File name:

OperaGXSetup.exe

Full analysis: https://app.any.run/tasks/f05d3f25-ec5a-4722-b1cc-19e40cc8f706
Verdict: Malicious activity
Analysis date: September 04, 2024, 16:59:01
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0442B0B1F1C66652B51811B11F893BA0

SHA1:

9F71AF6425B4E31059C52BFF56F5BBCB4B3D7957

SHA256:

72900E3E5A2105B1C8420C343D6FF4348805969AF8802AEE60E40B29D23676BA

SSDEEP:

98304:0wyWSeMgtb75V00fW1PY2DX8NM2gBwOX/4luOJU/PjdmacVV7KQrrzQgdxr+hAQF:0AWXl0piN7jJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaGXSetup.exe (PID: 1288)
      • setup.exe (PID: 6836)
      • setup.exe (PID: 7040)
      • setup.exe (PID: 3784)
      • setup.exe (PID: 6872)
      • setup.exe (PID: 7152)

    • Application launched itself

      • setup.exe (PID: 7040)
      • setup.exe (PID: 6872)

    • Starts itself from another location

      • setup.exe (PID: 7040)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 7040)

    • Checks Windows Trust Settings

      • setup.exe (PID: 7040)

  • INFO

    • Checks supported languages

      • OperaGXSetup.exe (PID: 1288)
      • setup.exe (PID: 6836)
      • setup.exe (PID: 7040)
      • setup.exe (PID: 3784)
      • setup.exe (PID: 7152)
      • setup.exe (PID: 6872)

    • Create files in a temporary directory

      • OperaGXSetup.exe (PID: 1288)
      • setup.exe (PID: 7040)
      • setup.exe (PID: 6836)
      • setup.exe (PID: 3784)
      • setup.exe (PID: 6872)
      • setup.exe (PID: 7152)

    • Reads the computer name

      • setup.exe (PID: 7040)
      • setup.exe (PID: 6872)

    • Creates files or folders in the user directory

      • setup.exe (PID: 7040)
      • setup.exe (PID: 6836)

    • Checks proxy server information

      • setup.exe (PID: 7040)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 7040)

    • Reads the software policy settings

      • setup.exe (PID: 7040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 112.0.5197.104
ProductVersionNumber: 112.0.5197.104
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 112.0.5197.104
ProductVersion: 112.0.5197.104
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2024
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
126
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start operagxsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
1288"C:\Users\admin\Desktop\OperaGXSetup.exe" C:\Users\admin\Desktop\OperaGXSetup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Version:
112.0.5197.104
Modules
Images
c:\users\admin\desktop\operagxsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3784"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6836C:\Users\admin\AppData\Local\Temp\7zS805A13F2\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.104 --initial-client-data=0x338,0x33c,0x340,0x300,0x344,0x74421b54,0x74421b60,0x74421b6cC:\Users\admin\AppData\Local\Temp\7zS805A13F2\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
112.0.5197.104
Modules
Images
c:\users\admin\appdata\local\temp\7zs805a13f2\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6872"C:\Users\admin\AppData\Local\Temp\7zS805A13F2\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7040 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240904165912" --session-guid=fec2c22e-dccc-4b45-8830-8f82c2eb150e --server-tracking-blob="ZmYzZWI3MGQ3MzRjYTU4NzYyM2EzYTQ4MDYwOTg0YTYzN2UzMTJiMmFiZmNhYTgzMWYxNjY2NDY3MzIwZWNlZDp7ImNvdW50cnkiOiJERSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1Mb290bGFicyZ1dG1fbWVkaXVtPXBhJnV0bV9jYW1wYWlnbj1Mb290bGFic19ERSZ1dG1fY29udGVudD0xMDE1ODcwJnV0bV9pZD03MTAyNDE2NTE4MTE5NTE0NjUmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRmxvb3QtbGluay5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1sb290LWxpbmsuY29tJTJGJmRsX3Rva2VuPTk2NzA0ODM0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzI0OTA5Mzg0LjI5NjQiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjkuMCIsInV0bSI6eyJjYW1wYWlnbiI6Ikxvb3RsYWJzX0RFIiwiY29udGVudCI6IjEwMTU4NzAiLCJpZCI6IjcxMDI0MTY1MTgxMTk1MTQ2NSIsImxhc3RwYWdlIjoibG9vdC1saW5rLmNvbS8iLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJMb290bGFicyJ9LCJ1dWlkIjoiNTllZTBkZWItZTBmNC00YjZiLTg4YmEtM2EzMDBmODQ0NDJkIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=700A000000000000C:\Users\admin\AppData\Local\Temp\7zS805A13F2\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
112.0.5197.104
Modules
Images
c:\users\admin\appdata\local\temp\7zs805a13f2\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
7040C:\Users\admin\AppData\Local\Temp\7zS805A13F2\setup.exe --server-tracking-blob=N2I5YjQ1MmU0MWRhMzM2YmE1OWE3N2QzODNlODg3ZTJkMzdkNzBiOWQ4MDA5NjliNTcxOTNiOGJhZDliNWRiMDp7ImNvdW50cnkiOiJERSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1Mb290bGFicyZ1dG1fbWVkaXVtPXBhJnV0bV9jYW1wYWlnbj1Mb290bGFic19ERSZ1dG1fY29udGVudD0xMDE1ODcwJnV0bV9pZD03MTAyNDE2NTE4MTE5NTE0NjUmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRmxvb3QtbGluay5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1sb290LWxpbmsuY29tJTJGJmRsX3Rva2VuPTk2NzA0ODM0IiwidGltZXN0YW1wIjoiMTcyNDkwOTM4NC4yOTY0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTI5LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTI5LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJMb290bGFic19ERSIsImNvbnRlbnQiOiIxMDE1ODcwIiwiaWQiOiI3MTAyNDE2NTE4MTE5NTE0NjUiLCJsYXN0cGFnZSI6Imxvb3QtbGluay5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiTG9vdGxhYnMifSwidXVpZCI6IjU5ZWUwZGViLWUwZjQtNGI2Yi04OGJhLTNhMzAwZjg0NDQyZCJ9C:\Users\admin\AppData\Local\Temp\7zS805A13F2\setup.exe
OperaGXSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
112.0.5197.104
Modules
Images
c:\users\admin\appdata\local\temp\7zs805a13f2\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
7152C:\Users\admin\AppData\Local\Temp\7zS805A13F2\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.104 --initial-client-data=0x348,0x34c,0x350,0x314,0x354,0x71d11b54,0x71d11b60,0x71d11b6cC:\Users\admin\AppData\Local\Temp\7zS805A13F2\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
112.0.5197.104
Modules
Images
c:\users\admin\appdata\local\temp\7zs805a13f2\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
Total events
3 571
Read events
3 567
Write events
4
Delete events
0

Modification events

(PID) Process:(7040) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7040) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7040) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6872) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
Executable files
7
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
7040setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeexecutable
MD5:B4DA1657D31832C9965D54C5037A3402
SHA256:563FCD4CA2678DDB6C1366C92AA4DAA410D7EBA73D68D9336FB967F732770C8D
7040setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2409041659114947040.dllexecutable
MD5:E730BD98EB4754F9C0ABD490461FBF1D
SHA256:0129372834853DB0B565C20CCEB3781A021FD7893D44D045F2AE671477A6A92A
1288OperaGXSetup.exeC:\Users\admin\AppData\Local\Temp\7zS805A13F2\setup.exeexecutable
MD5:B4DA1657D31832C9965D54C5037A3402
SHA256:563FCD4CA2678DDB6C1366C92AA4DAA410D7EBA73D68D9336FB967F732770C8D
7152setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2409041659211357152.dllexecutable
MD5:E730BD98EB4754F9C0ABD490461FBF1D
SHA256:0129372834853DB0B565C20CCEB3781A021FD7893D44D045F2AE671477A6A92A
7040setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\features[1].jsonbinary
MD5:A006C7A69F5396C594D23EFEA8A6F488
SHA256:D5C4E1D52C6E19D0DEC0E2799C38C6D9404601A3AFB90B01AE7987EB824262F8
7040setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.datbinary
MD5:C5AF5E73531A73FD86933C87193EF35C
SHA256:FCBAA7720390A5FCCE1AAF202BB6C784FC377EBCCF14025BD763BDB8218EFFF4
6836setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2409041659118696836.dllexecutable
MD5:E730BD98EB4754F9C0ABD490461FBF1D
SHA256:0129372834853DB0B565C20CCEB3781A021FD7893D44D045F2AE671477A6A92A
3784setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2409041659123063784.dllexecutable
MD5:E730BD98EB4754F9C0ABD490461FBF1D
SHA256:0129372834853DB0B565C20CCEB3781A021FD7893D44D045F2AE671477A6A92A
6872setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2409041659208066872.dllexecutable
MD5:E730BD98EB4754F9C0ABD490461FBF1D
SHA256:0129372834853DB0B565C20CCEB3781A021FD7893D44D045F2AE671477A6A92A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
35
DNS requests
9
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2248
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6612
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2120
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
404
104.18.24.17:443
https://api.config.opr.gg/v0/config?utm_campaign=Lootlabs_DE&utm_medium=pa&utm_source=Lootlabs&product=gx&channel=Stable&client=netinstaller&edition=
unknown
GET
302
3.125.90.140:443
https://download.opera.com/download/get/?id=67523&autoupdate=1&ni=1&stream=stable&utm_campaign=Lootlabs_DE&utm_content=1015870&utm_id=710241651811951465&utm_lastpage=loot-link.com/&utm_medium=pa&utm_site=opera_com&utm_source=Lootlabs&niuid=59ee0deb-e0f4-4b6b-88ba-3a300f84442d
unknown
GET
104.18.10.89:443
https://download5.operacdn.com/ftp/pub/opera_gx/112.0.5197.115/win/Opera_GX_112.0.5197.115_Autoupdate_x64.exe
unknown
GET
302
3.125.90.140:443
https://download.opera.com/download/get/?id=67523&autoupdate=1&ni=1&stream=stable&utm_campaign=Lootlabs_DE&utm_content=1015870&utm_id=710241651811951465&utm_lastpage=loot-link.com/&utm_medium=pa&utm_site=opera_com&utm_source=Lootlabs&niuid=59ee0deb-e0f4-4b6b-88ba-3a300f84442d
unknown
GET
104.18.11.89:443
https://download5.operacdn.com/ftp/pub/opera_gx/112.0.5197.115/win/Opera_GX_112.0.5197.115_Autoupdate_x64.exe
unknown
GET
104.18.10.89:443
https://download5.operacdn.com/ftp/pub/opera_gx/112.0.5197.115/win/Opera_GX_112.0.5197.115_Autoupdate_x64.exe
unknown
GET
302
3.125.90.140:443
https://download.opera.com/download/get/?id=67523&autoupdate=1&ni=1&stream=stable&utm_campaign=Lootlabs_DE&utm_content=1015870&utm_id=710241651811951465&utm_lastpage=loot-link.com/&utm_medium=pa&utm_site=opera_com&utm_source=Lootlabs&niuid=59ee0deb-e0f4-4b6b-88ba-3a300f84442d
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6612
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:138
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2248
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2248
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6612
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7040
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted
7040
setup.exe
185.26.182.124:443
autoupdate.geo.opera.com
Opera Software AS
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.78
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
autoupdate.geo.opera.com
  • 185.26.182.124
  • 185.26.182.123
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
api.config.opr.gg
  • 104.18.25.17
  • 104.18.24.17
unknown
features.opera-api2.com
  • 82.145.216.16
  • 82.145.216.15
malicious
download.opera.com
  • 82.145.216.24
  • 82.145.216.23
whitelisted
download5.operacdn.com
  • 104.18.10.89
  • 104.18.11.89
malicious

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup.exe