download:

/opera_gx/stable/windows

Full analysis: https://app.any.run/tasks/33ff8ce1-36a3-4177-a91f-7a7a8bcd623b
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 17, 2024, 00:11:02
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
crypto-regex
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

AD6DF8486ACF8A517E6337FB4E5B871A

SHA1:

68F36C56891707B42F643E3A4437AF9CBCD76A49

SHA256:

93BA4167D95CCF30310F903E4A0E2846CC7ECEA315D6D078EC4E613E7D0DA99A

SSDEEP:

98304:4wyWSeMgtDPSookXf7Y0LiryIgVhO0GvMjmGoAcVgShPcOAIVI4JuIXa1B9U0gQ7:4Z/LCPws

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • opera.exe (PID: 6908)

    • Actions looks like stealing of personal data

      • opera.exe (PID: 6908)

    • Steals credentials from Web Browsers

      • opera.exe (PID: 6908)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • windows.exe (PID: 6368)
      • setup.exe (PID: 6412)
      • setup.exe (PID: 6448)
      • setup.exe (PID: 6528)
      • setup.exe (PID: 6216)
      • setup.exe (PID: 5064)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5084)
      • installer.exe (PID: 4088)
      • installer.exe (PID: 6152)
      • installer.exe (PID: 7628)
      • opera_autoupdate.exe (PID: 7808)
      • installer.exe (PID: 6824)
      • installer.exe (PID: 7524)
      • opera.exe (PID: 3900)

    • Application launched itself

      • setup.exe (PID: 6412)
      • setup.exe (PID: 6216)
      • installer.exe (PID: 4088)
      • assistant_installer.exe (PID: 4592)
      • opera.exe (PID: 6908)
      • installer.exe (PID: 7524)
      • opera_autoupdate.exe (PID: 7888)
      • opera_autoupdate.exe (PID: 7808)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 6412)
      • windows.exe (PID: 6368)
      • setup.exe (PID: 6448)
      • setup.exe (PID: 6528)
      • setup.exe (PID: 6216)
      • setup.exe (PID: 5064)
      • installer.exe (PID: 6152)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5084)
      • installer.exe (PID: 4088)
      • installer.exe (PID: 7524)
      • installer.exe (PID: 7628)
      • opera_autoupdate.exe (PID: 7808)
      • installer.exe (PID: 6824)
      • opera.exe (PID: 3900)

    • Starts itself from another location

      • setup.exe (PID: 6412)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6412)
      • installer.exe (PID: 4088)

    • Checks Windows Trust Settings

      • setup.exe (PID: 6412)

    • Searches for installed software

      • installer.exe (PID: 4088)

    • Creates a software uninstall entry

      • installer.exe (PID: 4088)

    • Reads the date of Windows installation

      • installer.exe (PID: 4088)
      • opera.exe (PID: 6908)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 7808)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 6908)

    • Connects to unusual port

      • opera.exe (PID: 7156)

    • Found regular expressions for crypto-addresses (YARA)

      • opera.exe (PID: 6908)

  • INFO

    • Checks supported languages

      • windows.exe (PID: 6368)
      • setup.exe (PID: 6412)
      • setup.exe (PID: 6216)
      • setup.exe (PID: 5064)
      • setup.exe (PID: 6448)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5084)
      • assistant_installer.exe (PID: 4592)
      • setup.exe (PID: 6528)
      • installer.exe (PID: 4088)
      • installer.exe (PID: 6152)
      • opera.exe (PID: 6908)
      • opera_crashreporter.exe (PID: 6328)
      • opera.exe (PID: 7104)
      • opera.exe (PID: 7156)
      • opera.exe (PID: 7160)
      • opera.exe (PID: 2960)
      • opera.exe (PID: 420)
      • opera.exe (PID: 3188)
      • opera.exe (PID: 3844)
      • opera.exe (PID: 6252)
      • opera.exe (PID: 1636)
      • opera.exe (PID: 4604)
      • opera_gx_splash.exe (PID: 6380)
      • opera.exe (PID: 6868)
      • opera.exe (PID: 1920)
      • opera.exe (PID: 6780)
      • opera.exe (PID: 6740)
      • opera.exe (PID: 6608)
      • opera.exe (PID: 6220)
      • opera.exe (PID: 6512)
      • opera.exe (PID: 2324)
      • opera.exe (PID: 3144)
      • opera.exe (PID: 2152)
      • opera.exe (PID: 4436)
      • opera.exe (PID: 2240)
      • opera.exe (PID: 1656)
      • assistant_installer.exe (PID: 5068)
      • opera.exe (PID: 2212)
      • opera.exe (PID: 2396)
      • TextInputHost.exe (PID: 2524)
      • opera.exe (PID: 2208)
      • opera.exe (PID: 4008)
      • opera.exe (PID: 6148)
      • installer.exe (PID: 7524)
      • opera.exe (PID: 7456)
      • opera.exe (PID: 7532)
      • installer.exe (PID: 7628)
      • opera.exe (PID: 7716)
      • opera.exe (PID: 7800)
      • opera.exe (PID: 7824)
      • opera.exe (PID: 7728)
      • opera.exe (PID: 7584)
      • opera_autoupdate.exe (PID: 7972)
      • opera.exe (PID: 7984)
      • opera_autoupdate.exe (PID: 7808)
      • opera.exe (PID: 7960)
      • opera.exe (PID: 8000)
      • opera.exe (PID: 8184)
      • opera_autoupdate.exe (PID: 7888)
      • opera.exe (PID: 7832)
      • opera_autoupdate.exe (PID: 5984)
      • opera.exe (PID: 5976)
      • opera.exe (PID: 5472)
      • opera.exe (PID: 6464)
      • opera.exe (PID: 3904)
      • opera.exe (PID: 7644)
      • opera.exe (PID: 6568)
      • opera.exe (PID: 6608)
      • opera.exe (PID: 7356)
      • opera.exe (PID: 7684)
      • opera.exe (PID: 7744)
      • opera.exe (PID: 7720)
      • opera.exe (PID: 7756)
      • opera.exe (PID: 8108)
      • opera.exe (PID: 8136)
      • opera.exe (PID: 3376)
      • opera.exe (PID: 7896)
      • opera.exe (PID: 6524)
      • opera.exe (PID: 4760)
      • opera.exe (PID: 4664)
      • opera.exe (PID: 6284)
      • opera.exe (PID: 5472)
      • opera.exe (PID: 3904)
      • opera.exe (PID: 7356)
      • opera.exe (PID: 7576)
      • opera.exe (PID: 7640)
      • opera.exe (PID: 7816)
      • opera.exe (PID: 7908)
      • opera.exe (PID: 7660)
      • opera.exe (PID: 7828)
      • installer.exe (PID: 6824)
      • opera.exe (PID: 7896)
      • opera.exe (PID: 2628)
      • opera.exe (PID: 1716)
      • opera.exe (PID: 8080)
      • opera.exe (PID: 1184)
      • opera.exe (PID: 7536)
      • opera.exe (PID: 7856)
      • opera.exe (PID: 7404)
      • opera.exe (PID: 7524)
      • opera.exe (PID: 3900)
      • opera.exe (PID: 6496)
      • opera.exe (PID: 7872)
      • opera.exe (PID: 8008)

    • Create files in a temporary directory

      • windows.exe (PID: 6368)
      • setup.exe (PID: 6448)
      • setup.exe (PID: 6412)
      • setup.exe (PID: 6528)
      • setup.exe (PID: 6216)
      • setup.exe (PID: 5064)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5084)
      • installer.exe (PID: 4088)
      • installer.exe (PID: 6152)
      • opera.exe (PID: 6908)
      • installer.exe (PID: 7524)
      • installer.exe (PID: 7628)
      • opera_autoupdate.exe (PID: 7808)
      • installer.exe (PID: 6824)

    • Reads the computer name

      • setup.exe (PID: 6412)
      • setup.exe (PID: 6216)
      • assistant_installer.exe (PID: 4592)
      • installer.exe (PID: 4088)
      • opera.exe (PID: 6908)
      • opera.exe (PID: 7104)
      • opera.exe (PID: 7156)
      • opera_gx_splash.exe (PID: 6380)
      • opera.exe (PID: 1656)
      • TextInputHost.exe (PID: 2524)
      • installer.exe (PID: 7524)
      • opera_autoupdate.exe (PID: 7888)
      • opera_autoupdate.exe (PID: 7808)
      • opera.exe (PID: 3144)

    • Creates files or folders in the user directory

      • setup.exe (PID: 6448)
      • setup.exe (PID: 6412)
      • setup.exe (PID: 6216)
      • installer.exe (PID: 4088)
      • opera.exe (PID: 6908)
      • opera.exe (PID: 7156)
      • opera_autoupdate.exe (PID: 7808)

    • Checks proxy server information

      • setup.exe (PID: 6412)
      • opera.exe (PID: 6908)
      • opera_autoupdate.exe (PID: 7888)
      • opera_autoupdate.exe (PID: 7808)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6412)
      • opera.exe (PID: 6908)
      • opera_autoupdate.exe (PID: 7888)
      • opera_autoupdate.exe (PID: 7972)
      • opera_autoupdate.exe (PID: 7808)
      • opera_autoupdate.exe (PID: 5984)

    • Reads the software policy settings

      • setup.exe (PID: 6412)

    • Process checks computer location settings

      • opera.exe (PID: 6908)
      • opera.exe (PID: 3188)
      • opera.exe (PID: 4604)
      • opera.exe (PID: 1920)
      • opera.exe (PID: 2212)
      • opera.exe (PID: 4436)
      • opera.exe (PID: 4008)
      • opera.exe (PID: 2396)
      • opera.exe (PID: 2152)
      • opera.exe (PID: 6868)
      • opera.exe (PID: 6780)
      • opera.exe (PID: 2240)
      • opera.exe (PID: 6148)
      • opera.exe (PID: 7456)
      • opera.exe (PID: 7800)
      • opera.exe (PID: 5976)
      • opera.exe (PID: 7684)
      • opera.exe (PID: 3904)
      • opera.exe (PID: 2324)
      • opera.exe (PID: 7640)
      • opera.exe (PID: 6524)
      • opera.exe (PID: 2208)
      • opera.exe (PID: 7828)
      • opera.exe (PID: 8080)
      • opera.exe (PID: 7524)

    • Reads CPU info

      • opera.exe (PID: 6908)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 112.0.5197.60
ProductVersionNumber: 112.0.5197.60
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 112.0.5197.60
ProductVersion: 112.0.5197.60
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2024
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
231
Monitored processes
106
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start windows.exe setup.exe setup.exe setup.exe setup.exe setup.exe opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe no specs installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs THREAT opera.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs textinputhost.exe no specs opera.exe no specs comppkgsrv.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe opera.exe no specs opera.exe no specs opera_autoupdate.exe opera.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3076,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3140 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1184"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7180,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1636"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3108,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3348 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1656"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6360,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1716"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8220,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1920"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3096,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2152"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=5624,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2208"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6604,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2212"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7000,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6876 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2240"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6340,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
31 358
Read events
29 477
Write events
1 859
Delete events
22

Modification events

(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6216) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(4088) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(4088) installer.exeKey:HKEY_CLASSES_ROOT\Opera GXStable
Operation:writeName:FriendlyTypeName
Value:
Opera GX Web Document
Executable files
30
Suspicious files
668
Text files
552
Unknown types
56

Dropped files

PID
Process
Filename
Type
6412setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2408170011102456412.dllexecutable
MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
SHA256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419der
MD5:8BE3C56854F6439DF964D9B572616F40
SHA256:A7094EA19610539B6339150D50213B7FCD354AFCA981477493F5B383A8A29408
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_17DD39A60A87A85D0DDEF9FD164BB3E9binary
MD5:A279FF1DE6F2FB275E6BF16D28C74DB7
SHA256:776F3FA96EB9C697E4E89C8F010A6A711676DE8DDAEC0B03F19DBD0E18135A2F
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:971C514F84BBA0785F80AA1C23EDFD79
SHA256:F157ED17FCAF8837FA82F8B69973848C9B10A02636848F995698212A08F31895
6412setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\Opera_GX_112.0.5197.60_Autoupdate_x64[1].exe
MD5:
SHA256:
6412setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408170011113\opera_package
MD5:
SHA256:
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:49F8B0D26EF80CC035E6ED4D5BAD374B
SHA256:583628EB4CE66C663B0CC375D28880E249530F64493C5FF578498F500FD4E8F4
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:8E31F2A8335D9159921373477D0A9320
SHA256:1419D7322F5737B6BEFF406148C536BA5D4B30B67D9C736D68D639036330B063
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_17DD39A60A87A85D0DDEF9FD164BB3E9binary
MD5:B0911A79E728ECE8AF6066D2EC21C1CA
SHA256:4910E94DE95698BCDAA7D39EBA1F48DB1AE1499F7978910E4895ADD0BF188F1B
6216setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2408170011191436216.dllexecutable
MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
SHA256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
142
DNS requests
192
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAfyOr5A1UWlCmQhXhy%2Bwwk%3D
unknown
whitelisted
6412
setup.exe
GET
200
142.250.201.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
6412
setup.exe
GET
200
142.250.201.163:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAsA6S1NbXMfyjBZx8seGIY%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA55q9FkBjzsPoBm2GCDxI4%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
232
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA0xwj6yJJzmEblT%2BxbqDSU%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
840
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6412
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
unknown
6412
setup.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6412
setup.exe
82.145.216.20:443
autoupdate.geo.opera.com
Opera Software AS
NO
unknown
4324
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6412
setup.exe
104.18.25.17:443
api.config.opr.gg
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 216.58.213.78
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
autoupdate.geo.opera.com
  • 82.145.216.20
  • 185.26.182.124
whitelisted
api.config.opr.gg
  • 104.18.25.17
unknown
features.opera-api2.com
  • 82.145.216.16
malicious
c.pki.goog
  • 142.250.201.163
whitelisted
download.opera.com
  • 185.26.182.117
whitelisted
download5.operacdn.com
  • 104.18.10.89
malicious

Threats

No threats detected
Process
Message
assistant_installer.exe
[0817/001419.339:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408170011113\assistant\assistant_installer.exe" --version
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/opera_gx/stable/windows