File name:

OperaGXSetup.exe

Full analysis: https://app.any.run/tasks/1d7d2614-773f-4e86-a79c-80424868c096
Verdict: Malicious activity
Analysis date: April 23, 2025, 03:22:57
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

FAE5A9F68979F05BE51FC09C7189BAE7

SHA1:

6FB50FBDB369D543B725DC6EA5D8F25ADB279769

SHA256:

9C9168C6697BA0BB07DF5E33E0C3C0C7BEF2399E15DF65FE42AC71941050B71B

SSDEEP:

98304:twyWSeMgtziERl2kuI0i/s5cunLn2Pl2WzqZuaPK/LxGXekOZ8MvwjeS4emhPAZe:tb9JoKq7BP1F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • setup.exe (PID: 6712)
      • setup.exe (PID: 5376)

    • Executable content was dropped or overwritten

      • OperaGXSetup.exe (PID: 2320)
      • setup.exe (PID: 6040)
      • setup.exe (PID: 6712)
      • setup.exe (PID: 4008)
      • setup.exe (PID: 5376)
      • setup.exe (PID: 6944)

    • Starts itself from another location

      • setup.exe (PID: 6712)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 6712)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 6712)
      • setup.exe (PID: 6040)
      • setup.exe (PID: 5376)
      • setup.exe (PID: 6944)

  • INFO

    • Create files in a temporary directory

      • OperaGXSetup.exe (PID: 2320)
      • setup.exe (PID: 6040)
      • setup.exe (PID: 4008)
      • setup.exe (PID: 6712)
      • setup.exe (PID: 5376)
      • setup.exe (PID: 6944)

    • Checks supported languages

      • setup.exe (PID: 6040)
      • setup.exe (PID: 6712)
      • OperaGXSetup.exe (PID: 2320)
      • setup.exe (PID: 4008)
      • setup.exe (PID: 5376)
      • setup.exe (PID: 6944)

    • Reads the computer name

      • setup.exe (PID: 6712)
      • setup.exe (PID: 5376)

    • The sample compiled with english language support

      • OperaGXSetup.exe (PID: 2320)
      • setup.exe (PID: 6040)
      • setup.exe (PID: 6712)
      • setup.exe (PID: 4008)
      • setup.exe (PID: 5376)
      • setup.exe (PID: 6944)

    • Creates files or folders in the user directory

      • setup.exe (PID: 6040)
      • setup.exe (PID: 6712)

    • Checks proxy server information

      • setup.exe (PID: 6712)
      • slui.exe (PID: 5400)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 6712)

    • Reads the software policy settings

      • setup.exe (PID: 6712)
      • slui.exe (PID: 5400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:59:19+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 92672
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 118.0.5461.50
ProductVersionNumber: 118.0.5461.50
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 118.0.5461.50
ProductVersion: 118.0.5461.50
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2025
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
127
Monitored processes
8
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start operagxsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe slui.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2320"C:\Users\admin\Desktop\OperaGXSetup.exe" C:\Users\admin\Desktop\OperaGXSetup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Version:
118.0.5461.50
Modules
Images
c:\users\admin\desktop\operagxsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4008"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5376"C:\Users\admin\AppData\Local\Temp\7zS019838A0\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6712 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250423032308" --session-guid=6f2e6970-00ab-49d1-a0af-128c288314cf --server-tracking-blob=ODg4MzliMDM5YzcyY2Q2YjQ0MWQ0ZDVlNjIyNjU1MjQ0MmI4M2M0MzU3NmE4Y2NlNTJkZGY1OGFkMGYxY2IxOTp7ImNvdW50cnkiOiJERSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT10cmsuaml1d2VydC5vbmxpbmUmdXRtX21lZGl1bT1yb2MmdXRtX2NhbXBhaWduPSUyOG5vbmUlMjkmdXRtX2NvbnRlbnQ9JTJGJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ0cmsuaml1d2VydC5vbmxpbmUlMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49Njk5MDA5OTIiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3NDUzNzg1MjQuOTA0NSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjIuMC4wLjAgU2FmYXJpLzUzNy4zNiBFZGcvMTIyLjAuMC4wIiwidXRtIjp7ImNhbXBhaWduIjoiKG5vbmUpIiwiY29udGVudCI6Ii8iLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJyb2MiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoidHJrLmppdXdlcnQub25saW5lIn0sInV1aWQiOiI4MDBiZDdhMC02OTA0LTQyOGItODhjOC0wYTk0ZTAxNjIwZmEifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=100A000000000000C:\Users\admin\AppData\Local\Temp\7zS019838A0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
118.0.5461.50
Modules
Images
c:\users\admin\appdata\local\temp\7zs019838a0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5400C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6040C:\Users\admin\AppData\Local\Temp\7zS019838A0\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=118.0.5461.50 --initial-client-data=0x2a4,0x2a8,0x2ac,0x27c,0x2b0,0x7ffc898b1b08,0x7ffc898b1b14,0x7ffc898b1b20C:\Users\admin\AppData\Local\Temp\7zS019838A0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
118.0.5461.50
Modules
Images
c:\users\admin\appdata\local\temp\7zs019838a0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6712C:\Users\admin\AppData\Local\Temp\7zS019838A0\setup.exe --server-tracking-blob=MzBlNTM4MmQ5ZjIwMDQ5NTgxOWQwNzhiZTNmYWVlMzU0MTFmYmQxNWI0OGRhNjg3ODEzYjI4YWJlNjZlODQyZjp7ImNvdW50cnkiOiJERSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT10cmsuaml1d2VydC5vbmxpbmUmdXRtX21lZGl1bT1yb2MmdXRtX2NhbXBhaWduPSUyOG5vbmUlMjkmdXRtX2NvbnRlbnQ9JTJGJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ0cmsuaml1d2VydC5vbmxpbmUlMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49Njk5MDA5OTIiLCJ0aW1lc3RhbXAiOiIxNzQ1Mzc4NTI0LjkwNDUiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIyLjAuMC4wIFNhZmFyaS81MzcuMzYgRWRnLzEyMi4wLjAuMCIsInV0bSI6eyJjYW1wYWlnbiI6Iihub25lKSIsImNvbnRlbnQiOiIvIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicm9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6InRyay5qaXV3ZXJ0Lm9ubGluZSJ9LCJ1dWlkIjoiODAwYmQ3YTAtNjkwNC00MjhiLTg4YzgtMGE5NGUwMTYyMGZhIn0=C:\Users\admin\AppData\Local\Temp\7zS019838A0\setup.exe
OperaGXSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
118.0.5461.50
Modules
Images
c:\users\admin\appdata\local\temp\7zs019838a0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6944C:\Users\admin\AppData\Local\Temp\7zS019838A0\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=118.0.5461.50 --initial-client-data=0x2a0,0x2b0,0x2b4,0x27c,0x2b8,0x7ffc876a1b08,0x7ffc876a1b14,0x7ffc876a1b20C:\Users\admin\AppData\Local\Temp\7zS019838A0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Version:
118.0.5461.50
Modules
Images
c:\users\admin\appdata\local\temp\7zs019838a0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
7 002
Read events
6 998
Write events
4
Delete events
0

Modification events

(PID) Process:(6712) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6712) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6712) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5376) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
Executable files
7
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
6040setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504230323083236040.dllexecutable
MD5:E13B6E22A730749CE873AB0E0FB90102
SHA256:586E8FDB468AA5487C260B67471CD5F0021574D274D70A6002C7D701AC58A899
2320OperaGXSetup.exeC:\Users\admin\AppData\Local\Temp\7zS019838A0\setup.exeexecutable
MD5:DAD57F965E6DD0B023022676AD53EBFC
SHA256:455575443446B5A97071EB6D0C80AE46D6E35231F3D46E6B815A8AFEE65E331B
6944setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504230323182926944.dllexecutable
MD5:E13B6E22A730749CE873AB0E0FB90102
SHA256:586E8FDB468AA5487C260B67471CD5F0021574D274D70A6002C7D701AC58A899
6712setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\features[1].jsonbinary
MD5:87C938A79ADD782AEF69F4020E0771DE
SHA256:E211827FD08F17EFE3FBAD22879B35346F4B5DFB7D126E834A37E81C24BF608D
6712setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504230323080276712.dllexecutable
MD5:E13B6E22A730749CE873AB0E0FB90102
SHA256:586E8FDB468AA5487C260B67471CD5F0021574D274D70A6002C7D701AC58A899
6712setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.datbinary
MD5:116AC5F7CF6E316CE8B0B076BD2830F3
SHA256:49952BB046ED3B5B65D8DBB901DE209E1178ECE1F226B55ED077EAA3EE101514
6712setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeexecutable
MD5:DAD57F965E6DD0B023022676AD53EBFC
SHA256:455575443446B5A97071EB6D0C80AE46D6E35231F3D46E6B815A8AFEE65E331B
4008setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504230323086994008.dllexecutable
MD5:E13B6E22A730749CE873AB0E0FB90102
SHA256:586E8FDB468AA5487C260B67471CD5F0021574D274D70A6002C7D701AC58A899
5376setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2504230323180275376.dllexecutable
MD5:E13B6E22A730749CE873AB0E0FB90102
SHA256:586E8FDB468AA5487C260B67471CD5F0021574D274D70A6002C7D701AC58A899
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
44
TCP/UDP connections
61
DNS requests
20
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
404
104.18.25.17:443
https://api.config.opr.gg/v0/config?utm_campaign=(none)&utm_medium=roc&utm_source=trk.jiuwert.online&product=gx&channel=Stable&client=netinstaller&edition=
unknown
unknown
GET
302
3.65.213.250:443
https://download.opera.com/download/get/?id=71145&autoupdate=1&ni=1&stream=stable&utm_campaign=(none)&utm_content=/&utm_lastpage=opera.com/&utm_medium=roc&utm_site=opera_com&utm_source=trk.jiuwert.online&niuid=800bd7a0-6904-428b-88c8-0a94e01620fa
unknown
unknown
GET
104.18.10.89:443
https://download5.operacdn.com/ftp/pub/opera_gx/118.0.5461.50/win/Opera_GX_118.0.5461.50_Autoupdate_x64.exe
unknown
unknown
GET
304
20.12.23.50:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
unknown
GET
200
20.12.23.50:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
unknown
2136
SIHClient.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
2136
SIHClient.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2136
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
2136
SIHClient.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
2136
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6712
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6712
setup.exe
82.145.216.46:443
autoupdate.opera.com
Opera Software AS
NO
whitelisted
6712
setup.exe
104.18.24.17:443
api.config.opr.gg
CLOUDFLARENET
unknown
6712
setup.exe
82.145.216.49:443
download.opera.com
Opera Software AS
NO
whitelisted
6712
setup.exe
104.18.11.89:443
download5.operacdn.com
CLOUDFLARENET
malicious
6712
setup.exe
185.26.182.111:443
features.opera-api2.com
Opera Software AS
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.78
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
autoupdate.opera.com
  • 82.145.216.46
  • 82.145.216.47
  • 82.145.216.20
  • 82.145.216.19
whitelisted
api.config.opr.gg
  • 104.18.24.17
  • 104.18.25.17
unknown
download.opera.com
  • 82.145.216.49
  • 82.145.216.48
  • 82.145.216.24
  • 82.145.216.23
whitelisted
download5.operacdn.com
  • 104.18.11.89
  • 104.18.10.89
malicious
features.opera-api2.com
  • 185.26.182.111
  • 185.26.182.106
  • 185.26.182.112
  • 185.26.182.93
  • 185.26.182.94
  • 185.26.182.118
malicious
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO Outgoing Basic Auth Base64 HTTP Password detected unencrypted
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaGXSetup.exe