File name:

opera-air-117-0-5408-198.exe

Full analysis: https://app.any.run/tasks/633b8d1d-dbc0-42c9-8c28-e6e0ba13e504
Verdict: Malicious activity
Analysis date: April 25, 2025, 04:42:41
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
opera
tool
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

8C31747B83A600DB811131FCE547EC46

SHA1:

5B70BC6D10CF0D4825F5A6B3C9068C33F5CA89E2

SHA256:

CE32BAF0BE0FC006307BD94604F0FA65AB80AD55FEB47155C76E8B92427953E8

SSDEEP:

98304:pr+oSUbdgm+rDm8bs16g+/3pjb51GkfVSD+Fp/hwoKg92RXIeIFywei/fDRaRYVV:pMSEKyTxz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • opera.exe (PID: 4112)
      • opera.exe (PID: 5892)
      • opera.exe (PID: 4688)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • opera-air-117-0-5408-198.exe (PID: 5988)
      • setup.exe (PID: 496)
      • setup.exe (PID: 3156)
      • setup.exe (PID: 7244)
      • installer.exe (PID: 1676)
      • setup.exe (PID: 7696)
      • setup.exe (PID: 7720)
      • installer.exe (PID: 3396)

    • Application launched itself

      • setup.exe (PID: 496)
      • setup.exe (PID: 7696)
      • installer.exe (PID: 1676)
      • opera.exe (PID: 4112)
      • opera.exe (PID: 5892)
      • opera.exe (PID: 4688)

    • Starts itself from another location

      • setup.exe (PID: 496)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 3156)
      • setup.exe (PID: 496)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 496)
      • installer.exe (PID: 1676)

    • Creates a software uninstall entry

      • installer.exe (PID: 1676)

    • Searches for installed software

      • installer.exe (PID: 1676)

    • Reads the date of Windows installation

      • installer.exe (PID: 1676)

  • INFO

    • Create files in a temporary directory

      • opera-air-117-0-5408-198.exe (PID: 5988)
      • setup.exe (PID: 3156)
      • setup.exe (PID: 496)
      • setup.exe (PID: 7244)
      • setup.exe (PID: 7720)
      • setup.exe (PID: 7696)
      • installer.exe (PID: 3396)
      • installer.exe (PID: 1676)

    • The sample compiled with english language support

      • setup.exe (PID: 3156)
      • opera-air-117-0-5408-198.exe (PID: 5988)
      • setup.exe (PID: 496)
      • setup.exe (PID: 7244)
      • setup.exe (PID: 7720)
      • setup.exe (PID: 7696)
      • installer.exe (PID: 3396)
      • installer.exe (PID: 1676)

    • Reads the computer name

      • setup.exe (PID: 496)
      • installer.exe (PID: 1676)
      • setup.exe (PID: 7696)
      • opera.exe (PID: 5892)
      • opera.exe (PID: 4112)
      • opera.exe (PID: 7396)
      • opera.exe (PID: 1764)
      • opera.exe (PID: 7380)
      • opera.exe (PID: 4488)
      • opera.exe (PID: 4688)
      • opera.exe (PID: 8052)
      • opera.exe (PID: 8048)

    • Checks supported languages

      • setup.exe (PID: 3156)
      • setup.exe (PID: 496)
      • setup.exe (PID: 7244)
      • opera-air-117-0-5408-198.exe (PID: 5988)
      • setup.exe (PID: 7720)
      • installer.exe (PID: 1676)
      • setup.exe (PID: 7696)
      • installer.exe (PID: 3396)
      • opera.exe (PID: 5892)
      • opera_crashreporter.exe (PID: 6712)
      • opera.exe (PID: 7396)
      • opera.exe (PID: 2420)
      • opera_crashreporter.exe (PID: 896)
      • opera.exe (PID: 4112)
      • opera.exe (PID: 4488)
      • opera.exe (PID: 1764)
      • opera.exe (PID: 7380)
      • opera.exe (PID: 3192)
      • opera.exe (PID: 4688)
      • opera_crashreporter.exe (PID: 6940)
      • opera.exe (PID: 8052)
      • opera.exe (PID: 8048)
      • opera.exe (PID: 1912)

    • Checks proxy server information

      • setup.exe (PID: 496)
      • opera.exe (PID: 5892)
      • opera.exe (PID: 4112)
      • opera.exe (PID: 4688)

    • Creates files or folders in the user directory

      • setup.exe (PID: 3156)
      • setup.exe (PID: 7696)
      • setup.exe (PID: 496)
      • installer.exe (PID: 1676)
      • opera.exe (PID: 5892)
      • opera.exe (PID: 4112)
      • opera.exe (PID: 4688)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 496)
      • opera.exe (PID: 5892)
      • opera.exe (PID: 4112)
      • opera.exe (PID: 4688)

    • Reads the software policy settings

      • setup.exe (PID: 496)

    • OPERA mutex has been found

      • opera.exe (PID: 5892)
      • opera.exe (PID: 4112)
      • opera.exe (PID: 4688)

    • Process checks computer location settings

      • opera.exe (PID: 5892)
      • opera.exe (PID: 4112)
      • opera.exe (PID: 4688)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:10:15 12:57:10+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.4
CodeSize: 241152
InitializedDataSize: 107520
UninitializedDataSize: -
EntryPoint: 0x215d3
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 117.0.5408.198
ProductVersionNumber: 117.0.5408.198
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 117.0.5408.198
ProductVersion: 117.0.5408.198
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2025
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
25
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start opera-air-117-0-5408-198.exe setup.exe setup.exe setup.exe sppextcomobj.exe no specs slui.exe no specs setup.exe setup.exe installer.exe installer.exe opera.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
496C:\Users\admin\AppData\Local\Temp\7zS467F9DD0\setup.exe --server-tracking-blob=ZDhjOTE1YzdkMzg3NzdlNmE1OGZlYmU0NjdjYmE5YmY2Nzc2YzE2ZjA1YjIxYTZmZWEwMTdiNGI1OTc2YjM3YTp7ImNvdW50cnkiOiJGUiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFBaXJTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmFfYWlyIiwicXVlcnkiOiIvb3BlcmFfYWlyL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9JTI4ZGlyZWN0JTI5JnV0bV9tZWRpdW09ZG9jJnV0bV9jYW1wYWlnbj0lMjhkaXJlY3QlMjkmaHR0cF9yZWZlcnJlcj1taXNzaW5nJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9bWFqb3JnZWVrcy5jb20lMkYmZGxfdG9rZW49NTMxNTc4NDAiLCJ0aW1lc3RhbXAiOiIxNzQ0MTA2OTI4LjU5MDMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNS4wOyBTTS1HOTAwUCBCdWlsZC9MUlgyMVQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84My4wLjQxMDMuMTE2IE1vYmlsZSBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiKGRpcmVjdCkiLCJsYXN0cGFnZSI6Im1ham9yZ2Vla3MuY29tLyIsIm1lZGl1bSI6ImRvYyIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiIoZGlyZWN0KSJ9LCJ1dWlkIjoiMWNhZGE3MDYtY2Y2Zi00MTYyLThmMzAtNmVkYzUwZDljNGFlIn0=C:\Users\admin\AppData\Local\Temp\7zS467F9DD0\setup.exe
opera-air-117-0-5408-198.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air Installer
Version:
117.0.5408.198
Modules
Images
c:\users\admin\appdata\local\temp\7zs467f9dd0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
896"C:\Users\admin\AppData\Local\Programs\Opera Air\117.0.5408.231\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopAir --annotation=ver=117.0.5408.231 --initial-client-data=0x1f4,0x1f8,0x1fc,0x1f0,0x200,0x7ffc81286b20,0x7ffc81286b30,0x7ffc81286b40C:\Users\admin\AppData\Local\Programs\Opera Air\117.0.5408.231\opera_crashreporter.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air crash-reporter
Exit code:
0
Version:
117.0.5408.231
Modules
Images
c:\users\admin\appdata\local\programs\opera air\117.0.5408.231\opera_crashreporter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1676"C:\Users\admin\AppData\Local\Programs\Opera Air\117.0.5408.231\installer.exe" --backend --initial-pid=496 --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=0 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera Air" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --show-intro-overlay --package-dir="C:\Users\admin\AppData\Local\Temp\.opera\Opera Air Installer Temp\opera_package_202504250442481" --session-guid=3ff3c01f-49e7-49f3-8f59-db4d99142c9c --server-tracking-blob="MDIyNDUwM2EyMDQyMjk3Y2ZiMWFjMDJkNWIwZjFkYzg2OTg5MTk2MDQ1Mzc0ZThmZTVmMTNmNGVhZDc4ZTJhYzp7ImNvdW50cnkiOiJGUiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFBaXJTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYV9haXIifSwicXVlcnkiOiIvb3BlcmFfYWlyL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9JTI4ZGlyZWN0JTI5JnV0bV9tZWRpdW09ZG9jJnV0bV9jYW1wYWlnbj0lMjhkaXJlY3QlMjkmaHR0cF9yZWZlcnJlcj1taXNzaW5nJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9bWFqb3JnZWVrcy5jb20lMkYmZGxfdG9rZW49NTMxNTc4NDAiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3NDQxMDY5MjguNTkwMyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjA7IFNNLUc5MDBQIEJ1aWxkL0xSWDIxVCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy4xMTYgTW9iaWxlIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiIoZGlyZWN0KSIsImxhc3RwYWdlIjoibWFqb3JnZWVrcy5jb20vIiwibWVkaXVtIjoiZG9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IihkaXJlY3QpIn0sInV1aWQiOiIxY2FkYTcwNi1jZjZmLTQxNjItOGYzMC02ZWRjNTBkOWM0YWUifQ== " --desktopshortcut=1 --install-subfolder=117.0.5408.231C:\Users\admin\AppData\Local\Programs\Opera Air\117.0.5408.231\installer.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air Installer
Exit code:
0
Version:
117.0.5408.231
Modules
Images
c:\users\admin\appdata\local\programs\opera air\117.0.5408.231\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1764"C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-new-ids=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=off --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:password-generator=off --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1936,i,14876499214254931810,18363536595754640302,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=1932 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Air Internet Browser
Exit code:
0
Version:
117.0.5408.231
Modules
Images
c:\users\admin\appdata\local\programs\opera air\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera air\117.0.5408.231\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
1912"C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-new-ids=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=off --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:password-generator=off --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:installer-experiment-test=off --field-trial-handle=2384,i,3711940129362835202,1375092919755989205,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Air Internet Browser
Exit code:
0
Version:
117.0.5408.231
Modules
Images
c:\users\admin\appdata\local\programs\opera air\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera air\117.0.5408.231\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2420"C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-new-ids=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=off --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:password-generator=off --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:installer-experiment-test=off --field-trial-handle=2472,i,13676336341839532306,11341381872074819559,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=2488 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Air Internet Browser
Exit code:
0
Version:
117.0.5408.231
Modules
Images
c:\users\admin\appdata\local\programs\opera air\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera air\117.0.5408.231\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
3156C:\Users\admin\AppData\Local\Temp\7zS467F9DD0\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopAir --annotation=ver=117.0.5408.198 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x7ffc885c9478,0x7ffc885c9484,0x7ffc885c9490C:\Users\admin\AppData\Local\Temp\7zS467F9DD0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air Installer
Version:
117.0.5408.198
Modules
Images
c:\users\admin\appdata\local\temp\7zs467f9dd0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3192"C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-new-ids=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=off --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:password-generator=off --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:installer-experiment-test=off --field-trial-handle=2416,i,14876499214254931810,18363536595754640302,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=2556 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Air Internet Browser
Exit code:
0
Version:
117.0.5408.231
Modules
Images
c:\users\admin\appdata\local\programs\opera air\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera air\117.0.5408.231\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
3396"C:\Users\admin\AppData\Local\Programs\Opera Air\117.0.5408.231\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopAir --annotation=ver=117.0.5408.231 --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2a8,0x7ffc86e79478,0x7ffc86e79484,0x7ffc86e79490C:\Users\admin\AppData\Local\Programs\Opera Air\117.0.5408.231\installer.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air Installer
Exit code:
0
Version:
117.0.5408.231
Modules
Images
c:\users\admin\appdata\local\programs\opera air\117.0.5408.231\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4112"C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exe" --ran-launcher --install-extension="C:\Users\admin\AppData\Local\Temp\.opera\Opera Air Installer Temp\opera_package_202504250442481\698dbba81ba23beaeccdcc760caa75e0efa1badf.crx"C:\Users\admin\AppData\Local\Programs\Opera Air\opera.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air Internet Browser
Exit code:
0
Version:
117.0.5408.231
Modules
Images
c:\users\admin\appdata\local\programs\opera air\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\programs\opera air\117.0.5408.231\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
Total events
7 959
Read events
7 809
Write events
139
Delete events
11

Modification events

(PID) Process:(496) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(496) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(496) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7696) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera Air Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera Air\
(PID) Process:(1676) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera Air Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera Air\
(PID) Process:(1676) installer.exeKey:HKEY_CLASSES_ROOT\Opera AirStable
Operation:writeName:FriendlyTypeName
Value:
Opera Air Web Document
(PID) Process:(1676) installer.exeKey:HKEY_CLASSES_ROOT\Opera AirStable
Operation:writeName:URL Protocol
Value:
(PID) Process:(1676) installer.exeKey:HKEY_CLASSES_ROOT\.opdownload\OpenWithProgIDs
Operation:writeName:Opera AirStable
Value:
(PID) Process:(1676) installer.exeKey:HKEY_CLASSES_ROOT\.htm\OpenWithProgids
Operation:writeName:Opera AirStable
Value:
(PID) Process:(1676) installer.exeKey:HKEY_CLASSES_ROOT\.html\OpenWithProgids
Operation:writeName:Opera AirStable
Value:
Executable files
12
Suspicious files
106
Text files
53
Unknown types
1

Dropped files

PID
Process
Filename
Type
496setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\Opera_Air_117.0.5408.231_Autoupdate_x64[1].exe
MD5:
SHA256:
496setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera Air Installer Temp\opera_package_202504250442481\opera_package
MD5:
SHA256:
496setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\Crash Reports\settings.datbinary
MD5:CBF720CACC57BCA67145A46D40264D6D
SHA256:A116993A8690B3E4F4156E204F190DB7109456721A1F9A9E85F35284E341960B
496setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_B7ED31D77D311A56FDCB56A0083B3E0Bbinary
MD5:5FA509C603F58D8BA66942143BD25E33
SHA256:B78828C0E9F67306B9570C05AF105B3B40FA1C901B4A9B75584656CE50272A9F
3156setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504250442479963156.dllexecutable
MD5:7498EA85323E5521F48BA39A295CC4AC
SHA256:61BD59972DCA96945F0E23BEC57DEEA3FCC35EBA3E3D8555B8FBBC48245C4142
496setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_250425044247730496.dllexecutable
MD5:7498EA85323E5521F48BA39A295CC4AC
SHA256:61BD59972DCA96945F0E23BEC57DEEA3FCC35EBA3E3D8555B8FBBC48245C4142
496setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera Air Installer Temp\setup.exeexecutable
MD5:1D08E645DC4D7C71A108CB5E75671487
SHA256:28AEE7EA3162E6E455EED8FB3B4CC2DB71CCF891AB6F5BF5D37B535EC7B7A78E
496setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:EDCDBFCA92EA930C247C38EA27702BD2
SHA256:642EC5B4C11EA437AA9B41E39C3D09B4AF2A8C126D36A58BD56FF43887CD8736
496setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_9AD8E6D69BA520C5190A9B86E29789D5binary
MD5:E2D7A127F9EDC2794086B12ADECCC3F6
SHA256:105D8C6775782927B09DFAD5CEE68B83E2107CC83AF63928F39CF2C6219C0B22
5988opera-air-117-0-5408-198.exeC:\Users\admin\AppData\Local\Temp\7zS467F9DD0\setup.exeexecutable
MD5:1D08E645DC4D7C71A108CB5E75671487
SHA256:28AEE7EA3162E6E455EED8FB3B4CC2DB71CCF891AB6F5BF5D37B535EC7B7A78E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
33
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.21:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
496
setup.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEA17ZgsSl63KHstWnAbUez0%3D
unknown
whitelisted
496
setup.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
496
setup.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAsA6S1NbXMfyjBZx8seGIY%3D
unknown
whitelisted
496
setup.exe
GET
200
142.250.185.227:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
496
setup.exe
GET
200
142.250.185.227:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
8048
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
8048
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
23.216.77.21:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
496
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted
496
setup.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
496
setup.exe
82.145.216.19:443
autoupdate.opera.com
Opera Software AS
NO
whitelisted
496
setup.exe
82.145.216.48:443
download.opera.com
Opera Software AS
NO
whitelisted
496
setup.exe
185.26.182.94:443
features.opera-api2.com
Opera Software AS
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 23.216.77.21
  • 23.216.77.10
  • 23.216.77.23
  • 23.216.77.18
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
autoupdate.opera.com
  • 82.145.216.19
  • 82.145.216.20
  • 82.145.216.46
  • 82.145.216.47
whitelisted
features.opera-api2.com
  • 185.26.182.94
  • 185.26.182.111
  • 185.26.182.112
  • 185.26.182.93
  • 185.26.182.106
  • 185.26.182.118
malicious
download.opera.com
  • 82.145.216.48
  • 82.145.216.49
  • 82.145.216.23
  • 82.145.216.24
whitelisted
download5.operacdn.com
  • 104.18.10.89
  • 104.18.11.89
malicious
c.pki.goog
  • 142.250.185.227
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
opera-air-117-0-5408-198.exe