File name:

OperaGXSetup.exe

Full analysis: https://app.any.run/tasks/64f3d315-906a-423f-bda4-22c82423547a
Verdict: Malicious activity
Analysis date: May 25, 2025, 10:18:28
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

77B016ACC099260261781EC7AEFE9092

SHA1:

2DBD151645BE560346FC15629C5B761EA9ED836B

SHA256:

6DC7475C6371C095C96CECC49E1E4556FD69F2DBFED9BEEC08FBA9A3EF07DC81

SSDEEP:

98304:rwyWSeMgtSkIkyV9pZO5kKDrFdklfreUlb+xxda4AazGG1TiY2Zo9cWozNZK5D66:ruqXwbn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaGXSetup.exe (PID: 2108)
      • setup.exe (PID: 5892)
      • setup.exe (PID: 904)
      • setup.exe (PID: 2980)
      • setup.exe (PID: 6068)
      • setup.exe (PID: 3768)

    • Application launched itself

      • setup.exe (PID: 904)
      • setup.exe (PID: 3768)

    • Starts itself from another location

      • setup.exe (PID: 904)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 904)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 5892)
      • setup.exe (PID: 904)
      • setup.exe (PID: 3768)
      • setup.exe (PID: 6068)

  • INFO

    • Create files in a temporary directory

      • OperaGXSetup.exe (PID: 2108)
      • setup.exe (PID: 5892)
      • setup.exe (PID: 904)
      • setup.exe (PID: 2980)
      • setup.exe (PID: 3768)
      • setup.exe (PID: 6068)

    • Checks supported languages

      • OperaGXSetup.exe (PID: 2108)
      • setup.exe (PID: 904)
      • setup.exe (PID: 5892)
      • setup.exe (PID: 2980)
      • setup.exe (PID: 6068)
      • setup.exe (PID: 3768)

    • The sample compiled with english language support

      • setup.exe (PID: 904)
      • OperaGXSetup.exe (PID: 2108)
      • setup.exe (PID: 5892)
      • setup.exe (PID: 2980)
      • setup.exe (PID: 3768)
      • setup.exe (PID: 6068)

    • Reads the computer name

      • setup.exe (PID: 904)
      • setup.exe (PID: 3768)

    • Creates files or folders in the user directory

      • setup.exe (PID: 5892)
      • setup.exe (PID: 904)

    • Checks proxy server information

      • setup.exe (PID: 904)
      • slui.exe (PID: 2100)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 904)

    • Reads the software policy settings

      • setup.exe (PID: 904)
      • slui.exe (PID: 2100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 119.0.5497.43
ProductVersionNumber: 119.0.5497.43
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 119.0.5497.43
ProductVersion: 119.0.5497.43
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2025
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
132
Monitored processes
7
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start operagxsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
904C:\Users\admin\AppData\Local\Temp\7zSC38267D0\setup.exe --server-tracking-blob=NjFjZmQ0MzdmYjk2ZTNhMWNlMDQ0ZjQ4ZDgzNmM3ODdiMTdkNjMxMGZiNDhiZGE0ZjUxOGE3MWZmZDM1NjhkNzp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9VU19TVlJfODg3NV9PT01fMTAwMiZlZGl0aW9uPXN0ZC0yJnV0bV9pZD01ZjRjYTFlNWQxMmE0Mzc1OTkxYWVhNTM2MDFjNzcyMyZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPTVmNGNhMWU1ZDEyYTQzNzU5OTFhZWE1MzYwMWM3NzIzJmRsX3Rva2VuPTM4NTkwMTU5IiwidGltZXN0YW1wIjoiMTc0ODE1MDU0My4xMzc4IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTM2LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fVVNfU1ZSXzg4NzVfT09NXzEwMDIiLCJpZCI6IjVmNGNhMWU1ZDEyYTQzNzU5OTFhZWE1MzYwMWM3NzIzIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjMxNGUwNjgxLWVjYzQtNGMzYi1hNjI4LWNhNmIwNDBlODg1NSJ9C:\Users\admin\AppData\Local\Temp\7zSC38267D0\setup.exe
OperaGXSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
119.0.5497.43
Modules
Images
c:\users\admin\appdata\local\temp\7zsc38267d0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2100C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2108"C:\Users\admin\Desktop\OperaGXSetup.exe" C:\Users\admin\Desktop\OperaGXSetup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Version:
119.0.5497.43
Modules
Images
c:\users\admin\desktop\operagxsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2980"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3768"C:\Users\admin\AppData\Local\Temp\7zSC38267D0\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=904 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250525101840" --session-guid=251996ba-a8ba-47a1-acfa-38890e0690c1 --server-tracking-blob="NWNmNzg1N2U1NzZlYzQwMDg3MGJjMmJkZmRlOTRhNzBiMDhiOTNiMDdiZWI2YTZhODRlZDFkYzY2ODMzOTRkZjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9VU19TVlJfODg3NV9PT01fMTAwMiZlZGl0aW9uPXN0ZC0yJnV0bV9pZD01ZjRjYTFlNWQxMmE0Mzc1OTkxYWVhNTM2MDFjNzcyMyZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPTVmNGNhMWU1ZDEyYTQzNzU5OTFhZWE1MzYwMWM3NzIzJmRsX3Rva2VuPTM4NTkwMTU5Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzQ4MTUwNTQzLjEzNzgiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzYuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19TVlJfODg3NV9PT01fMTAwMiIsImlkIjoiNWY0Y2ExZTVkMTJhNDM3NTk5MWFlYTUzNjAxYzc3MjMiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiMzE0ZTA2ODEtZWNjNC00YzNiLWE2MjgtY2E2YjA0MGU4ODU1In0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=000A000000000000C:\Users\admin\AppData\Local\Temp\7zSC38267D0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
119.0.5497.43
Modules
Images
c:\users\admin\appdata\local\temp\7zsc38267d0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5892C:\Users\admin\AppData\Local\Temp\7zSC38267D0\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.43 --initial-client-data=0x298,0x29c,0x2a0,0x27c,0x2a4,0x7ffc89b3afc8,0x7ffc89b3afd4,0x7ffc89b3afe0C:\Users\admin\AppData\Local\Temp\7zSC38267D0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
119.0.5497.43
Modules
Images
c:\users\admin\appdata\local\temp\7zsc38267d0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6068C:\Users\admin\AppData\Local\Temp\7zSC38267D0\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.43 --initial-client-data=0x2a8,0x2ac,0x2b0,0x278,0x2b4,0x7ffc87ceafc8,0x7ffc87ceafd4,0x7ffc87ceafe0C:\Users\admin\AppData\Local\Temp\7zSC38267D0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
119.0.5497.43
Modules
Images
c:\users\admin\appdata\local\temp\7zsc38267d0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
7 003
Read events
6 999
Write events
4
Delete events
0

Modification events

(PID) Process:(904) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(904) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(904) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3768) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
Executable files
7
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
5892setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2505251018393275892.dllexecutable
MD5:D623D87C2ED58AD04E84C7C3EF11E808
SHA256:926EE14BE53778F898C6E373FE551AB579775BD430C1ED6795AA953CD62D2F0F
904setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\features[1].jsonbinary
MD5:34EBABE182902DF1C9B280F6569426D7
SHA256:696E2A029623CC1CA27E8EC2032F93FD907BFE5AF2B1EA5BAAB1D28D99B18DAC
2980setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2505251018397962980.dllexecutable
MD5:D623D87C2ED58AD04E84C7C3EF11E808
SHA256:926EE14BE53778F898C6E373FE551AB579775BD430C1ED6795AA953CD62D2F0F
904setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_250525101839140904.dllexecutable
MD5:D623D87C2ED58AD04E84C7C3EF11E808
SHA256:926EE14BE53778F898C6E373FE551AB579775BD430C1ED6795AA953CD62D2F0F
904setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.datbinary
MD5:E65E02BDF5380D2FEBDBBE61941592E4
SHA256:39884F8368F71CAF6FF97BF3403601F9A48F21970CB4C92F5C644AB9E9E3ABF7
904setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeexecutable
MD5:F29A1A7634CA2EFA51A844292CC7D420
SHA256:9ADDA6B20811870E58C66639F379210A4117809F632EC71D74CCCDF2BE28C516
6068setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2505251018487966068.dllexecutable
MD5:D623D87C2ED58AD04E84C7C3EF11E808
SHA256:926EE14BE53778F898C6E373FE551AB579775BD430C1ED6795AA953CD62D2F0F
2108OperaGXSetup.exeC:\Users\admin\AppData\Local\Temp\7zSC38267D0\setup.exeexecutable
MD5:F29A1A7634CA2EFA51A844292CC7D420
SHA256:9ADDA6B20811870E58C66639F379210A4117809F632EC71D74CCCDF2BE28C516
3768setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2505251018469683768.dllexecutable
MD5:D623D87C2ED58AD04E84C7C3EF11E808
SHA256:926EE14BE53778F898C6E373FE551AB579775BD430C1ED6795AA953CD62D2F0F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
40
DNS requests
12
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
185.26.182.93:443
https://features.opera-api2.com/api/v2/features?country=LV&language=en&uuid=cacd942d-a781-46f3-8bab-49f0397d31d9&product=gx&channel=Stable&version=119.0.5497.43
unknown
binary
1.35 Kb
malicious
POST
200
185.26.182.124:443
https://autoupdate.opera.com/v5/netinstaller/gx/Stable/windows/x64
unknown
binary
1.71 Kb
whitelisted
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
unknown
text
36 b
whitelisted
GET
200
185.26.182.124:443
https://autoupdate.opera.com/me/
unknown
binary
46 b
whitelisted
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
unknown
text
36 b
whitelisted
6488
RUXIMICS.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
unknown
text
36 b
whitelisted
2104
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6488
RUXIMICS.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6488
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6488
RUXIMICS.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
6488
RUXIMICS.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
904
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
autoupdate.opera.com
  • 185.26.182.124
  • 185.26.182.123
whitelisted
features.opera-api2.com
  • 82.145.216.16
  • 82.145.216.15
  • 82.145.216.58
  • 82.145.216.59
malicious
api.config.opr.gg
  • 104.18.25.17
  • 104.18.24.17
unknown
download.opera.com
  • 82.145.216.48
  • 82.145.216.49
  • 82.145.216.24
  • 82.145.216.23
whitelisted
download5.operacdn.com
  • 104.18.10.89
  • 104.18.11.89
malicious

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO Outgoing Basic Auth Base64 HTTP Password detected unencrypted
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup.exe