File name:

OperaGXSetup (1).exe

Full analysis: https://app.any.run/tasks/812bec88-92df-4f45-bb98-1ee6cd9d3cb4
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: September 14, 2024, 04:35:21
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

5F77CF95D830F730D7FFA0886B3CBB92

SHA1:

596A6AFA3883489BF63014FC8705DB39B03A725A

SHA256:

6631EEBADF234A21304E3DC64E46789ECAA87F9484630F3DDC56A036D565E0B3

SSDEEP:

98304:dwyWSeMgtwZmKvdiCw0nITVNVYGHGmmmHuWyjB7AhrDFQCV/tkT2Yma+xzMOG5nM:d58Q6jP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • opera.exe (PID: 1280)

    • Actions looks like stealing of personal data

      • opera.exe (PID: 1280)

    • Steals credentials from Web Browsers

      • opera.exe (PID: 1280)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaGXSetup (1).exe (PID: 780)
      • setup.exe (PID: 6444)
      • setup.exe (PID: 32)
      • setup.exe (PID: 2892)
      • setup.exe (PID: 6204)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 876)
      • installer.exe (PID: 4080)
      • installer.exe (PID: 2684)
      • setup.exe (PID: 5220)
      • installer.exe (PID: 1184)
      • installer.exe (PID: 6424)
      • opera_autoupdate.exe (PID: 3176)
      • installer.exe (PID: 7704)

    • Starts itself from another location

      • setup.exe (PID: 5220)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 5220)
      • installer.exe (PID: 2684)
      • opera.exe (PID: 7436)

    • Checks Windows Trust Settings

      • setup.exe (PID: 5220)

    • Application launched itself

      • setup.exe (PID: 6204)
      • assistant_installer.exe (PID: 4820)
      • installer.exe (PID: 2684)
      • opera.exe (PID: 1280)
      • setup.exe (PID: 5220)
      • opera_autoupdate.exe (PID: 3176)
      • opera_autoupdate.exe (PID: 2568)
      • installer.exe (PID: 1184)

    • Creates a software uninstall entry

      • installer.exe (PID: 2684)

    • Searches for installed software

      • installer.exe (PID: 2684)

    • Reads the date of Windows installation

      • installer.exe (PID: 2684)
      • opera.exe (PID: 1280)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 3176)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 1280)

  • INFO

    • Create files in a temporary directory

      • OperaGXSetup (1).exe (PID: 780)
      • setup.exe (PID: 6444)
      • setup.exe (PID: 32)
      • setup.exe (PID: 2892)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 876)
      • setup.exe (PID: 6204)
      • installer.exe (PID: 4080)
      • installer.exe (PID: 2684)
      • opera.exe (PID: 1280)
      • setup.exe (PID: 5220)
      • installer.exe (PID: 1184)
      • installer.exe (PID: 6424)
      • opera_autoupdate.exe (PID: 3176)
      • installer.exe (PID: 7704)

    • Checks supported languages

      • OperaGXSetup (1).exe (PID: 780)
      • setup.exe (PID: 6444)
      • setup.exe (PID: 32)
      • setup.exe (PID: 6204)
      • setup.exe (PID: 2892)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 876)
      • assistant_installer.exe (PID: 4820)
      • assistant_installer.exe (PID: 3028)
      • installer.exe (PID: 2684)
      • installer.exe (PID: 4080)
      • opera_crashreporter.exe (PID: 5244)
      • opera.exe (PID: 3832)
      • opera.exe (PID: 6656)
      • opera.exe (PID: 964)
      • opera.exe (PID: 5900)
      • opera.exe (PID: 5988)
      • opera.exe (PID: 1280)
      • opera.exe (PID: 7036)
      • opera.exe (PID: 5064)
      • opera_gx_splash.exe (PID: 6784)
      • opera.exe (PID: 4024)
      • opera.exe (PID: 5172)
      • opera.exe (PID: 1840)
      • opera.exe (PID: 6356)
      • opera.exe (PID: 6888)
      • opera.exe (PID: 2520)
      • opera.exe (PID: 3028)
      • opera.exe (PID: 2992)
      • opera.exe (PID: 1104)
      • opera.exe (PID: 752)
      • opera.exe (PID: 4128)
      • opera.exe (PID: 2148)
      • opera.exe (PID: 4060)
      • opera.exe (PID: 3268)
      • opera.exe (PID: 6580)
      • opera.exe (PID: 4080)
      • setup.exe (PID: 5220)
      • opera.exe (PID: 6552)
      • opera.exe (PID: 7036)
      • opera.exe (PID: 740)
      • opera.exe (PID: 1108)
      • opera.exe (PID: 6864)
      • opera.exe (PID: 936)
      • opera.exe (PID: 5344)
      • opera.exe (PID: 6976)
      • opera.exe (PID: 7004)
      • opera.exe (PID: 5140)
      • opera.exe (PID: 3964)
      • opera.exe (PID: 7024)
      • opera.exe (PID: 6608)
      • opera.exe (PID: 4060)
      • opera.exe (PID: 7004)
      • opera.exe (PID: 752)
      • opera.exe (PID: 788)
      • installer.exe (PID: 1184)
      • opera.exe (PID: 1020)
      • opera.exe (PID: 3036)
      • opera.exe (PID: 3140)
      • opera.exe (PID: 6976)
      • opera.exe (PID: 6792)
      • opera.exe (PID: 6996)
      • opera.exe (PID: 4760)
      • opera_autoupdate.exe (PID: 3176)
      • opera_autoupdate.exe (PID: 2568)
      • opera_autoupdate.exe (PID: 2032)
      • opera_autoupdate.exe (PID: 7004)
      • installer.exe (PID: 6424)
      • opera.exe (PID: 7204)
      • opera.exe (PID: 7248)
      • opera.exe (PID: 7264)
      • opera.exe (PID: 7436)
      • opera.exe (PID: 5484)
      • opera.exe (PID: 7592)
      • opera.exe (PID: 7636)
      • installer.exe (PID: 7704)
      • opera.exe (PID: 7872)
      • opera.exe (PID: 7740)
      • opera.exe (PID: 7776)
      • opera.exe (PID: 7816)
      • opera.exe (PID: 7916)
      • opera.exe (PID: 7516)
      • opera.exe (PID: 7552)
      • opera.exe (PID: 3696)
      • opera.exe (PID: 8024)
      • opera.exe (PID: 8064)
      • opera.exe (PID: 8076)
      • opera.exe (PID: 8140)
      • opera.exe (PID: 7332)
      • opera.exe (PID: 2056)
      • opera.exe (PID: 4604)
      • opera.exe (PID: 4276)
      • opera.exe (PID: 7448)
      • opera.exe (PID: 7004)
      • opera.exe (PID: 7472)
      • opera.exe (PID: 7988)
      • opera.exe (PID: 7188)
      • opera.exe (PID: 8180)
      • opera.exe (PID: 4996)
      • opera.exe (PID: 5888)
      • opera.exe (PID: 7788)
      • opera.exe (PID: 6968)
      • opera.exe (PID: 7856)
      • opera.exe (PID: 7580)
      • opera.exe (PID: 7544)

    • Reads the computer name

      • setup.exe (PID: 5220)
      • setup.exe (PID: 6204)
      • assistant_installer.exe (PID: 4820)
      • installer.exe (PID: 2684)
      • opera.exe (PID: 1280)
      • opera.exe (PID: 6656)
      • opera.exe (PID: 3832)
      • opera_gx_splash.exe (PID: 6784)
      • opera.exe (PID: 3028)
      • opera.exe (PID: 4128)
      • opera_autoupdate.exe (PID: 3176)
      • opera_autoupdate.exe (PID: 2568)
      • installer.exe (PID: 1184)
      • opera.exe (PID: 7436)

    • Creates files or folders in the user directory

      • setup.exe (PID: 6444)
      • setup.exe (PID: 5220)
      • setup.exe (PID: 6204)
      • installer.exe (PID: 2684)
      • opera.exe (PID: 1280)
      • opera.exe (PID: 6656)
      • opera.exe (PID: 7436)
      • opera_autoupdate.exe (PID: 3176)

    • Checks proxy server information

      • setup.exe (PID: 5220)
      • opera.exe (PID: 1280)
      • opera_autoupdate.exe (PID: 2568)
      • opera.exe (PID: 7436)
      • opera_autoupdate.exe (PID: 3176)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 5220)
      • opera.exe (PID: 1280)
      • opera_autoupdate.exe (PID: 3176)
      • opera_autoupdate.exe (PID: 2032)
      • opera_autoupdate.exe (PID: 2568)
      • opera_autoupdate.exe (PID: 7004)

    • Reads the software policy settings

      • setup.exe (PID: 5220)

    • Sends debugging messages

      • assistant_installer.exe (PID: 4820)

    • Process checks computer location settings

      • opera.exe (PID: 1280)
      • opera.exe (PID: 6888)
      • opera.exe (PID: 4024)
      • opera.exe (PID: 3696)
      • opera.exe (PID: 5172)
      • opera.exe (PID: 1840)
      • opera.exe (PID: 2520)
      • opera.exe (PID: 752)
      • opera.exe (PID: 1104)
      • opera.exe (PID: 6552)
      • opera.exe (PID: 2148)
      • opera.exe (PID: 4080)
      • opera.exe (PID: 6580)
      • opera.exe (PID: 6864)
      • opera.exe (PID: 5344)
      • opera.exe (PID: 3140)
      • opera.exe (PID: 7248)
      • opera.exe (PID: 7332)
      • opera.exe (PID: 4996)
      • opera.exe (PID: 7916)
      • opera.exe (PID: 7856)
      • opera.exe (PID: 7788)
      • opera.exe (PID: 6968)

    • The process uses the downloaded file

      • opera.exe (PID: 7436)
      • opera.exe (PID: 1280)

    • Reads CPU info

      • opera.exe (PID: 1280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 113.0.5230.75
ProductVersionNumber: 113.0.5230.75
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 113.0.5230.75
ProductVersion: 113.0.5230.75
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2024
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
231
Monitored processes
106
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start operagxsetup (1).exe setup.exe setup.exe setup.exe setup.exe setup.exe opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe no specs installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs opera.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs comppkgsrv.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe installer.exe opera_autoupdate.exe opera_autoupdate.exe no specs opera_autoupdate.exe opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
32"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
740"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:in-house-autocomplete-send=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=6212,i,18288763948910870393,2694180726656131127,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
113.0.5230.75
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\113.0.5230.75\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
752"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:in-house-autocomplete-send=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6364,i,18288763948910870393,2694180726656131127,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
113.0.5230.75
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\113.0.5230.75\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
752"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:in-house-autocomplete-send=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=8528,i,18288763948910870393,2694180726656131127,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8828 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
113.0.5230.75
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\113.0.5230.75\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
780"C:\Users\admin\AppData\Local\Temp\OperaGXSetup (1).exe" C:\Users\admin\AppData\Local\Temp\OperaGXSetup (1).exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Exit code:
0
Version:
113.0.5230.75
Modules
Images
c:\users\admin\appdata\local\temp\operagxsetup (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
788"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:in-house-autocomplete-send=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=3348,i,18288763948910870393,2694180726656131127,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7920 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
113.0.5230.75
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\113.0.5230.75\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
876"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409140435291\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409140435291\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Exit code:
0
Version:
73.0.3856.382
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\opera_package_202409140435291\assistant\opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
936"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:in-house-autocomplete-send=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=6788,i,18288763948910870393,2694180726656131127,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7032 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
113.0.5230.75
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\113.0.5230.75\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
964"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:in-house-autocomplete-send=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=2404,i,18288763948910870393,2694180726656131127,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
113.0.5230.75
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\113.0.5230.75\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1020"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-cms-configuration=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:in-house-autocomplete-send=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --field-trial-handle=5224,i,18288763948910870393,2694180726656131127,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8428 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
113.0.5230.75
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\113.0.5230.75\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
Total events
23 511
Read events
22 086
Write events
1 410
Delete events
15

Modification events

(PID) Process:(5220) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(5220) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(5220) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6204) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(2684) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(2684) installer.exeKey:HKEY_CLASSES_ROOT\Opera GXStable
Operation:writeName:FriendlyTypeName
Value:
Opera GX Web Document
(PID) Process:(2684) installer.exeKey:HKEY_CLASSES_ROOT\Opera GXStable
Operation:writeName:URL Protocol
Value:
(PID) Process:(2684) installer.exeKey:HKEY_CLASSES_ROOT\.gxanimations\OpenWithProgIDs
Operation:writeName:Opera GXStable
Value:
(PID) Process:(2684) installer.exeKey:HKEY_CLASSES_ROOT\.opdownload\OpenWithProgIDs
Operation:writeName:Opera GXStable
Value:
(PID) Process:(2684) installer.exeKey:HKEY_CLASSES_ROOT\.htm\OpenWithProgids
Operation:writeName:Opera GXStable
Value:
Executable files
32
Suspicious files
1 028
Text files
744
Unknown types
18

Dropped files

PID
Process
Filename
Type
5220setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\Opera_GX_113.0.5230.75_Autoupdate_x64[1].exe
MD5:
SHA256:
5220setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409140435291\opera_package
MD5:
SHA256:
780OperaGXSetup (1).exeC:\Users\admin\AppData\Local\Temp\7zSC03EF3D2\setup.exeexecutable
MD5:EB798E91D503B97614756193E195A7B1
SHA256:406B5EDBD94BC38CE345D3C0F34B6B5FCD0405BD290A2AD0FD55C08B0695EED8
5220setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419der
MD5:451472A81F1FDF3228F75901DF63A50A
SHA256:9C71D11A0796BC755AA8DFEA77DA4AFE79C99DE5C809A4F939E0CBACAA63C621
5220setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\features[1].jsonbinary
MD5:3EB7CE9952EF18653CEB183C2C648B61
SHA256:F31691B29AACB78D808D5261CA0D563A722CCF6A869A006B18D83FC592244153
6444setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2409140435284006444.dllexecutable
MD5:D9566EFEDB5EA286E12826594A40E623
SHA256:D09AF4042577F9C1C72863DF791B0114D25086CBF9FA3012B765157DDCBBDF33
5220setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.datbinary
MD5:7C9EF512AEADC90E64A3B46A7621374F
SHA256:04AAAB8ED0571DCFE4335161D0B23E7FAD02CF465283775C479C113715AE57FA
32setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_24091404352977532.dllexecutable
MD5:D9566EFEDB5EA286E12826594A40E623
SHA256:D09AF4042577F9C1C72863DF791B0114D25086CBF9FA3012B765157DDCBBDF33
5220setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:971C514F84BBA0785F80AA1C23EDFD79
SHA256:F157ED17FCAF8837FA82F8B69973848C9B10A02636848F995698212A08F31895
5220setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:0CA5FA664EBA5F858664253DD69FDC21
SHA256:F5B9FEA0A638F6E4F7F27CB55A1B619ED1A3BBEB6DB353EBDAE1FE874CC5B463
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
175
DNS requests
256
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5220
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAfyOr5A1UWlCmQhXhy%2Bwwk%3D
unknown
whitelisted
2120
MoUsoCoreWorker.exe
GET
200
23.61.81.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5220
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
GET
200
23.61.81.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5220
setup.exe
GET
200
216.58.212.3:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
5220
setup.exe
GET
200
216.58.212.3:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
5220
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
5220
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
5220
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA55q9FkBjzsPoBm2GCDxI4%3D
unknown
whitelisted
5220
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6232
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
23.61.81.171:80
www.microsoft.com
AKAMAI-AS
TR
whitelisted
23.61.81.171:80
www.microsoft.com
AKAMAI-AS
TR
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4324
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
5220
setup.exe
107.167.125.189:443
desktop-netinstaller-sub.osp.opera.software
OPERASOFTWARE
US
whitelisted
5220
setup.exe
107.167.96.38:443
autoupdate.geo.opera.com
OPERASOFTWARE
US
whitelisted

DNS requests

Domain
IP
Reputation
www.microsoft.com
  • 23.61.81.171
whitelisted
google.com
  • 216.58.212.14
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 107.167.125.189
whitelisted
autoupdate.geo.opera.com
  • 107.167.96.38
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
features.opera-api2.com
  • 107.167.96.30
malicious
api.config.opr.gg
  • 104.18.24.17
unknown
c.pki.goog
  • 216.58.212.3
whitelisted
download.opera.com
  • 107.167.96.36
whitelisted
settings-win.data.microsoft.com
  • 52.191.219.104
whitelisted

Threats

No threats detected
Process
Message
assistant_installer.exe
[0914/043707.042:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202409140435291\assistant\assistant_installer.exe" --version
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup (1).exe