File name:

OperaGXSetup.zip

Full analysis: https://app.any.run/tasks/98e3d374-dea8-4d66-82db-552b21793d92
Verdict: Malicious activity
Analysis date: January 30, 2025, 11:37:25
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

A7ED9ABC5600F298C1CEA19789EFF772

SHA1:

5AB8F2DF199681B304028F7387EA0CE58978B47F

SHA256:

32F74DA6AEF3CB8CA407DD81F9C58E916B66C17742AD0CF1BA7E0DB7FA08D0F4

SSDEEP:

98304:x+8+DoA+2zfVLv45WuMmr9F2/OaSHtu7noBHkqFepqIHtgvcTMocFrzkurImVF3i:X4q9DxIpeMAw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6348)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaGXSetup.exe (PID: 6852)
      • setup.exe (PID: 6936)
      • setup.exe (PID: 6976)
      • setup.exe (PID: 7068)
      • setup.exe (PID: 3420)
      • setup.exe (PID: 4648)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6876)
      • installer.exe (PID: 7072)
      • installer.exe (PID: 6032)

    • Application launched itself

      • setup.exe (PID: 6936)
      • setup.exe (PID: 3420)
      • assistant_installer.exe (PID: 6824)
      • installer.exe (PID: 6032)
      • opera.exe (PID: 4300)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6936)
      • installer.exe (PID: 6032)

    • Starts itself from another location

      • setup.exe (PID: 6936)

    • Checks Windows Trust Settings

      • setup.exe (PID: 6936)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 6936)
      • setup.exe (PID: 6976)

    • Creates a software uninstall entry

      • installer.exe (PID: 6032)

    • Searches for installed software

      • installer.exe (PID: 6032)

    • Reads the date of Windows installation

      • installer.exe (PID: 6032)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 5300)

    • The process checks if it is being run in the virtual environment

      • opera.exe (PID: 4300)

  • INFO

    • Checks supported languages

      • OperaGXSetup.exe (PID: 6852)
      • setup.exe (PID: 6936)
      • setup.exe (PID: 6976)
      • setup.exe (PID: 7068)
      • setup.exe (PID: 3420)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6876)
      • assistant_installer.exe (PID: 6824)
      • assistant_installer.exe (PID: 6760)
      • installer.exe (PID: 6032)
      • installer.exe (PID: 7072)
      • opera.exe (PID: 4544)
      • setup.exe (PID: 4648)
      • opera_crashreporter.exe (PID: 5604)
      • opera.exe (PID: 4320)
      • opera.exe (PID: 4300)
      • opera.exe (PID: 6168)
      • opera.exe (PID: 1828)
      • opera.exe (PID: 1292)
      • opera.exe (PID: 6712)
      • opera.exe (PID: 5536)
      • opera.exe (PID: 2976)
      • opera.exe (PID: 4012)
      • opera.exe (PID: 4968)
      • opera.exe (PID: 3532)
      • opera.exe (PID: 3896)
      • opera.exe (PID: 5320)
      • opera.exe (PID: 4580)
      • opera.exe (PID: 3560)
      • opera.exe (PID: 3840)
      • opera.exe (PID: 6200)
      • opera.exe (PID: 6552)
      • opera.exe (PID: 5460)
      • opera.exe (PID: 1512)
      • opera.exe (PID: 2072)
      • opera.exe (PID: 5804)
      • opera.exe (PID: 7084)
      • opera.exe (PID: 7164)
      • opera.exe (PID: 1480)
      • opera.exe (PID: 6936)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6348)

    • Manual execution by a user

      • OperaGXSetup.exe (PID: 6852)
      • Taskmgr.exe (PID: 5320)
      • Taskmgr.exe (PID: 3988)

    • Create files in a temporary directory

      • OperaGXSetup.exe (PID: 6852)
      • setup.exe (PID: 6976)
      • setup.exe (PID: 6936)
      • setup.exe (PID: 7068)
      • setup.exe (PID: 3420)
      • setup.exe (PID: 4648)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6876)
      • installer.exe (PID: 6032)
      • installer.exe (PID: 7072)
      • opera.exe (PID: 4300)

    • The sample compiled with english language support

      • OperaGXSetup.exe (PID: 6852)
      • setup.exe (PID: 6976)
      • setup.exe (PID: 6936)
      • setup.exe (PID: 7068)
      • setup.exe (PID: 3420)
      • setup.exe (PID: 4648)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6876)
      • installer.exe (PID: 7072)
      • installer.exe (PID: 6032)

    • Reads the computer name

      • setup.exe (PID: 6936)
      • assistant_installer.exe (PID: 6824)
      • opera.exe (PID: 6168)
      • opera.exe (PID: 2072)

    • Creates files or folders in the user directory

      • setup.exe (PID: 6936)
      • setup.exe (PID: 6976)
      • setup.exe (PID: 3420)
      • installer.exe (PID: 6032)
      • opera.exe (PID: 4300)
      • opera.exe (PID: 4320)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6936)
      • opera.exe (PID: 4300)

    • Reads the software policy settings

      • setup.exe (PID: 6936)

    • Checks proxy server information

      • setup.exe (PID: 6936)
      • opera.exe (PID: 4300)

    • Process checks computer location settings

      • opera.exe (PID: 4300)
      • opera.exe (PID: 4580)
      • opera.exe (PID: 3532)
      • opera.exe (PID: 3896)
      • opera.exe (PID: 3560)
      • opera.exe (PID: 1512)
      • opera.exe (PID: 7164)
      • opera.exe (PID: 1480)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 3988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0001
ZipCompression: Deflated
ZipModifyDate: 2025:01:30 12:05:50
ZipCRC: 0xee91ed64
ZipCompressedSize: 3857585
ZipUncompressedSize: 4018688
ZipFileName: OperaGXSetup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
189
Monitored processes
59
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe operagxsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe no specs installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs taskmgr.exe no specs taskmgr.exe opera.exe no specs opera_crashreporter.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs comppkgsrv.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
836"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=9568,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=9572 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
1292"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=3100,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
116.0.5366.80
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\116.0.5366.80\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1480"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0 (Edition std-2)" --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7032,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7120 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
1512"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0 (Edition std-2)" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=6040,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
1828"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=2468,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\116.0.5366.80\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2072"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --field-trial-handle=6964,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
2396"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=4980,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=8424 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
2420"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=5256,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
2756"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=8036,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7772 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
2976"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=3256,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3320 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
116.0.5366.80
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\116.0.5366.80\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
12 759
Read events
12 622
Write events
130
Delete events
7

Modification events

(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\OperaGXSetup.zip
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
Executable files
25
Suspicious files
640
Text files
166
Unknown types
9

Dropped files

PID
Process
Filename
Type
6976setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2501301137583826976.dllexecutable
MD5:50C59FEAE31EC36E5F5EC12FA08A5072
SHA256:291A44E2302DCFB40E8C90676E6C21452094877513D7751E2590920E6B96574D
6936setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\Opera_GX_116.0.5366.80_Autoupdate_x64[1].exe
MD5:
SHA256:
6936setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501301137591\opera_package
MD5:
SHA256:
6936setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2501301137574286936.dllexecutable
MD5:50C59FEAE31EC36E5F5EC12FA08A5072
SHA256:291A44E2302DCFB40E8C90676E6C21452094877513D7751E2590920E6B96574D
6348WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb6348.37367\OperaGXSetup.exeexecutable
MD5:1700DE3D048BDA3F6BB2A4EA272ECDA3
SHA256:FF60B8421F0B326AB40D7DEC8967EF0605076B72A64EEB300EE478163454C96C
6936setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419der
MD5:D26C035509187501C7ABDC4D26592BEC
SHA256:AC85351E74C7459F78EE0BA5FE1D6A89EF80BC1803E67A3DDB8F54CA16921D9B
6936setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_9AD8E6D69BA520C5190A9B86E29789D5binary
MD5:992E44FA123B86521301F5B90B825549
SHA256:729AB3E06F85266CC6A4EBAAA70D044B402199F503C5E46DC6411265DD99C091
7068setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2501301137593357068.dllexecutable
MD5:50C59FEAE31EC36E5F5EC12FA08A5072
SHA256:291A44E2302DCFB40E8C90676E6C21452094877513D7751E2590920E6B96574D
6936setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12der
MD5:C9BE626E9715952E9B70F92F912B9787
SHA256:C13E8D22800C200915F87F71C31185053E4E60CA25DE2E41E160E09CD2D815D4
6936setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:3B41DA9DD8851CE3BF3811C6B941A8C9
SHA256:D23E07F08DDC9C9E255FF4096DE1EB9CB964441AFDF1768843016F6FE613FEDD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
98
DNS requests
87
Threats
20

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.18:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6936
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
7160
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6936
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEA17ZgsSl63KHstWnAbUez0%3D
unknown
whitelisted
7160
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6936
setup.exe
GET
200
142.250.186.131:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
6936
setup.exe
GET
200
142.250.186.131:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2.21.65.132:443
Akamai International B.V.
NL
unknown
4712
MoUsoCoreWorker.exe
2.16.164.18:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1076
svchost.exe
2.18.97.227:443
go.microsoft.com
Akamai International B.V.
FR
whitelisted
5064
SearchApp.exe
2.19.122.22:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
20.190.160.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 2.16.164.18
  • 2.16.164.43
  • 2.16.164.9
  • 2.16.164.106
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
go.microsoft.com
  • 2.18.97.227
whitelisted
www.bing.com
  • 2.19.122.22
  • 2.19.122.21
  • 2.19.122.15
  • 2.19.122.20
  • 2.19.122.13
  • 2.19.122.12
  • 2.19.122.25
  • 2.19.122.19
  • 2.19.122.16
whitelisted
login.live.com
  • 20.190.160.64
  • 40.126.32.68
  • 40.126.32.72
  • 20.190.160.14
  • 20.190.160.22
  • 20.190.160.130
  • 20.190.160.128
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Process
Message
assistant_installer.exe
[0130/113848.174:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501301137591\assistant\assistant_installer.exe" --version
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup.zip