download:

/opera_gx/stable/windows

Full analysis: https://app.any.run/tasks/33ff8ce1-36a3-4177-a91f-7a7a8bcd623b
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 17, 2024, 00:11:02
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
crypto-regex
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

AD6DF8486ACF8A517E6337FB4E5B871A

SHA1:

68F36C56891707B42F643E3A4437AF9CBCD76A49

SHA256:

93BA4167D95CCF30310F903E4A0E2846CC7ECEA315D6D078EC4E613E7D0DA99A

SSDEEP:

98304:4wyWSeMgtDPSookXf7Y0LiryIgVhO0GvMjmGoAcVgShPcOAIVI4JuIXa1B9U0gQ7:4Z/LCPws

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • opera.exe (PID: 6908)

    • Steals credentials from Web Browsers

      • opera.exe (PID: 6908)

    • Actions looks like stealing of personal data

      • opera.exe (PID: 6908)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • windows.exe (PID: 6368)
      • setup.exe (PID: 6412)
      • setup.exe (PID: 6448)
      • setup.exe (PID: 6528)
      • setup.exe (PID: 6216)
      • setup.exe (PID: 5064)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5084)
      • installer.exe (PID: 4088)
      • installer.exe (PID: 6152)
      • installer.exe (PID: 7524)
      • installer.exe (PID: 7628)
      • opera_autoupdate.exe (PID: 7808)
      • installer.exe (PID: 6824)
      • opera.exe (PID: 3900)

    • Executable content was dropped or overwritten

      • windows.exe (PID: 6368)
      • setup.exe (PID: 6448)
      • setup.exe (PID: 6412)
      • setup.exe (PID: 6528)
      • setup.exe (PID: 6216)
      • setup.exe (PID: 5064)
      • installer.exe (PID: 4088)
      • installer.exe (PID: 6152)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5084)
      • installer.exe (PID: 7524)
      • installer.exe (PID: 7628)
      • opera_autoupdate.exe (PID: 7808)
      • installer.exe (PID: 6824)
      • opera.exe (PID: 3900)

    • Starts itself from another location

      • setup.exe (PID: 6412)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6412)
      • installer.exe (PID: 4088)

    • Application launched itself

      • setup.exe (PID: 6412)
      • setup.exe (PID: 6216)
      • assistant_installer.exe (PID: 4592)
      • installer.exe (PID: 4088)
      • opera.exe (PID: 6908)
      • installer.exe (PID: 7524)
      • opera_autoupdate.exe (PID: 7888)
      • opera_autoupdate.exe (PID: 7808)

    • Checks Windows Trust Settings

      • setup.exe (PID: 6412)

    • Reads the date of Windows installation

      • installer.exe (PID: 4088)
      • opera.exe (PID: 6908)

    • Searches for installed software

      • installer.exe (PID: 4088)

    • Creates a software uninstall entry

      • installer.exe (PID: 4088)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 7808)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 6908)

    • Connects to unusual port

      • opera.exe (PID: 7156)

    • Found regular expressions for crypto-addresses (YARA)

      • opera.exe (PID: 6908)

  • INFO

    • Checks supported languages

      • setup.exe (PID: 6448)
      • windows.exe (PID: 6368)
      • setup.exe (PID: 6412)
      • setup.exe (PID: 6528)
      • setup.exe (PID: 6216)
      • setup.exe (PID: 5064)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5084)
      • assistant_installer.exe (PID: 4592)
      • assistant_installer.exe (PID: 5068)
      • installer.exe (PID: 4088)
      • installer.exe (PID: 6152)
      • opera.exe (PID: 6908)
      • opera_crashreporter.exe (PID: 6328)
      • opera.exe (PID: 7104)
      • opera.exe (PID: 7160)
      • opera.exe (PID: 2960)
      • opera.exe (PID: 7156)
      • opera.exe (PID: 420)
      • opera.exe (PID: 3844)
      • opera.exe (PID: 1636)
      • opera.exe (PID: 3188)
      • opera.exe (PID: 6252)
      • opera.exe (PID: 6740)
      • opera_gx_splash.exe (PID: 6380)
      • opera.exe (PID: 4604)
      • opera.exe (PID: 1920)
      • opera.exe (PID: 6780)
      • opera.exe (PID: 6868)
      • opera.exe (PID: 6608)
      • opera.exe (PID: 6220)
      • opera.exe (PID: 1656)
      • opera.exe (PID: 3144)
      • opera.exe (PID: 4436)
      • opera.exe (PID: 2240)
      • opera.exe (PID: 2324)
      • opera.exe (PID: 6512)
      • opera.exe (PID: 2152)
      • opera.exe (PID: 4008)
      • opera.exe (PID: 2212)
      • opera.exe (PID: 2208)
      • opera.exe (PID: 6148)
      • opera.exe (PID: 7456)
      • installer.exe (PID: 7524)
      • opera.exe (PID: 7532)
      • opera.exe (PID: 7584)
      • installer.exe (PID: 7628)
      • TextInputHost.exe (PID: 2524)
      • opera.exe (PID: 2396)
      • opera.exe (PID: 7728)
      • opera.exe (PID: 7716)
      • opera.exe (PID: 7800)
      • opera.exe (PID: 7832)
      • opera.exe (PID: 7824)
      • opera_autoupdate.exe (PID: 7888)
      • opera.exe (PID: 7960)
      • opera_autoupdate.exe (PID: 7972)
      • opera.exe (PID: 7984)
      • opera_autoupdate.exe (PID: 7808)
      • opera.exe (PID: 8000)
      • opera.exe (PID: 8184)
      • opera_autoupdate.exe (PID: 5984)
      • opera.exe (PID: 5976)
      • opera.exe (PID: 5472)
      • opera.exe (PID: 3904)
      • opera.exe (PID: 6464)
      • opera.exe (PID: 6568)
      • opera.exe (PID: 7684)
      • opera.exe (PID: 6608)
      • opera.exe (PID: 7356)
      • opera.exe (PID: 7644)
      • opera.exe (PID: 7744)
      • opera.exe (PID: 7720)
      • opera.exe (PID: 8008)
      • opera.exe (PID: 7756)
      • opera.exe (PID: 8108)
      • opera.exe (PID: 7896)
      • opera.exe (PID: 3376)
      • opera.exe (PID: 4664)
      • opera.exe (PID: 4760)
      • opera.exe (PID: 6524)
      • opera.exe (PID: 6284)
      • opera.exe (PID: 5472)
      • opera.exe (PID: 7356)
      • opera.exe (PID: 3904)
      • opera.exe (PID: 7576)
      • opera.exe (PID: 8136)
      • opera.exe (PID: 7660)
      • opera.exe (PID: 7908)
      • installer.exe (PID: 6824)
      • opera.exe (PID: 7896)
      • opera.exe (PID: 2628)
      • opera.exe (PID: 7816)
      • opera.exe (PID: 7640)
      • opera.exe (PID: 7828)
      • opera.exe (PID: 6496)
      • opera.exe (PID: 1184)
      • opera.exe (PID: 7536)
      • opera.exe (PID: 7856)
      • opera.exe (PID: 7872)
      • opera.exe (PID: 3900)
      • opera.exe (PID: 1716)
      • opera.exe (PID: 8080)
      • opera.exe (PID: 7404)
      • opera.exe (PID: 7524)

    • Create files in a temporary directory

      • setup.exe (PID: 6448)
      • windows.exe (PID: 6368)
      • setup.exe (PID: 6412)
      • setup.exe (PID: 6528)
      • setup.exe (PID: 6216)
      • setup.exe (PID: 5064)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 5084)
      • installer.exe (PID: 4088)
      • installer.exe (PID: 6152)
      • opera.exe (PID: 6908)
      • installer.exe (PID: 7524)
      • installer.exe (PID: 7628)
      • installer.exe (PID: 6824)
      • opera_autoupdate.exe (PID: 7808)

    • Creates files or folders in the user directory

      • setup.exe (PID: 6412)
      • setup.exe (PID: 6448)
      • setup.exe (PID: 6216)
      • installer.exe (PID: 4088)
      • opera.exe (PID: 6908)
      • opera.exe (PID: 7156)
      • opera_autoupdate.exe (PID: 7808)

    • Checks proxy server information

      • setup.exe (PID: 6412)
      • opera.exe (PID: 6908)
      • opera_autoupdate.exe (PID: 7888)
      • opera_autoupdate.exe (PID: 7808)

    • Reads the computer name

      • setup.exe (PID: 6412)
      • setup.exe (PID: 6216)
      • assistant_installer.exe (PID: 4592)
      • installer.exe (PID: 4088)
      • opera.exe (PID: 6908)
      • opera.exe (PID: 7104)
      • opera.exe (PID: 7156)
      • opera_gx_splash.exe (PID: 6380)
      • opera.exe (PID: 3144)
      • installer.exe (PID: 7524)
      • opera.exe (PID: 1656)
      • TextInputHost.exe (PID: 2524)
      • opera_autoupdate.exe (PID: 7888)
      • opera_autoupdate.exe (PID: 7808)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6412)
      • opera.exe (PID: 6908)
      • opera_autoupdate.exe (PID: 7888)
      • opera_autoupdate.exe (PID: 7972)
      • opera_autoupdate.exe (PID: 7808)
      • opera_autoupdate.exe (PID: 5984)

    • Reads the software policy settings

      • setup.exe (PID: 6412)

    • Process checks computer location settings

      • opera.exe (PID: 6908)
      • opera.exe (PID: 3188)
      • opera.exe (PID: 4604)
      • opera.exe (PID: 1920)
      • opera.exe (PID: 2208)
      • opera.exe (PID: 4008)
      • opera.exe (PID: 2240)
      • opera.exe (PID: 6780)
      • opera.exe (PID: 6868)
      • opera.exe (PID: 4436)
      • opera.exe (PID: 2152)
      • opera.exe (PID: 2212)
      • opera.exe (PID: 2324)
      • opera.exe (PID: 7456)
      • opera.exe (PID: 2396)
      • opera.exe (PID: 6148)
      • opera.exe (PID: 7800)
      • opera.exe (PID: 5976)
      • opera.exe (PID: 7684)
      • opera.exe (PID: 6524)
      • opera.exe (PID: 3904)
      • opera.exe (PID: 7640)
      • opera.exe (PID: 7828)
      • opera.exe (PID: 8080)
      • opera.exe (PID: 7524)

    • Reads CPU info

      • opera.exe (PID: 6908)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 112.0.5197.60
ProductVersionNumber: 112.0.5197.60
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 112.0.5197.60
ProductVersion: 112.0.5197.60
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2024
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
231
Monitored processes
106
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start windows.exe setup.exe setup.exe setup.exe setup.exe setup.exe opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe no specs installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs THREAT opera.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs textinputhost.exe no specs opera.exe no specs comppkgsrv.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe opera.exe no specs opera.exe no specs opera_autoupdate.exe opera.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3076,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3140 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1184"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7180,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1636"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3108,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3348 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1656"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6360,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1716"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8220,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1920"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3096,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2152"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=5624,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2208"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6604,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2212"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7000,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6876 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2240"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:capital-one-cashback-protection=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest25-ref:DNA-99214_GXCTest25,GXCTest50-test:DNA-99214_GXCTest50 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6340,i,6855301794695640658,3251488663744903038,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
112.0.5197.60
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\112.0.5197.60\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
31 358
Read events
29 477
Write events
1 859
Delete events
22

Modification events

(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6412) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6216) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(4088) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(4088) installer.exeKey:HKEY_CLASSES_ROOT\Opera GXStable
Operation:writeName:FriendlyTypeName
Value:
Opera GX Web Document
Executable files
30
Suspicious files
668
Text files
552
Unknown types
56

Dropped files

PID
Process
Filename
Type
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:49F8B0D26EF80CC035E6ED4D5BAD374B
SHA256:583628EB4CE66C663B0CC375D28880E249530F64493C5FF578498F500FD4E8F4
6412setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2408170011102456412.dllexecutable
MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
SHA256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419der
MD5:8BE3C56854F6439DF964D9B572616F40
SHA256:A7094EA19610539B6339150D50213B7FCD354AFCA981477493F5B383A8A29408
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:971C514F84BBA0785F80AA1C23EDFD79
SHA256:F157ED17FCAF8837FA82F8B69973848C9B10A02636848F995698212A08F31895
6412setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\Opera_GX_112.0.5197.60_Autoupdate_x64[1].exe
MD5:
SHA256:
6412setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408170011113\opera_package
MD5:
SHA256:
6412setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeexecutable
MD5:607FB47AD9D20BB16F90E4A38C93BBFE
SHA256:8A82AE5C857123CC6972B93828F3A6202C0DB4D325EA6D5B1E36DCFB290C1E09
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_B7ED31D77D311A56FDCB56A0083B3E0Bbinary
MD5:317B262C8927353F63DA6E3668A0C0C0
SHA256:E8ED5026B071B33ECB0012C8014056425FBBA2820AE56AFCB2A98C4E236FBEB2
6412setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_17DD39A60A87A85D0DDEF9FD164BB3E9binary
MD5:B0911A79E728ECE8AF6066D2EC21C1CA
SHA256:4910E94DE95698BCDAA7D39EBA1F48DB1AE1499F7978910E4895ADD0BF188F1B
6412setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.datbinary
MD5:2598ED8DA9EE6B625ECB02C4AFC07EE6
SHA256:3EFD21E473645065ABBD5D62A4F9E808B9C6C8146551D4155403EA8E4AC632D2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
142
DNS requests
192
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAfyOr5A1UWlCmQhXhy%2Bwwk%3D
unknown
whitelisted
6412
setup.exe
GET
200
142.250.201.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
6412
setup.exe
GET
200
142.250.201.163:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAsA6S1NbXMfyjBZx8seGIY%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA55q9FkBjzsPoBm2GCDxI4%3D
unknown
whitelisted
6412
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
840
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6412
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
unknown
6412
setup.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6412
setup.exe
82.145.216.20:443
autoupdate.geo.opera.com
Opera Software AS
NO
unknown
4324
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6412
setup.exe
104.18.25.17:443
api.config.opr.gg
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 216.58.213.78
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
autoupdate.geo.opera.com
  • 82.145.216.20
  • 185.26.182.124
whitelisted
api.config.opr.gg
  • 104.18.25.17
unknown
features.opera-api2.com
  • 82.145.216.16
malicious
c.pki.goog
  • 142.250.201.163
whitelisted
download.opera.com
  • 185.26.182.117
whitelisted
download5.operacdn.com
  • 104.18.10.89
malicious

Threats

No threats detected
Process
Message
assistant_installer.exe
[0817/001419.339:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408170011113\assistant\assistant_installer.exe" --version
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/opera_gx/stable/windows