File name:

OperaSetup.exe

Full analysis: https://app.any.run/tasks/887b426b-7aa2-4d8a-a6de-8da290ef903f
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: April 25, 2025, 01:26:44
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

17E50355AD9E372A8FD9BC347D047E78

SHA1:

ECB220618DAAA3F17958CDB5AB59179B0345711B

SHA256:

901458DB0EAD2A2C791760F5A2B4C8761537741FE07CC50E8C84955C1226337A

SSDEEP:

98304:VwyWSeMgt/5FKiIXWPuFaVzFXSaFujXZwUwN9Bw2XNgn8NAg0uzwcdt3rZ5IuUIJ:VJju

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • setup.exe (PID: 2616)
      • setup.exe (PID: 4756)
      • setup.exe (PID: 864)
      • setup.exe (PID: 4120)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 2616)
      • setup.exe (PID: 4756)
      • setup.exe (PID: 864)
      • setup.exe (PID: 4120)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • setup.exe (PID: 2616)
      • setup.exe (PID: 4756)
      • OperaSetup.exe (PID: 5968)
      • setup.exe (PID: 6800)
      • setup.exe (PID: 4120)
      • setup.exe (PID: 864)

    • Application launched itself

      • setup.exe (PID: 2616)
      • setup.exe (PID: 4120)

    • Starts itself from another location

      • setup.exe (PID: 2616)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 2616)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 2616)
      • setup.exe (PID: 4120)
      • setup.exe (PID: 4756)
      • setup.exe (PID: 864)

  • INFO

    • Create files in a temporary directory

      • OperaSetup.exe (PID: 5968)
      • setup.exe (PID: 2616)
      • setup.exe (PID: 4756)
      • setup.exe (PID: 6800)
      • setup.exe (PID: 4120)
      • setup.exe (PID: 864)

    • Reads the computer name

      • setup.exe (PID: 2616)
      • setup.exe (PID: 4120)

    • Checks supported languages

      • OperaSetup.exe (PID: 5968)
      • setup.exe (PID: 4756)
      • setup.exe (PID: 2616)
      • setup.exe (PID: 6800)
      • setup.exe (PID: 4120)
      • setup.exe (PID: 864)

    • The sample compiled with english language support

      • OperaSetup.exe (PID: 5968)
      • setup.exe (PID: 4756)
      • setup.exe (PID: 2616)
      • setup.exe (PID: 6800)
      • setup.exe (PID: 4120)
      • setup.exe (PID: 864)

    • Creates files or folders in the user directory

      • setup.exe (PID: 2616)
      • setup.exe (PID: 4756)

    • Checks proxy server information

      • setup.exe (PID: 2616)
      • slui.exe (PID: 1672)

    • Reads the software policy settings

      • setup.exe (PID: 2616)
      • slui.exe (PID: 1672)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 2616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:58:14+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 113152
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 118.0.5461.60
ProductVersionNumber: 118.0.5461.60
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 118.0.5461.60
ProductVersion: 118.0.5461.60
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2025
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
130
Monitored processes
8
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start operasetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe slui.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
864C:\Users\admin\AppData\Local\Temp\7zS05771BA0\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=118.0.5461.60 --initial-client-data=0x298,0x29c,0x2ac,0x260,0x2b0,0x7ffc8808d908,0x7ffc8808d914,0x7ffc8808d920C:\Users\admin\AppData\Local\Temp\7zS05771BA0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\temp\7zs05771ba0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1672C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2616C:\Users\admin\AppData\Local\Temp\7zS05771BA0\setup.exe --server-tracking-blob=MTBmZDc1NWJmOTY3OTQwMDM4MTFlZTIzNTI2MWM4ZTg1OThlYTU2NGJiMTlhY2NhNmI1Mzg0OTUyZWVmNTcwNDp7ImNvdW50cnkiOiJVUyIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9JTI4ZGlyZWN0JTI5JnV0bV9tZWRpdW09ZG9jJnV0bV9jYW1wYWlnbj0lMjhkaXJlY3QlMjkmaHR0cF9yZWZlcnJlcj1taXNzaW5nJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGYnJvd3NlcnMmZGxfdG9rZW49MjgxNDI1MDYiLCJ0aW1lc3RhbXAiOiIxNzQ1NTQ0MzYwLjcwNzEiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYgRWRnLzEyMi4wLjAuMCIsInV0bSI6eyJjYW1wYWlnbiI6IihkaXJlY3QpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vYnJvd3NlcnMiLCJtZWRpdW0iOiJkb2MiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiKGRpcmVjdCkifSwidXVpZCI6ImI4ZGVkMGFhLTNhMTctNDhkZi05MDlmLTYyMDBjODU4MWU4OSJ9C:\Users\admin\AppData\Local\Temp\7zS05771BA0\setup.exe
OperaSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\temp\7zs05771ba0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4120"C:\Users\admin\AppData\Local\Temp\7zS05771BA0\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=0 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2616 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20250425012655" --session-guid=674aafbe-55af-4191-9e93-0cc8ad494d93 --server-tracking-blob="NDExNzZmZmJjMWY2ZTAzOGRkODc0OWZiZDA4OGIyZmNiMjA0NDQ3NjM1NDE4OTc1NTEyZGQ3MjEwNjlkMjA2Mjp7ImNvdW50cnkiOiJVUyIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhIn0sInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9JTI4ZGlyZWN0JTI5JnV0bV9tZWRpdW09ZG9jJnV0bV9jYW1wYWlnbj0lMjhkaXJlY3QlMjkmaHR0cF9yZWZlcnJlcj1taXNzaW5nJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGYnJvd3NlcnMmZGxfdG9rZW49MjgxNDI1MDYiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3NDU1NDQzNjAuNzA3MSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjIuMC4wLjAgU2FmYXJpLzUzNy4zNiBFZGcvMTIyLjAuMC4wIiwidXRtIjp7ImNhbXBhaWduIjoiKGRpcmVjdCkiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9icm93c2VycyIsIm1lZGl1bSI6ImRvYyIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiIoZGlyZWN0KSJ9LCJ1dWlkIjoiYjhkZWQwYWEtM2ExNy00OGRmLTkwOWYtNjIwMGM4NTgxZTg5In0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=040A000000000000C:\Users\admin\AppData\Local\Temp\7zS05771BA0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\temp\7zs05771ba0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4756C:\Users\admin\AppData\Local\Temp\7zS05771BA0\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=118.0.5461.60 --initial-client-data=0x2a0,0x2a4,0x2a8,0x26c,0x2ac,0x7ffc89a6d908,0x7ffc89a6d914,0x7ffc89a6d920C:\Users\admin\AppData\Local\Temp\7zS05771BA0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
118.0.5461.60
Modules
Images
c:\users\admin\appdata\local\temp\7zs05771ba0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5968"C:\Users\admin\Desktop\OperaSetup.exe" C:\Users\admin\Desktop\OperaSetup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Version:
118.0.5461.60
Modules
Images
c:\users\admin\desktop\operasetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6800"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
7 033
Read events
7 029
Write events
4
Delete events
0

Modification events

(PID) Process:(2616) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2616) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2616) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4120) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera\
Executable files
7
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2616setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exeexecutable
MD5:38803F9C3C21BF17C4B85BA10E1B3860
SHA256:960E21547F2D762E33D08AF8515E38213CCF2A053BA9C3FCBAE02999A96DE281
5968OperaSetup.exeC:\Users\admin\AppData\Local\Temp\7zS05771BA0\setup.exeexecutable
MD5:38803F9C3C21BF17C4B85BA10E1B3860
SHA256:960E21547F2D762E33D08AF8515E38213CCF2A053BA9C3FCBAE02999A96DE281
2616setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\features[1].jsonbinary
MD5:06CBAD09CA1E351266983AED895CFE45
SHA256:6B802A0F8629F568D38D1A2CD591F31630E9DF8475103C24667F82F36DFDF49A
4756setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504250126546114756.dllexecutable
MD5:55CEC3336E5ED25B591AE49FB363A94C
SHA256:CF3D6B4A391325A017E5E5677CC2B3F7025B492FE61CAD3DBBC1C17896D07006
4120setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504250127074874120.dllexecutable
MD5:55CEC3336E5ED25B591AE49FB363A94C
SHA256:CF3D6B4A391325A017E5E5677CC2B3F7025B492FE61CAD3DBBC1C17896D07006
2616setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504250126529092616.dllexecutable
MD5:55CEC3336E5ED25B591AE49FB363A94C
SHA256:CF3D6B4A391325A017E5E5677CC2B3F7025B492FE61CAD3DBBC1C17896D07006
864setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_250425012707705864.dllexecutable
MD5:55CEC3336E5ED25B591AE49FB363A94C
SHA256:CF3D6B4A391325A017E5E5677CC2B3F7025B492FE61CAD3DBBC1C17896D07006
6800setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504250126550336800.dllexecutable
MD5:55CEC3336E5ED25B591AE49FB363A94C
SHA256:CF3D6B4A391325A017E5E5677CC2B3F7025B492FE61CAD3DBBC1C17896D07006
2616setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.datbinary
MD5:2FA3FDD414B4187FD75436FF92F8012B
SHA256:49A8BD3330B2E8DED0A09F93809907F94E4096DF753CD00424D88422F09A8A27
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
54
TCP/UDP connections
71
DNS requests
23
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
404
104.18.24.17:443
https://api.config.opr.gg/v0/config?utm_campaign=(direct)&utm_medium=doc&utm_source=(direct)&product=&channel=Stable&client=netinstaller&edition=
unknown
GET
302
3.67.235.61:443
https://download.opera.com/download/get/?id=71205&autoupdate=1&ni=1&stream=stable&utm_campaign=(direct)&utm_lastpage=opera.com/browsers&utm_medium=doc&utm_site=opera_com&utm_source=(direct)&niuid=b8ded0aa-3a17-48df-909f-6200c8581e89
unknown
GET
104.18.10.89:443
https://download5.operacdn.com/ftp/pub/opera/desktop/118.0.5461.60/win/Opera_118.0.5461.60_Autoupdate_x64.exe
unknown
GET
304
20.109.210.53:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
GET
200
185.26.182.124:443
https://autoupdate.opera.com/me/
unknown
binary
46 b
whitelisted
POST
200
40.126.32.134:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
unknown
text
36 b
whitelisted
POST
200
185.26.182.123:443
https://autoupdate.opera.com/v5/netinstaller/opera/Stable/windows/x64
unknown
binary
1.17 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2104
svchost.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2104
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2616
setup.exe
82.145.216.19:443
autoupdate.opera.com
Opera Software AS
NO
whitelisted
2616
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted
6544
svchost.exe
20.190.159.23:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2616
setup.exe
104.18.24.17:443
api.config.opr.gg
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.110
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
  • 23.55.236.142
  • 23.55.236.139
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 2.23.181.156
whitelisted
autoupdate.opera.com
  • 82.145.216.19
  • 82.145.216.20
  • 82.145.216.47
  • 82.145.216.46
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
login.live.com
  • 20.190.159.23
  • 20.190.159.71
  • 40.126.31.3
  • 40.126.31.73
  • 20.190.159.129
  • 20.190.159.130
  • 40.126.31.130
  • 40.126.31.71
whitelisted
api.config.opr.gg
  • 104.18.24.17
  • 104.18.25.17
unknown
features.opera-api2.com
  • 185.26.182.94
  • 185.26.182.93
  • 185.26.182.111
  • 185.26.182.112
  • 185.26.182.118
  • 185.26.182.106
malicious

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO Outgoing Basic Auth Base64 HTTP Password detected unencrypted
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaSetup.exe