File name:

OperaAirSetup.exe

Full analysis: https://app.any.run/tasks/1e4ed97b-5bef-4894-8ae5-189adfba250e
Verdict: Malicious activity
Analysis date: February 04, 2025, 22:34:37
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

8F854613EF1BFC349C46852A4A689D23

SHA1:

E8F7284E3227032E6354531144D4FED0F68C6DF9

SHA256:

79D68116880CC8BC52C58BF9AE751E426457FD20F80304295EA350F3D7F8E06D

SSDEEP:

98304:Kr+oSUbZLQmAVRkKlzeCZ8nnCnePGf1CGmSvvBukPn+g+9i7qGq4fxUmKr7/9TU0:KX4v6x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaAirSetup.exe (PID: 5652)
      • setup.exe (PID: 2928)
      • setup.exe (PID: 3364)
      • setup.exe (PID: 5544)
      • setup.exe (PID: 3688)
      • setup.exe (PID: 1612)

    • Application launched itself

      • setup.exe (PID: 3364)
      • setup.exe (PID: 3688)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 3364)

    • Starts itself from another location

      • setup.exe (PID: 3364)

    • Checks Windows Trust Settings

      • setup.exe (PID: 3364)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 2928)
      • setup.exe (PID: 3364)
      • setup.exe (PID: 3688)
      • setup.exe (PID: 1612)

  • INFO

    • The sample compiled with english language support

      • setup.exe (PID: 3364)
      • OperaAirSetup.exe (PID: 5652)
      • setup.exe (PID: 2928)
      • setup.exe (PID: 5544)
      • setup.exe (PID: 3688)
      • setup.exe (PID: 1612)

    • Create files in a temporary directory

      • OperaAirSetup.exe (PID: 5652)
      • setup.exe (PID: 2928)
      • setup.exe (PID: 3364)
      • setup.exe (PID: 5544)
      • setup.exe (PID: 3688)
      • setup.exe (PID: 1612)

    • Checks supported languages

      • OperaAirSetup.exe (PID: 5652)
      • setup.exe (PID: 3364)
      • setup.exe (PID: 2928)
      • setup.exe (PID: 5544)
      • setup.exe (PID: 1612)
      • setup.exe (PID: 3688)

    • Reads the computer name

      • setup.exe (PID: 3364)
      • setup.exe (PID: 3688)

    • Creates files or folders in the user directory

      • setup.exe (PID: 2928)
      • setup.exe (PID: 3364)

    • Checks proxy server information

      • setup.exe (PID: 3364)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 3364)

    • Reads the software policy settings

      • setup.exe (PID: 3364)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:10:15 12:57:10+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.4
CodeSize: 241152
InitializedDataSize: 107520
UninitializedDataSize: -
EntryPoint: 0x215d3
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 116.0.5366.82
ProductVersionNumber: 116.0.5366.82
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileVersion: 116.0.5366.82
ProductVersion: 116.0.5366.82
FileDescription: Opera installer SFX
CompanyName:
LegalCopyright: Opera Software 2025
Productname: Opera installer
Stream: Stable
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
123
Monitored processes
6
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start operaairsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
1612C:\Users\admin\AppData\Local\Temp\7zS4165AC63\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopAir --annotation=ver=116.0.5366.82 --initial-client-data=0x2ac,0x2b0,0x2b4,0x274,0x2b8,0x7ff82032a0b8,0x7ff82032a0c4,0x7ff82032a0d0C:\Users\admin\AppData\Local\Temp\7zS4165AC63\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air Installer
Version:
116.0.5366.82
Modules
Images
c:\users\admin\appdata\local\temp\7zs4165ac63\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2928C:\Users\admin\AppData\Local\Temp\7zS4165AC63\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopAir --annotation=ver=116.0.5366.82 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x7ff821baa0b8,0x7ff821baa0c4,0x7ff821baa0d0C:\Users\admin\AppData\Local\Temp\7zS4165AC63\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air Installer
Version:
116.0.5366.82
Modules
Images
c:\users\admin\appdata\local\temp\7zs4165ac63\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3364C:\Users\admin\AppData\Local\Temp\7zS4165AC63\setup.exe --server-tracking-blob=MzQ4YTAzZWYxMDk3ZTBmMmUyZmVlMGUxNGY3MWRhMjg5OGQ2ZWE3Mjg1Njk5NjA5ZWQ5ZGE5MDQxZmQ5ODgxNjp7ImNvdW50cnkiOiJDQSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUFpclNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9haXIiLCJxdWVyeSI6Ii9vcGVyYV9haXIvc3RhYmxlL3dpbmRvd3M/aHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5xd2FudC5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZhaXImZGxfdG9rZW49MjA2NTk0MTAiLCJ0aW1lc3RhbXAiOiIxNzM4NzA4NDAwLjAzOTUiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMzUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMzUuMCIsInV0bSI6eyJsYXN0cGFnZSI6Im9wZXJhLmNvbS9haXIiLCJzaXRlIjoib3BlcmFfY29tIn0sInV1aWQiOiI1ZDVlN2IzZi00MDM3LTQyNmYtODU0NC1mNGVkNDc5MTE3ZDUifQ==C:\Users\admin\AppData\Local\Temp\7zS4165AC63\setup.exe
OperaAirSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air Installer
Version:
116.0.5366.82
Modules
Images
c:\users\admin\appdata\local\temp\7zs4165ac63\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3688"C:\Users\admin\AppData\Local\Temp\7zS4165AC63\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=0 --showunbox=1 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera Air" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3364 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera Air Installer Temp\opera_package_20250204223450" --session-guid=4b50637b-34e4-4041-a682-ebda02769339 --server-tracking-blob="NWJkNGJkZjg1OWQ5NjI2NWE2YmI3NjUzYzdmNmNjZWEzN2YyYjU1OGJjNzRkMTEwMGI1ZWViMmQ1ZTA3OWVhOTp7ImNvdW50cnkiOiJDQSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUFpclNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2FpciJ9LCJxdWVyeSI6Ii9vcGVyYV9haXIvc3RhYmxlL3dpbmRvd3M/aHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5xd2FudC5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZhaXImZGxfdG9rZW49MjA2NTk0MTAiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3Mzg3MDg0MDAuMDM5NSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNS4wIiwidXRtIjp7Imxhc3RwYWdlIjoib3BlcmEuY29tL2FpciIsInNpdGUiOiJvcGVyYV9jb20ifSwidXVpZCI6IjVkNWU3YjNmLTQwMzctNDI2Zi04NTQ0LWY0ZWQ0NzkxMTdkNSJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=C009000000000000C:\Users\admin\AppData\Local\Temp\7zS4165AC63\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Air Installer
Version:
116.0.5366.82
Modules
Images
c:\users\admin\appdata\local\temp\7zs4165ac63\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5544"C:\Users\admin\AppData\Local\Temp\.opera\Opera Air Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera Air Installer Temp\setup.exe
setup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera air installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5652"C:\Users\admin\Desktop\OperaAirSetup.exe" C:\Users\admin\Desktop\OperaAirSetup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Opera installer SFX
Version:
116.0.5366.82
Modules
Images
c:\users\admin\desktop\operaairsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
3 647
Read events
3 643
Write events
4
Delete events
0

Modification events

(PID) Process:(3364) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3364) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3364) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3688) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera Air Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera Air\
Executable files
7
Suspicious files
2
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2928setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2502042234497402928.dllexecutable
MD5:551DF8EAB799423080BB2870C2FF5F6B
SHA256:9D01539DFE4F310217EE470C9891EBA9EDCD7AB29BB870EEDACAAB6CEB2511AC
3364setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera Air Stable\Crash Reports\settings.datbinary
MD5:78696C07180A93631D40D82BA71393B9
SHA256:3F9AD462CD61D69EF75D42B91E100F40568B655D5A7DB00EFA47E661621B1749
3364setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2502042234494433364.dllexecutable
MD5:551DF8EAB799423080BB2870C2FF5F6B
SHA256:9D01539DFE4F310217EE470C9891EBA9EDCD7AB29BB870EEDACAAB6CEB2511AC
5652OperaAirSetup.exeC:\Users\admin\AppData\Local\Temp\7zS4165AC63\setup.exeexecutable
MD5:1A5235FE584C1411FF507F0D113B19A3
SHA256:51128C57F6C289CAD1C736200FAF7EBB4BB24D78CCD998A0AAF737766B90F4F3
3364setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera Air Installer Temp\setup.exeexecutable
MD5:1A5235FE584C1411FF507F0D113B19A3
SHA256:51128C57F6C289CAD1C736200FAF7EBB4BB24D78CCD998A0AAF737766B90F4F3
5544setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2502042234501305544.dllexecutable
MD5:551DF8EAB799423080BB2870C2FF5F6B
SHA256:9D01539DFE4F310217EE470C9891EBA9EDCD7AB29BB870EEDACAAB6CEB2511AC
1612setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2502042234587401612.dllexecutable
MD5:551DF8EAB799423080BB2870C2FF5F6B
SHA256:9D01539DFE4F310217EE470C9891EBA9EDCD7AB29BB870EEDACAAB6CEB2511AC
3688setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2502042234585523688.dllexecutable
MD5:551DF8EAB799423080BB2870C2FF5F6B
SHA256:9D01539DFE4F310217EE470C9891EBA9EDCD7AB29BB870EEDACAAB6CEB2511AC
3364setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\features[1].jsonbinary
MD5:D81C4EF0BC81C63892A4A5E658C80A01
SHA256:F763337ABBA4E7CB4A6B715937AC9DDA9761BB189E6DB6822997C16D17FB4332
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
34
DNS requests
10
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4300
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4300
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
302
35.156.141.129:443
https://download.opera.com/download/get/?id=69846&autoupdate=1&ni=1&stream=stable&utm_lastpage=opera.com/air&utm_site=opera_com&niuid=5d5e7b3f-4037-426f-8544-f4ed479117d5
unknown
GET
23.207.210.153:443
https://download3.operacdn.com/ftp/.private/opera_air/116.0.5366.82/win/Opera_Air_116.0.5366.82_Autoupdate_x64.exe
unknown
GET
302
18.192.248.140:443
https://download.opera.com/download/get/?id=69846&autoupdate=1&ni=1&stream=stable&utm_lastpage=opera.com/air&utm_site=opera_com&niuid=5d5e7b3f-4037-426f-8544-f4ed479117d5
unknown
GET
23.207.210.153:443
https://download3.operacdn.com/ftp/.private/opera_air/116.0.5366.82/win/Opera_Air_116.0.5366.82_Autoupdate_x64.exe
unknown
GET
302
18.192.248.140:443
https://download.opera.com/download/get/?id=69846&autoupdate=1&ni=1&stream=stable&utm_lastpage=opera.com/air&utm_site=opera_com&niuid=5d5e7b3f-4037-426f-8544-f4ed479117d5
unknown
GET
302
35.156.141.129:443
https://download.opera.com/download/get/?id=69846&autoupdate=1&ni=1&stream=stable&utm_lastpage=opera.com/air&utm_site=opera_com&niuid=5d5e7b3f-4037-426f-8544-f4ed479117d5
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4300
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4300
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4300
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3364
setup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
NO
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.142
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
autoupdate.opera.com
  • 82.145.216.47
  • 82.145.216.19
  • 82.145.216.20
  • 82.145.216.46
whitelisted
features.opera-api2.com
  • 185.26.182.111
  • 185.26.182.106
  • 185.26.182.94
  • 185.26.182.118
  • 185.26.182.93
  • 185.26.182.112
malicious
download.opera.com
  • 185.26.182.122
  • 185.26.182.117
whitelisted
download3.operacdn.com
  • 23.207.210.151
  • 23.207.210.153
whitelisted
self.events.data.microsoft.com
  • 20.42.73.26
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO Outgoing Basic Auth Base64 HTTP Password detected unencrypted
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OperaAirSetup.exe