.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
208C:\Users\admin\AppData\Local\Programs\Opera\118.0.5461.60\installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=118.0.5461.60 --initial-client-data=0x298,0x29c,0x2a0,0x25c,0x2a4,0x7ffc8594d908,0x7ffc8594d914,0x7ffc8594d920C:\Users\admin\AppData\Local\Programs\Opera\118.0.5461.60\installer.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Exit code:
0
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\programs\opera\118.0.5461.60\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
472"C:\Users\admin\AppData\Local\Temp\OpInst.exe" /allusers=0 /silentC:\Users\admin\AppData\Local\Temp\OpInst.exe
OperaInstaller.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Exit code:
128
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\temp\opinst.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
496C:\Users\admin\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Default" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Default\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Default\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=118.0.5461.60 --initial-client-data=0x250,0x254,0x258,0x20c,0x25c,0x7ff77ca2b3a8,0x7ff77ca2b3b4,0x7ff77ca2b3c0C:\Users\admin\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exeopera_autoupdate.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera auto-updater
Exit code:
0
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\programs\opera\autoupdate\opera_autoupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
896"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=7576,i,12306946449926048856,1246474629289586708,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\118.0.5461.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
968"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8692,i,12306946449926048856,1246474629289586708,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=8392 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\118.0.5461.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1004"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --field-trial-handle=9488,i,12306946449926048856,1246474629289586708,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7120 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\118.0.5461.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1096"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --field-trial-handle=3056,i,12306946449926048856,1246474629289586708,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3280 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\118.0.5461.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1348"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=8676,i,12306946449926048856,1246474629289586708,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7564 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\118.0.5461.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1532"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --field-trial-handle=7544,i,12306946449926048856,1246474629289586708,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1660"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2740 -childID 1 -isForBrowser -prefsHandle 2752 -prefMapHandle 2780 -prefsLen 31447 -prefMapSize 244583 -jsInitHandle 1436 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad2eb55d-9956-4ee0-97fd-de1a511dea2d} 6252 "\\.\pipe\gecko-crash-server-pipe.6252" 2922fe97f50 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140_1.dll
Total events
60 185
Read events
59 035
Write events
1 127
Delete events
23

Modification events

(PID) Process:(7444) OperaInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7444) OperaInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7444) OperaInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(8064) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera\
(PID) Process:(7804) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7804) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7804) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6252) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(5400) installer.exeKey:HKEY_CLASSES_ROOT\OperaStable
Operation:writeName:URL Protocol
Value:
(PID) Process:(5400) installer.exeKey:HKEY_CLASSES_ROOT\.opdownload\OpenWithProgIDs
Operation:writeName:OperaStable
Value:
Executable files
67
Suspicious files
1 122
Text files
576
Unknown types
0

Dropped files

PID
Process
Filename
Type
7444OperaInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:7BB7B0D9E0AA062A2A35582EBC4A58E1
SHA256:C644ADFA13A52F43BC7FF47928A2FF5FD01CBA001C264D524BF4F065C5235C9C
7444OperaInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:4A90329071AE30B759D279CCA342B0A6
SHA256:4F544379EDA8E2653F71472AB968AEFD6B5D1F4B3CE28A5EDB14196184ED3B60
7444OperaInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:1FBB37F79B317A9A248E7C4CE4F5BAC5
SHA256:9BF639C595FE335B6F694EE35990BEFD2123F5E07FD1973FF619E3FC88F5F49F
7444OperaInstaller.exeC:\Users\admin\AppData\Local\Temp\bg.pngimage
MD5:21EB6B8232802F32B6483EEDB96677BB
SHA256:1464A14A35131D5BD81B618A169401EBA231DAF63A78B18BE3C431EA514ED122
8008setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504262048267358008.dllexecutable
MD5:55CEC3336E5ED25B591AE49FB363A94C
SHA256:CF3D6B4A391325A017E5E5677CC2B3F7025B492FE61CAD3DBBC1C17896D07006
7804setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504262048257047804.dllexecutable
MD5:55CEC3336E5ED25B591AE49FB363A94C
SHA256:CF3D6B4A391325A017E5E5677CC2B3F7025B492FE61CAD3DBBC1C17896D07006
6252firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
7804setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_9AD8E6D69BA520C5190A9B86E29789D5binary
MD5:3E9FBEEECE9E97EAAA154BD520B74050
SHA256:3CB5BAC8253E19A9CDBD034AE26F3A0948E914424B375D9638C4084FFD6F1E55
7444OperaInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:6483A1D77DB78CF4856E94A98A7692CA
SHA256:C4409F89A4E2269ECC7B06F9F1A3C34D4FC14FC94C42A17786CB75D7202D24A5
7804setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_9AD8E6D69BA520C5190A9B86E29789D5binary
MD5:65A362E3516D513F4295B72C9265901E
SHA256:F8222B97C67F57F34EFA85DE22B2540D5E2059B9329A8BC4A05D81B8FD36EAC9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
67
TCP/UDP connections
337
DNS requests
329
Threats
168

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.215.121.133:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
93.186.134.81:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
93.186.134.81:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7444
OperaInstaller.exe
GET
200
172.217.16.195:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
7444
OperaInstaller.exe
GET
200
172.217.16.195:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
7444
OperaInstaller.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6544
svchost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7804
setup.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEA17ZgsSl63KHstWnAbUez0%3D
unknown
whitelisted
7804
setup.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAsA6S1NbXMfyjBZx8seGIY%3D
unknown
whitelisted
6252
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
93.186.134.81:80
crl.microsoft.com
TELECOM ITALIA SPARKLE S.p.A.
IT
whitelisted
5496
MoUsoCoreWorker.exe
93.186.134.81:80
crl.microsoft.com
TELECOM ITALIA SPARKLE S.p.A.
IT
whitelisted
23.215.121.133:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7444
OperaInstaller.exe
104.26.10.119:443
opera-download.work.ink
CLOUDFLARENET
US
suspicious
7444
OperaInstaller.exe
172.217.16.195:80
c.pki.goog
GOOGLE
US
whitelisted
4
System
192.168.100.255:138
whitelisted
7444
OperaInstaller.exe
104.26.11.119:443
opera-download.work.ink
CLOUDFLARENET
US
suspicious

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 93.186.134.81
  • 2.18.31.10
whitelisted
google.com
  • 142.250.184.238
whitelisted
www.microsoft.com
  • 23.215.121.133
  • 23.38.73.129
whitelisted
opera-download.work.ink
  • 104.26.10.119
  • 104.26.11.119
  • 172.67.69.160
unknown
c.pki.goog
  • 172.217.16.195
whitelisted
work.ink
  • 104.26.11.119
  • 172.67.69.160
  • 104.26.10.119
unknown
net.geo.opera.com
  • 185.26.182.112
  • 185.26.182.111
whitelisted
ocsp.digicert.com
  • 23.63.118.230
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
9116
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
9116
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
9116
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
9116
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
9116
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
9116
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
9116
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
9116
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
9116
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaInstaller.exe