File name:

OperaSetup.exe

Full analysis: https://app.any.run/tasks/548efc9e-3fb0-4c93-bb3d-adc9776a1233
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: February 24, 2025, 16:09:41
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

48C139E2FDF0553C22262D52B7292548

SHA1:

E1028F2C990C3B90886B4D3A2BD10B75CE5C8E4A

SHA256:

5BBA243FC9DDEE39BA58B6934D962E07CA95B38DBC745F85A8697A91B64EB8F5

SSDEEP:

98304:ewyWSeMgtcJqde5aoa1n58efCOhqxYtCVRI+5wy1jfPvqze6i6s8wG9jEPZA7fmC:e+gU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • setup.exe (PID: 6456)
      • setup.exe (PID: 6480)
      • setup.exe (PID: 3952)
      • setup.exe (PID: 6368)
      • installer.exe (PID: 4764)
      • assistant_installer.exe (PID: 3524)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 6456)
      • setup.exe (PID: 6480)
      • setup.exe (PID: 6368)
      • setup.exe (PID: 3952)
      • installer.exe (PID: 4764)
      • assistant_installer.exe (PID: 5592)
      • assistant_installer.exe (PID: 3524)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaSetup.exe (PID: 6424)
      • setup.exe (PID: 6480)
      • setup.exe (PID: 6456)
      • setup.exe (PID: 6560)
      • setup.exe (PID: 3952)
      • setup.exe (PID: 6368)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 3988)
      • installer.exe (PID: 4764)
      • assistant_installer.exe (PID: 6712)
      • installer.exe (PID: 5256)

    • Application launched itself

      • setup.exe (PID: 6456)
      • setup.exe (PID: 6368)
      • installer.exe (PID: 5256)
      • assistant_installer.exe (PID: 6712)
      • assistant_installer.exe (PID: 5592)
      • assistant_installer.exe (PID: 5340)

    • Starts itself from another location

      • setup.exe (PID: 6456)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 6456)
      • setup.exe (PID: 6480)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6456)

    • Checks Windows Trust Settings

      • setup.exe (PID: 6456)

    • Process drops legitimate windows executable

      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 3988)
      • assistant_installer.exe (PID: 6712)

  • INFO

    • Create files in a temporary directory

      • OperaSetup.exe (PID: 6424)
      • setup.exe (PID: 6480)
      • setup.exe (PID: 6456)
      • setup.exe (PID: 3952)
      • setup.exe (PID: 6368)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 3988)

    • Checks supported languages

      • OperaSetup.exe (PID: 6424)
      • setup.exe (PID: 6480)
      • setup.exe (PID: 6456)
      • setup.exe (PID: 6560)
      • setup.exe (PID: 3952)
      • setup.exe (PID: 6368)

    • The sample compiled with english language support

      • OperaSetup.exe (PID: 6424)
      • setup.exe (PID: 6480)
      • setup.exe (PID: 6368)
      • setup.exe (PID: 6560)
      • setup.exe (PID: 3952)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 3988)
      • installer.exe (PID: 5256)
      • installer.exe (PID: 4764)
      • assistant_installer.exe (PID: 6712)
      • setup.exe (PID: 6456)

    • Reads the computer name

      • setup.exe (PID: 6456)

    • Creates files or folders in the user directory

      • setup.exe (PID: 6456)
      • setup.exe (PID: 6480)
      • setup.exe (PID: 6368)

    • Checks proxy server information

      • setup.exe (PID: 6456)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6456)

    • Reads the software policy settings

      • setup.exe (PID: 6456)

    • Manual execution by a user

      • assistant_installer.exe (PID: 5340)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:58:14+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 113152
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 117.0.5408.35
ProductVersionNumber: 117.0.5408.35
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 117.0.5408.35
ProductVersion: 117.0.5408.35
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2025
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
145
Monitored processes
19
Malicious processes
9
Suspicious processes
1

Behavior graph

Click at the process to see the details
start operasetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe assistant_117.0.5408.35_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs assistant_installer.exe assistant_installer.exe no specs assistant_installer.exe assistant_installer.exe no specs browser_assistant.exe no specs opera.exe no specs opera.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
640"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --streamC:\Users\admin\AppData\Local\Programs\Opera\opera.exebrowser_assistant.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Version:
117.0.5408.39
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3524"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=117.0.5408.35 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0xf63d24,0xf63d30,0xf63d3cC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\assistant\assistant_installer.exe
assistant_installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Browser Assistant Installer
Exit code:
0
Version:
117.0.5408.35
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\opera_package_202502241609501\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3952C:\Users\admin\AppData\Local\Temp\7zS819A4003\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=117.0.5408.35 --initial-client-data=0x344,0x348,0x34c,0x31c,0x350,0x729170f4,0x72917100,0x7291710cC:\Users\admin\AppData\Local\Temp\7zS819A4003\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
117.0.5408.35
Modules
Images
c:\users\admin\appdata\local\temp\7zs819a4003\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
3988"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\assistant\Assistant_117.0.5408.35_Setup.exe_sfx.exe"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\assistant\Assistant_117.0.5408.35_Setup.exe_sfx.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Exit code:
0
Version:
117.0.5408.35
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\opera_package_202502241609501\assistant\assistant_117.0.5408.35_setup.exe_sfx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4528C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}C:\Windows\SysWOW64\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ucrtbase.dll
4536"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --ran-launcher --install-extension="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\be76331b95dfc399cd776d2fc68021e0db03cc4f.crx"C:\Users\admin\AppData\Local\Programs\Opera\opera.exeinstaller.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Version:
117.0.5408.39
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4764C:\Users\admin\AppData\Local\Programs\Opera\117.0.5408.39\installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=117.0.5408.39 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0x7ff8215ac3d8,0x7ff8215ac3e4,0x7ff8215ac3f0C:\Users\admin\AppData\Local\Programs\Opera\117.0.5408.39\installer.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
117.0.5408.39
Modules
Images
c:\users\admin\appdata\local\programs\opera\117.0.5408.39\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5256"C:\Users\admin\AppData\Local\Programs\Opera\117.0.5408.39\installer.exe" --backend --initial-pid=6456 --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --show-intro-overlay --package-dir="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501" --session-guid=ee8322d3-b55d-4712-932c-bff75c99b7ce --server-tracking-blob="MjhhNDYwMTcyODMzZWU5Y2I3MGFkYWY4NGIwZTMyM2Q3NDZkYmZmMDM3YjkzZjM2YmU5M2UzNTQ2NGYwMTQ0NTp7ImNvdW50cnkiOiJGUiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy4wMW5ldC5jb20vdGVsZWNoYXJnZXIvbXVsdGltZWRpYS9sZWN0ZXVyc192aWRlb19kdmQvdmxjLW1lZGlhLXBsYXllci5odG1sIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhIn0sInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9a2VsZW9wcyZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249MDFuZXRfZGkiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3NDAzOTU0OTMuNjk0NyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzMuMC4wLjAgU2FmYXJpLzUzNy4zNiBFZGcvMTMzLjAuMC4wIiwidXRtIjp7ImNhbXBhaWduIjoiMDFuZXRfZGkiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJrZWxlb3BzIn0sInV1aWQiOiJlMWNlMzFhYi1kMDE0LTQ5YzQtYjk5Ny1kNTk0ZjJmMmI3MDIifQ== " --desktopshortcut=1 --install-subfolder=117.0.5408.39C:\Users\admin\AppData\Local\Programs\Opera\117.0.5408.39\installer.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
117.0.5408.39
Modules
Images
c:\users\admin\appdata\local\programs\opera\117.0.5408.39\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5340"C:\Users\admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0C:\Users\admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
explorer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Browser Assistant Installer
Exit code:
0
Version:
117.0.5408.35
Modules
Images
c:\users\admin\appdata\local\programs\opera\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5592"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\assistant\assistant_installer.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\assistant\assistant_installer.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Browser Assistant Installer
Exit code:
0
Version:
117.0.5408.35
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\opera_package_202502241609501\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
8 851
Read events
8 782
Write events
65
Delete events
4

Modification events

(PID) Process:(6456) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6456) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6456) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6368) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera\
(PID) Process:(5256) installer.exeKey:HKEY_CLASSES_ROOT\.shtml\OpenWithProgIDs
Operation:writeName:OperaStable
Value:
(PID) Process:(5256) installer.exeKey:HKEY_CLASSES_ROOT\.xht\OpenWithProgIDs
Operation:writeName:OperaStable
Value:
(PID) Process:(5256) installer.exeKey:HKEY_CLASSES_ROOT\.xhtml\OpenWithProgIDs
Operation:writeName:OperaStable
Value:
(PID) Process:(5256) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\opera.exe
Operation:writeName:Path
Value:
"C:\Users\admin\AppData\Local\Programs\Opera"
(PID) Process:(5256) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Operation:writeName:C:\Users\admin\AppData\Local\Programs\Opera\opera.exe
Value:
32
(PID) Process:(5256) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Operation:writeName:FavoritesResolve
Value:
B20200004C0000000114020000000000C00000000000004683008000200000002A04B02FAAB7D801B3D1B42FAAB7D80155FC7D2FAAB7D8014209000000000000010000000000000000000000000000001E013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D3012EDF76ACA9B7D801F568B22FAAB7D8011400560031000000000018555D5911005461736B42617200400009000400EFBE274B1B4018555D592E000000058A0200000005000000000000000000000000000000D6C802005400610073006B00420061007200000016008C0032004209000018555D5920004D4943524F537E312E4C4E4B0000560009000400EFBE18555D5918555D592E0000006FC50000000004000000000000000000000000000000ABD034004D006900630072006F0073006F0066007400200045006400670065002E006C006E006B0000001C001A0000001D00EFBE02004D005300450064006700650000001C0000009D0000001C000000010000001C0000002D000000000000009C0000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C4D6963726F736F667420456467652E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B799805F4440C69C23ED11B4AB18F7786F96EE64D4FD8DD0913E488A778CA768B799805F4440C69C23ED11B4AB18F7786F96EE45000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000725E5C2FA985EB1190A89A9B76358421000000000000000000000000210300004C0000000114020000000000C00000000000004683008000200000007D43EB6CAF27D3017D43EB6CAF27D301DD21942857DFD1019701000000000000010000000000000000000000000000008E013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301FEE1E86CAF27D301FEE1E86CAF27D30114005600310000000000274B1B4011005461736B42617200400009000400EFBE274B1B40274B1B402E000000A88E0100000001000000000000000000000000000000833BF4005400610073006B0042006100720000001600FC00320097010000F048555D200046494C4545587E312E4C4E4B00007C0009000400EFBE274B1B40274B1B402E000000A98E01000000010000000000000000005200000000002383CF00460069006C00650020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00220000001E00EFBE02005500730065007200500069006E006E006500640000001C00420000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F0072006500720000001C0000009C0000001C000000010000001C0000002D000000000000009B0000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C46696C65204578706C6F7265722E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B79980ABF5E88CA293E711B4245254004AAD1164D4FD8DD0913E488A778CA768B79980ABF5E88CA293E711B4245254004AAD1145000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000B52F24F3000000000000501F00000000000000000000000000000000D10200004C0000000114020000000000C0000000000000468300800020000000EFB59A0A457AD701EFB59A0A457AD70139686D0A457AD701ED030000000000000100000000000000000000000000000044013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301929B4CECC1D0D301929B4CECC1D0D30114005600310000000000F052496A11005461736B42617200400009000400EFBE274B1B40F052496A2E00000058CC0300000003000000000000000000000000000000119300005400610073006B0042006100720000001600B2003200ED030000F052496A200046697265666F782E6C6E6B00480009000400EFBEF052496AF052496A2E000000ABAB0000000004000000000000000000000000000000C7E02D00460069007200650066006F0078002E006C006E006B0000001A00220000001E00EFBE02005500730065007200500069006E006E006500640000001A002E0000001D00EFBE0200330030003800300034003600420030004100460034004100330039004300420000001A000000960000001C000000010000001C0000002D00000000000000950000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C46697265666F782E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B799804A4DEABB37E6EB11B47718F7786F96EE64D4FD8DD0913E488A778CA768B799804A4DEABB37E6EB11B47718F7786F96EE45000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000725E5C2FA985EB1190A89A9B76358421000000000000000000000000270300004C0000000114020000000000C0000000000000468300800020000000333846AAD686DB01A69E48AAD686DB016BF437AAD686DB0164050000000000000100000000000000000000000000000094013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D3012EDF76ACA9B7D801A69E48AAD686DB0114005600310000000000045718B911005461736B42617200400009000400EFBE274B1B40585A58812E000000058A020000000500000000000000000000000000000011121E015400610073006B00420061007200000016000201320064050000585A588120004F50455241427E312E4C4E4B0000540009000400EFBE585A5881585A58812E000000C7610500000009000000000000000000000000000000953F54004F0070006500720061002000420072006F0077007300650072002E006C006E006B0000001C00220000001E00EFBE02005500730065007200500069006E006E006500640000001C00120000002B00EFBEA69E48AAD686DB011C005E0000001D00EFBE02004F00700065007200610053006F006600740077006100720065002E004F007000650072006100570065006200420072006F0077007300650072002E00310037003400300034003100330034003400370000001C0000009C0000001C000000010000001C0000002D000000000000009B0000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C4F706572612042726F777365722E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B799807CA219C786A5EF11B4EA18F7786F96EE64D4FD8DD0913E488A778CA768B799807CA219C786A5EF11B4EA18F7786F96EE45000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000725E5C2FA985EB1190A89A9B76358421000000000000000000000000
Executable files
23
Suspicious files
42
Text files
32
Unknown types
1

Dropped files

PID
Process
Filename
Type
6456setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\Opera_117.0.5408.39_Autoupdate_x64[1].exe
MD5:
SHA256:
6456setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\opera_package
MD5:
SHA256:
6480setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2502241609502586480.dllexecutable
MD5:5C66D96605693EFA042794DEA65755BC
SHA256:1799D9EB2D3629DCF180574928EF8409B67909BC4833B38B7F30994BACB5117B
6456setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exeexecutable
MD5:3731F55225C035F864A16A4D11072534
SHA256:9EADB7E5B0DD86FBC94B8343AA2DC9D09A5CCB79736CD04C99850147595ACE9E
6456setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.datbinary
MD5:ACB9DDCC018FA083F6D7A5FE7C676BB5
SHA256:464EA1ADB3D21FB0DD094F4C02C47E96BFEFA044315FD31FB973A4D0DA7716F1
6456setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:481AB8E57F3EFCE41FE127A00C7C6C4D
SHA256:0FC3ED33373F4656886F3D1B87429D92A461D066EE30F53A2E55768E7293BC7B
6456setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_9AD8E6D69BA520C5190A9B86E29789D5binary
MD5:D78B2AEF1B49C273B7C69866E2915E70
SHA256:16D65E1CF727EC2840A8A2F4DB2A8EFCBB572B0136B09AB4D9431829DE8E3335
6424OperaSetup.exeC:\Users\admin\AppData\Local\Temp\7zS819A4003\setup.exeexecutable
MD5:3731F55225C035F864A16A4D11072534
SHA256:9EADB7E5B0DD86FBC94B8343AA2DC9D09A5CCB79736CD04C99850147595ACE9E
6456setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:11C5BD694BA64BFB68BD46F55563659A
SHA256:A09C306A350A47207156E933C93E57FFB10CF7E86AAE3581C846B22C816922EA
6456setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_9AD8E6D69BA520C5190A9B86E29789D5binary
MD5:B3C093CDB826AD8282359ED5925F6C4C
SHA256:EFF01D5149E1D42B4CC8BEF6AC96DDAF77053F8F4A9580C266F934C0D30D0E3F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
46
DNS requests
29
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6456
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAkd76%2BHl%2BdEje5x5DkdF8w%3D
unknown
whitelisted
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6456
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6456
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEA17ZgsSl63KHstWnAbUez0%3D
unknown
whitelisted
6456
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAsA6S1NbXMfyjBZx8seGIY%3D
unknown
whitelisted
1744
SIHClient.exe
GET
200
104.119.109.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6456
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
104.126.37.162:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
440
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6456
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted
6456
setup.exe
185.26.182.123:443
autoupdate.opera.com
Opera Software AS
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 104.126.37.162
  • 104.126.37.160
  • 104.126.37.161
  • 104.126.37.144
  • 104.126.37.170
  • 104.126.37.147
  • 104.126.37.154
  • 104.126.37.163
  • 104.126.37.153
whitelisted
google.com
  • 172.217.16.206
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 184.30.131.245
whitelisted
crl.microsoft.com
  • 23.48.23.166
  • 23.48.23.177
  • 23.48.23.147
  • 23.48.23.164
  • 23.48.23.150
  • 23.48.23.190
  • 23.48.23.162
  • 23.48.23.176
  • 23.48.23.183
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 104.119.109.218
whitelisted
autoupdate.opera.com
  • 185.26.182.123
  • 185.26.182.124
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
features.opera-api2.com
  • 82.145.216.15
  • 82.145.216.16
malicious
download.opera.com
  • 82.145.216.49
  • 82.145.216.24
  • 82.145.216.48
  • 82.145.216.23
whitelisted
download5.operacdn.com
  • 104.18.11.89
  • 104.18.10.89
malicious

Threats

No threats detected
Process
Message
assistant_installer.exe
[0224/161021.916:INFO:assistant_installer_main.cc(168)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\assistant\assistant_installer.exe" --version
assistant_installer.exe
[0224/161048.874:INFO:assistant_installer_main.cc(168)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502241609501\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
assistant_installer.exe
[0224/161049.041:INFO:assistant_installer.cc(306)] Setting up the registry
assistant_installer.exe
[0224/161049.261:INFO:assistant_installer.cc(357)] Creating scheduled task
assistant_installer.exe
[0224/161049.338:INFO:assistant_installer_main.cc(168)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0
assistant_installer.exe
[0224/161049.338:INFO:assistant_installer.cc(265)] Running Assistant
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaSetup.exe