File name:

OperaGXSetup.zip

Full analysis: https://app.any.run/tasks/98e3d374-dea8-4d66-82db-552b21793d92
Verdict: Malicious activity
Analysis date: January 30, 2025, 11:37:25
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

A7ED9ABC5600F298C1CEA19789EFF772

SHA1:

5AB8F2DF199681B304028F7387EA0CE58978B47F

SHA256:

32F74DA6AEF3CB8CA407DD81F9C58E916B66C17742AD0CF1BA7E0DB7FA08D0F4

SSDEEP:

98304:x+8+DoA+2zfVLv45WuMmr9F2/OaSHtu7noBHkqFepqIHtgvcTMocFrzkurImVF3i:X4q9DxIpeMAw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6348)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaGXSetup.exe (PID: 6852)
      • setup.exe (PID: 6936)
      • setup.exe (PID: 6976)
      • setup.exe (PID: 7068)
      • setup.exe (PID: 3420)
      • setup.exe (PID: 4648)
      • installer.exe (PID: 7072)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6876)
      • installer.exe (PID: 6032)

    • Application launched itself

      • setup.exe (PID: 6936)
      • setup.exe (PID: 3420)
      • assistant_installer.exe (PID: 6824)
      • installer.exe (PID: 6032)
      • opera.exe (PID: 4300)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6936)
      • installer.exe (PID: 6032)

    • Starts itself from another location

      • setup.exe (PID: 6936)

    • Checks Windows Trust Settings

      • setup.exe (PID: 6936)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 6976)
      • setup.exe (PID: 6936)

    • Creates a software uninstall entry

      • installer.exe (PID: 6032)

    • Searches for installed software

      • installer.exe (PID: 6032)

    • Reads the date of Windows installation

      • installer.exe (PID: 6032)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 5300)

    • The process checks if it is being run in the virtual environment

      • opera.exe (PID: 4300)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6348)

    • Checks supported languages

      • OperaGXSetup.exe (PID: 6852)
      • setup.exe (PID: 6936)
      • setup.exe (PID: 6976)
      • setup.exe (PID: 7068)
      • assistant_installer.exe (PID: 6824)
      • installer.exe (PID: 7072)
      • assistant_installer.exe (PID: 6760)
      • installer.exe (PID: 6032)
      • setup.exe (PID: 3420)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6876)
      • setup.exe (PID: 4648)
      • opera.exe (PID: 4320)
      • opera_crashreporter.exe (PID: 5604)
      • opera.exe (PID: 4300)
      • opera.exe (PID: 1292)
      • opera.exe (PID: 5536)
      • opera.exe (PID: 6712)
      • opera.exe (PID: 3532)
      • opera.exe (PID: 2976)
      • opera.exe (PID: 4012)
      • opera.exe (PID: 4968)
      • opera.exe (PID: 3896)
      • opera.exe (PID: 4580)
      • opera.exe (PID: 3560)
      • opera.exe (PID: 6168)
      • opera.exe (PID: 1828)
      • opera.exe (PID: 4544)
      • opera.exe (PID: 5460)
      • opera.exe (PID: 3840)
      • opera.exe (PID: 1512)
      • opera.exe (PID: 2072)
      • opera.exe (PID: 5320)
      • opera.exe (PID: 6200)
      • opera.exe (PID: 6552)
      • opera.exe (PID: 6936)
      • opera.exe (PID: 7084)
      • opera.exe (PID: 7164)
      • opera.exe (PID: 1480)
      • opera.exe (PID: 5804)

    • Manual execution by a user

      • OperaGXSetup.exe (PID: 6852)
      • Taskmgr.exe (PID: 3988)
      • Taskmgr.exe (PID: 5320)

    • Create files in a temporary directory

      • OperaGXSetup.exe (PID: 6852)
      • setup.exe (PID: 6976)
      • setup.exe (PID: 6936)
      • setup.exe (PID: 7068)
      • setup.exe (PID: 4648)
      • setup.exe (PID: 3420)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6876)
      • installer.exe (PID: 6032)
      • installer.exe (PID: 7072)
      • opera.exe (PID: 4300)

    • The sample compiled with english language support

      • OperaGXSetup.exe (PID: 6852)
      • setup.exe (PID: 6976)
      • setup.exe (PID: 6936)
      • setup.exe (PID: 7068)
      • setup.exe (PID: 3420)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 6876)
      • installer.exe (PID: 7072)
      • setup.exe (PID: 4648)
      • installer.exe (PID: 6032)

    • Reads the computer name

      • setup.exe (PID: 6936)
      • assistant_installer.exe (PID: 6824)
      • opera.exe (PID: 6168)
      • opera.exe (PID: 2072)

    • Creates files or folders in the user directory

      • setup.exe (PID: 6976)
      • setup.exe (PID: 6936)
      • setup.exe (PID: 3420)
      • installer.exe (PID: 6032)
      • opera.exe (PID: 4300)
      • opera.exe (PID: 4320)

    • Reads the software policy settings

      • setup.exe (PID: 6936)

    • Checks proxy server information

      • setup.exe (PID: 6936)
      • opera.exe (PID: 4300)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6936)
      • opera.exe (PID: 4300)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 3988)

    • Process checks computer location settings

      • opera.exe (PID: 4300)
      • opera.exe (PID: 3896)
      • opera.exe (PID: 3532)
      • opera.exe (PID: 4580)
      • opera.exe (PID: 3560)
      • opera.exe (PID: 1512)
      • opera.exe (PID: 7164)
      • opera.exe (PID: 1480)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0001
ZipCompression: Deflated
ZipModifyDate: 2025:01:30 12:05:50
ZipCRC: 0xee91ed64
ZipCompressedSize: 3857585
ZipUncompressedSize: 4018688
ZipFileName: OperaGXSetup.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
189
Monitored processes
59
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe operagxsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe no specs installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs taskmgr.exe no specs taskmgr.exe opera.exe no specs opera_crashreporter.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs comppkgsrv.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
836"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=9568,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=9572 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
1292"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=3100,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
116.0.5366.80
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\116.0.5366.80\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1480"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0 (Edition std-2)" --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7032,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7120 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
1512"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0 (Edition std-2)" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=6040,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
1828"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=2468,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\116.0.5366.80\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2072"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --field-trial-handle=6964,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
2396"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=4980,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=8424 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
2420"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=5256,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
2756"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=8036,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7772 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
116.0.5366.80
2976"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --field-trial-handle=3256,i,17900368676546746036,3727464900500596202,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3320 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
116.0.5366.80
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\116.0.5366.80\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
12 759
Read events
12 622
Write events
130
Delete events
7

Modification events

(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\OperaGXSetup.zip
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(6348) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
Executable files
25
Suspicious files
640
Text files
166
Unknown types
9

Dropped files

PID
Process
Filename
Type
6976setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2501301137583826976.dllexecutable
MD5:50C59FEAE31EC36E5F5EC12FA08A5072
SHA256:291A44E2302DCFB40E8C90676E6C21452094877513D7751E2590920E6B96574D
6936setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\Opera_GX_116.0.5366.80_Autoupdate_x64[1].exe
MD5:
SHA256:
6936setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501301137591\opera_package
MD5:
SHA256:
6936setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.datbinary
MD5:B873561171DD1FE43344DD59E58B274E
SHA256:34C572584FADF38096C00152311379C40B460A1FAC83F5F402616918E4E6377E
6936setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeexecutable
MD5:0964E495FE984BC57511AA48D131DB03
SHA256:587BF26AA9B6FC20E9B844B2EC9FD73CC30AE6B2DEEB33BCE082EA96DA719175
6852OperaGXSetup.exeC:\Users\admin\AppData\Local\Temp\7zS4CA322D3\setup.exeexecutable
MD5:0964E495FE984BC57511AA48D131DB03
SHA256:587BF26AA9B6FC20E9B844B2EC9FD73CC30AE6B2DEEB33BCE082EA96DA719175
6348WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb6348.37367\OperaGXSetup.exeexecutable
MD5:1700DE3D048BDA3F6BB2A4EA272ECDA3
SHA256:FF60B8421F0B326AB40D7DEC8967EF0605076B72A64EEB300EE478163454C96C
7068setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2501301137593357068.dllexecutable
MD5:50C59FEAE31EC36E5F5EC12FA08A5072
SHA256:291A44E2302DCFB40E8C90676E6C21452094877513D7751E2590920E6B96574D
3420setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2501301138122343420.dllexecutable
MD5:50C59FEAE31EC36E5F5EC12FA08A5072
SHA256:291A44E2302DCFB40E8C90676E6C21452094877513D7751E2590920E6B96574D
6936setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_9AD8E6D69BA520C5190A9B86E29789D5der
MD5:9526998AD235F3A724F2A66F5BC60C31
SHA256:9533E6F13F68684A9627D53035E7E23C594B274CC5A27E52EECAADC4465B0AB6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
98
DNS requests
87
Threats
20

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.18:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6936
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEA17ZgsSl63KHstWnAbUez0%3D
unknown
whitelisted
6936
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
7160
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7160
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6936
setup.exe
GET
200
142.250.186.131:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
6936
setup.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2.21.65.132:443
Akamai International B.V.
NL
unknown
4712
MoUsoCoreWorker.exe
2.16.164.18:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1076
svchost.exe
2.18.97.227:443
go.microsoft.com
Akamai International B.V.
FR
whitelisted
5064
SearchApp.exe
2.19.122.22:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
20.190.160.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 2.16.164.18
  • 2.16.164.43
  • 2.16.164.9
  • 2.16.164.106
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
go.microsoft.com
  • 2.18.97.227
whitelisted
www.bing.com
  • 2.19.122.22
  • 2.19.122.21
  • 2.19.122.15
  • 2.19.122.20
  • 2.19.122.13
  • 2.19.122.12
  • 2.19.122.25
  • 2.19.122.19
  • 2.19.122.16
whitelisted
login.live.com
  • 20.190.160.64
  • 40.126.32.68
  • 40.126.32.72
  • 20.190.160.14
  • 20.190.160.22
  • 20.190.160.130
  • 20.190.160.128
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Process
Message
assistant_installer.exe
[0130/113848.174:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501301137591\assistant\assistant_installer.exe" --version
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup.zip