File name:

OperaSetup.exe

Full analysis: https://app.any.run/tasks/c869bdc6-ebcb-44ff-88f9-602451182e86
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 24, 2025, 16:40:18
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

4F401227F0F9EFD845030A62E7A01CCA

SHA1:

794DCAC65B4741E4C148361639A289BD0A429450

SHA256:

71A915A18B8E5A5B7EE6D07A03805D2EAB9A4449B45C53B195F6B5DC0F1FE078

SSDEEP:

98304:IwyWSeMgt6Uo960SJkvHF7W13iMHxI82n6mKYptzRbk8G0LZAYoz9ZMnuMB2FDRh:Ir6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • setup.exe (PID: 7744)
      • setup.exe (PID: 7768)
      • setup.exe (PID: 8136)
      • setup.exe (PID: 8068)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 7744)
      • setup.exe (PID: 7768)
      • setup.exe (PID: 8136)
      • setup.exe (PID: 8068)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaSetup.exe (PID: 7660)
      • setup.exe (PID: 7744)
      • setup.exe (PID: 7768)
      • setup.exe (PID: 7864)
      • setup.exe (PID: 8068)
      • setup.exe (PID: 8136)

    • Application launched itself

      • setup.exe (PID: 7744)
      • setup.exe (PID: 8068)

    • Starts itself from another location

      • setup.exe (PID: 7744)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 7744)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 7744)
      • setup.exe (PID: 8068)
      • setup.exe (PID: 7768)
      • setup.exe (PID: 8136)

  • INFO

    • Create files in a temporary directory

      • setup.exe (PID: 7744)
      • OperaSetup.exe (PID: 7660)
      • setup.exe (PID: 7768)
      • setup.exe (PID: 7864)
      • setup.exe (PID: 8068)
      • setup.exe (PID: 8136)

    • Checks supported languages

      • OperaSetup.exe (PID: 7660)
      • setup.exe (PID: 7768)
      • setup.exe (PID: 7744)
      • setup.exe (PID: 7864)
      • setup.exe (PID: 8068)
      • setup.exe (PID: 8136)

    • The sample compiled with english language support

      • OperaSetup.exe (PID: 7660)
      • setup.exe (PID: 7768)
      • setup.exe (PID: 7744)
      • setup.exe (PID: 7864)

    • Reads the computer name

      • setup.exe (PID: 7744)
      • setup.exe (PID: 8068)

    • Creates files or folders in the user directory

      • setup.exe (PID: 7768)
      • setup.exe (PID: 7744)

    • Reads the software policy settings

      • setup.exe (PID: 7744)
      • slui.exe (PID: 1188)

    • Checks proxy server information

      • setup.exe (PID: 7744)
      • slui.exe (PID: 1188)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 7744)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:12 14:58:14+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 238080
InitializedDataSize: 113152
UninitializedDataSize: -
EntryPoint: 0x213c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 117.0.5408.142
ProductVersionNumber: 117.0.5408.142
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 117.0.5408.142
ProductVersion: 117.0.5408.142
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2025
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
7
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start operasetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
1188C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7660"C:\Users\admin\Desktop\OperaSetup.exe" C:\Users\admin\Desktop\OperaSetup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Version:
117.0.5408.142
Modules
Images
c:\users\admin\desktop\operasetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7744C:\Users\admin\AppData\Local\Temp\7zSCED00590\setup.exe --server-tracking-blob=MjY3MzdjZTIzZDRiMmU4ODU4ZDBjZDIwMDEwMGE5NjUzZWIxMjAyZmU3YWJmMGFhMjUwYTk5MmIyNmFiYmVhNjp7ImNvdW50cnkiOiJOTCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9ZHVja2R1Y2tnbyZ1dG1fbWVkaXVtPW9zZSZ1dG1fY2FtcGFpZ249JTI4bm9uZSUyOSZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGZHVja2R1Y2tnby5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZkb3dubG9hZCZkbF90b2tlbj01MDc1NDQxNiIsInRpbWVzdGFtcCI6IjE3NDI4MzQyODcuNTY2OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNi4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNi4wIiwidXRtIjp7ImNhbXBhaWduIjoiKG5vbmUpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZG93bmxvYWQiLCJtZWRpdW0iOiJvc2UiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiZHVja2R1Y2tnbyJ9LCJ1dWlkIjoiOWYzMmUyZTQtZThjMy00NTRlLWIxNmYtNjQ4ZjhmZGY3MWE0In0=C:\Users\admin\AppData\Local\Temp\7zSCED00590\setup.exe
OperaSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
117.0.5408.142
Modules
Images
c:\users\admin\appdata\local\temp\7zsced00590\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
7768C:\Users\admin\AppData\Local\Temp\7zSCED00590\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=117.0.5408.142 --initial-client-data=0x338,0x33c,0x340,0x2fc,0x344,0x7470c1e4,0x7470c1f0,0x7470c1fcC:\Users\admin\AppData\Local\Temp\7zSCED00590\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
117.0.5408.142
Modules
Images
c:\users\admin\appdata\local\temp\7zsced00590\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
7864"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
8068"C:\Users\admin\AppData\Local\Temp\7zSCED00590\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=7744 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20250324164038" --session-guid=2d95a43f-b679-4970-87bc-19ae7a825024 --server-tracking-blob="YTQ2Y2ZiZGM5ZmUwNmVkOWNmMTYxNGMwZWY0MDQ0OGUxYzc3ZWQwZDZiNDc5YmUwYWE4NWVmOGYzYjA1OWVkOTp7ImNvdW50cnkiOiJOTCIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhIn0sInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9ZHVja2R1Y2tnbyZ1dG1fbWVkaXVtPW9zZSZ1dG1fY2FtcGFpZ249JTI4bm9uZSUyOSZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGZHVja2R1Y2tnby5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZkb3dubG9hZCZkbF90b2tlbj01MDc1NDQxNiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTc0MjgzNDI4Ny41NjY4IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM2LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiIobm9uZSkiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS9kb3dubG9hZCIsIm1lZGl1bSI6Im9zZSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJkdWNrZHVja2dvIn0sInV1aWQiOiI5ZjMyZTJlNC1lOGMzLTQ1NGUtYjE2Zi02NDhmOGZkZjcxYTQifQ== " --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C0A000000000000C:\Users\admin\AppData\Local\Temp\7zSCED00590\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
117.0.5408.142
Modules
Images
c:\users\admin\appdata\local\temp\7zsced00590\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
8136C:\Users\admin\AppData\Local\Temp\7zSCED00590\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=117.0.5408.142 --initial-client-data=0x344,0x348,0x34c,0x320,0x350,0x71ecc1e4,0x71ecc1f0,0x71ecc1fcC:\Users\admin\AppData\Local\Temp\7zSCED00590\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Version:
117.0.5408.142
Modules
Images
c:\users\admin\appdata\local\temp\7zsced00590\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
Total events
6 954
Read events
6 950
Write events
4
Delete events
0

Modification events

(PID) Process:(7744) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7744) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7744) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(8068) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera\
Executable files
7
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
7744setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.datbinary
MD5:12E6EE5263FD6CEDB15FD5B2880C61B1
SHA256:8A96EE97ED1044C96A4FB58089489458871ACC4F547129A3675B53BDAE7D9882
7768setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2503241640374257768.dllexecutable
MD5:0092A047B432FBB77E9A4CEDC2572007
SHA256:B3C90519D9D2872033B939D7A91CFF441D97438EDBD20471885655443E54A8FD
7744setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2503241640370057744.dllexecutable
MD5:0092A047B432FBB77E9A4CEDC2572007
SHA256:B3C90519D9D2872033B939D7A91CFF441D97438EDBD20471885655443E54A8FD
7744setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\features[1].jsonbinary
MD5:11A67F8A308E716060D523B4C308CD87
SHA256:A5705D981D5D1E94DDFC4C2697B0B13834AE71F3864167872C72EB55DF612AC9
7864setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2503241640379407864.dllexecutable
MD5:0092A047B432FBB77E9A4CEDC2572007
SHA256:B3C90519D9D2872033B939D7A91CFF441D97438EDBD20471885655443E54A8FD
7660OperaSetup.exeC:\Users\admin\AppData\Local\Temp\7zSCED00590\setup.exeexecutable
MD5:7A1327CA46565A98134058DB7015EA9A
SHA256:55D19798746C252BDFA0C3E7187E6FDAF4A14AFEB9356275424B50E273C38E5A
8136setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2503241640513348136.dllexecutable
MD5:0092A047B432FBB77E9A4CEDC2572007
SHA256:B3C90519D9D2872033B939D7A91CFF441D97438EDBD20471885655443E54A8FD
7744setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exeexecutable
MD5:7A1327CA46565A98134058DB7015EA9A
SHA256:55D19798746C252BDFA0C3E7187E6FDAF4A14AFEB9356275424B50E273C38E5A
8068setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2503241640499878068.dllexecutable
MD5:0092A047B432FBB77E9A4CEDC2572007
SHA256:B3C90519D9D2872033B939D7A91CFF441D97438EDBD20471885655443E54A8FD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
59
TCP/UDP connections
75
DNS requests
21
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
404
104.18.25.17:443
https://api.config.opr.gg/v0/config?utm_campaign=(none)&utm_medium=ose&utm_source=duckduckgo&product=&channel=Stable&client=netinstaller&edition=
unknown
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.175:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
302
3.121.5.74:443
https://download.opera.com/download/get/?id=70582&autoupdate=1&ni=1&stream=stable&utm_campaign=(none)&utm_lastpage=opera.com/download&utm_medium=ose&utm_site=opera_com&utm_source=duckduckgo&niuid=9f32e2e4-e8c3-454e-b16f-648f8fdf71a4
unknown
GET
23.53.42.195:443
https://download3.operacdn.com/ftp/pub/opera/desktop/117.0.5408.142/win/Opera_117.0.5408.142_Autoupdate_x64.exe
unknown
GET
304
4.175.87.197:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
6488
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
POST
201
82.145.217.121:443
https://desktop-netinstaller-sub.osp.opera.software/v1/binary
unknown
text
36 b
whitelisted
GET
200
185.26.182.111:443
https://features.opera-api2.com/api/v2/features?country=UZ&language=en&uuid=bf25a390-5f49-4832-bfa0-a171d7abc69c&product=&channel=Stable&version=117.0.5408.142
unknown
binary
1.69 Kb
malicious
POST
400
40.126.32.68:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
GET
200
185.26.182.124:443
https://autoupdate.opera.com/me/
unknown
binary
46 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.175:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6544
svchost.exe
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7744
setup.exe
185.26.182.123:443
autoupdate.opera.com
Opera Software AS
whitelisted
7744
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
login.live.com
  • 20.190.159.130
  • 20.190.159.75
  • 20.190.159.64
  • 40.126.31.129
  • 40.126.31.131
  • 40.126.31.73
  • 40.126.31.2
  • 40.126.31.67
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 23.48.23.175
  • 23.48.23.189
  • 23.48.23.179
  • 23.48.23.186
  • 23.48.23.151
  • 23.48.23.152
  • 23.48.23.177
  • 23.48.23.191
  • 23.48.23.149
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
autoupdate.opera.com
  • 185.26.182.123
  • 185.26.182.124
whitelisted
api.config.opr.gg
  • 104.18.24.17
  • 104.18.25.17
unknown
features.opera-api2.com
  • 185.26.182.106
  • 185.26.182.93
  • 185.26.182.112
  • 185.26.182.118
  • 185.26.182.94
  • 185.26.182.111
malicious
download.opera.com
  • 185.26.182.117
  • 185.26.182.122
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO Outgoing Basic Auth Base64 HTTP Password detected unencrypted
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaSetup.exe