File name:

infected.zip

Full analysis: https://app.any.run/tasks/c07619e6-e3e0-45c5-8f72-3552d87cb734
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: February 11, 2019, 10:08:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
installcore
pup
addrop
loader
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

0176354AFD84A1F7EB1653A1528C25BE

SHA1:

753CED9CFB88385A32F38552DD4C475B11DBD3AF

SHA256:

92582E3305FBDC2FB9E0F261118D47DE269484D122538CB9F9E5E387ACA94842

SSDEEP:

49152:RAGGJoL9xgvLdRrKxZE93Ig7NXg8l2ouetiOrz/tcF:RUJU9xgzdRrKxZYv7NQ8lOehtM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • JavaSetup_0896841932.exe (PID: 4084)
      • OperaSetup.exe (PID: 2140)
      • JavaSetup_0896841932.exe (PID: 2508)
      • OperaSetup.exe (PID: 2988)
      • OperaSetup.exe (PID: 900)
      • OperaSetup.exe (PID: 3332)
      • OperaSetup.exe (PID: 2536)

    • Connects to CnC server

      • JavaSetup_0896841932.exe (PID: 4084)

    • INSTALLCORE was detected

      • JavaSetup_0896841932.exe (PID: 4084)

    • Downloads executable files from the Internet

      • JavaSetup_0896841932.exe (PID: 4084)

    • Loads dropped or rewritten executable

      • OperaSetup.exe (PID: 900)
      • OperaSetup.exe (PID: 2536)
      • OperaSetup.exe (PID: 2140)
      • OperaSetup.exe (PID: 2988)
      • OperaSetup.exe (PID: 3332)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3420)
      • OperaSetup.exe (PID: 2988)
      • JavaSetup_0896841932.exe (PID: 4084)
      • OperaSetup.exe (PID: 2140)
      • OperaSetup.exe (PID: 3332)
      • OperaSetup.exe (PID: 2536)

    • Application launched itself

      • JavaSetup_0896841932.exe (PID: 2508)
      • OperaSetup.exe (PID: 2140)
      • OperaSetup.exe (PID: 3332)

    • Reads internet explorer settings

      • JavaSetup_0896841932.exe (PID: 4084)

    • Reads Environment values

      • JavaSetup_0896841932.exe (PID: 4084)

    • Reads CPU info

      • JavaSetup_0896841932.exe (PID: 4084)

    • Creates files in the user directory

      • OperaSetup.exe (PID: 2988)

    • Starts itself from another location

      • OperaSetup.exe (PID: 2140)

    • Reads the date of Windows installation

      • JavaSetup_0896841932.exe (PID: 4084)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0003
ZipCompression: Unknown (99)
ZipModifyDate: 2019:02:11 10:07:24
ZipCRC: 0x0b4ac002
ZipCompressedSize: 2453001
ZipUncompressedSize: 2478622
ZipFileName: JavaSetup_0896841932.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
8
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start winrar.exe javasetup_0896841932.exe no specs #INSTALLCORE javasetup_0896841932.exe operasetup.exe operasetup.exe operasetup.exe no specs operasetup.exe operasetup.exe

Process information

PID
CMD
Path
Indicators
Parent process
900"C:\Users\admin\AppData\Local\Temp\Opera Installer\OperaSetup.exe" --versionC:\Users\admin\AppData\Local\Temp\Opera Installer\OperaSetup.exeOperaSetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\opera installer\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2140"C:\Users\admin\AppData\Local\Temp\in65CE18FA\OperaSetup.exe" --silent --allusers=0C:\Users\admin\AppData\Local\Temp\in65CE18FA\OperaSetup.exe
JavaSetup_0896841932.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
58.0.3135.53
Modules
Images
c:\users\admin\appdata\local\temp\in65ce18fa\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2508"C:\Users\admin\Desktop\JavaSetup_0896841932.exe" C:\Users\admin\Desktop\JavaSetup_0896841932.exeexplorer.exe
User:
admin
Company:
Rosot
Integrity Level:
MEDIUM
Description:
Hefefedele Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\javasetup_0896841932.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2536C:\Users\admin\AppData\Local\Temp\in65CE18FA\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=58.0.3135.53 --initial-client-data=0xdc,0xec,0xf0,0xe8,0xf4,0x6ceda8e0,0x6ceda8f0,0x6ceda8fcC:\Users\admin\AppData\Local\Temp\in65CE18FA\OperaSetup.exe
OperaSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
58.0.3135.53
Modules
Images
c:\users\admin\appdata\local\temp\in65ce18fa\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2988C:\Users\admin\AppData\Local\Temp\in65CE18FA\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=58.0.3135.53 --initial-client-data=0xd8,0xe0,0xe4,0xdc,0xe8,0x6d4da8e0,0x6d4da8f0,0x6d4da8fcC:\Users\admin\AppData\Local\Temp\in65CE18FA\OperaSetup.exe
OperaSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
58.0.3135.53
Modules
Images
c:\users\admin\appdata\local\temp\in65ce18fa\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3332"C:\Users\admin\AppData\Local\Temp\in65CE18FA\OperaSetup.exe" --backend --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --startmenushortcut=1 --desktopshortcut=1 --quicklaunchshortcut=1 --pintotaskbar=1 --server-tracking-data=server_tracking_data --initial-pid=2140 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\Opera Installer\opera_package_20190211100934" --session-guid=4f96d102-fb5c-463a-9f53-e2a11449ad68 --server-tracking-blob="NjYyMjEwMzc3YzAxYTFmMTc5N2VjNjY2MTFlOTFmMTg5ZGQ2NjVlOTdlMGYwMzczODAxMTE0NmY4Y2FmMTc5ZDp7ImNvdW50cnkiOiJOTyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1wYmMmdXRtX3NvdXJjZT1haXMmdXRtX2NhbXBhaWduPV9DUlRfbmMmdXRtX2lkPVBlMEZBMzIyVkFwNHRGViUyRmVMQWdlSHV5VlFsdTl3VktkYlpSRDNHMFV3OTV0VkVPY2JaVkJudTBSMUV1NGdSTWRjc1JXenJsSTB3bjh4SmJPcUlDVEN1M1V3TjdzRmdQZmJGWUIzRzglMkZrNEFBQUJJaEdFJTJCIiwidGltZXN0YW1wIjoiMTU0OTg3OTc3Mi45MTk5IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wOyAuTkVUNC4wQzsgLk5FVDQuMEUpIiwidXRtIjp7ImNhbXBhaWduIjoiX0NSVF9uYyIsImlkIjoiUGUwRkEzMjJWQXA0dEZWL2VMQWdlSHV5VlFsdTl3VktkYlpSRDNHMFV3OTV0VkVPY2JaVkJudTBSMUV1NGdSTWRjc1JXenJsSTB3bjh4SmJPcUlDVEN1M1V3TjdzRmdQZmJGWUIzRzgvazRBQUFCSWhHRSsiLCJtZWRpdW0iOiJwYmMiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6ImE1ZTllMGQyLWE5MjQtNGU5Yy04ODE4LTUzOWIyYWMwYzNlMyJ9 " --silent --wait-for-package --initial-proc-handle=D002000000000000C:\Users\admin\AppData\Local\Temp\in65CE18FA\OperaSetup.exe
OperaSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
58.0.3135.53
Modules
Images
c:\users\admin\appdata\local\temp\in65ce18fa\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3420"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\infected.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
4084"C:\Users\admin\Desktop\JavaSetup_0896841932.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /mnlC:\Users\admin\Desktop\JavaSetup_0896841932.exe
JavaSetup_0896841932.exe
User:
admin
Company:
Rosot
Integrity Level:
HIGH
Description:
Hefefedele Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\javasetup_0896841932.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
Total events
1 064
Read events
977
Write events
87
Delete events
0

Modification events

(PID) Process:(3420) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3420) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3420) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3420) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\infected.zip
(PID) Process:(3420) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3420) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3420) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3420) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3420) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(3420) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
Executable files
6
Suspicious files
8
Text files
82
Unknown types
0

Dropped files

PID
Process
Filename
Type
4084JavaSetup_0896841932.exeC:\Users\admin\AppData\Local\Temp\001A2DE7.log
MD5:
SHA256:
3420WinRAR.exeC:\Users\admin\Desktop\JavaSetup_0896841932.exeexecutable
MD5:
SHA256:
4084JavaSetup_0896841932.exeC:\Users\admin\AppData\Local\Temp\inH171568724031\css\swAgent.csstext
MD5:2543E3AF757C7D7C8A26C7CF57795F60
SHA256:C38892A06C8F50C6386ED794AF4F1EA3E1897AD5F0C7E19594D9EA7B20CFB3F1
4084JavaSetup_0896841932.exeC:\Users\admin\AppData\Local\Temp\inH171568724031\csshover3.htchtml
MD5:52FA0DA50BF4B27EE625C80D36C67941
SHA256:E37E99DDFC73AC7BA774E23736B2EF429D9A0CB8C906453C75B14C029BDD5493
4084JavaSetup_0896841932.exeC:\Users\admin\AppData\Local\Temp\inH171568724031\css\_functions.scsstext
MD5:8F7259DE64F6DDF352BF461F44D34A81
SHA256:80EDC9D67172BC830D68D33F4547735FB072CADF3EF25AAB37A10B50DB87A069
4084JavaSetup_0896841932.exeC:\Users\admin\AppData\Local\Temp\inH171568724031\css\_variables.scsstext
MD5:07922410C30F0117CBC3C140F14AEA88
SHA256:AF1999B49C03F5DCBB19466466FAC2D8172C684C0FF18931B85A8D0A06332C73
4084JavaSetup_0896841932.exeC:\Users\admin\AppData\Local\Temp\inH171568724031\css\helpers\_align.scsstext
MD5:BBBBD243F9525ACC7DC6077010627409
SHA256:1F11B5F53E0AA7DA1A1559A1A5CDD52BF03119EA74E5091462461C550E9288DB
4084JavaSetup_0896841932.exeC:\Users\admin\AppData\Local\Temp\inH171568724031\css\main.csstext
MD5:2DBA8638120788C9E3AF6D447181B2F1
SHA256:8089C6915B14118C19498CBCE306220CF009EAFFFADB6818FA130DFE6128F8A8
4084JavaSetup_0896841932.exeC:\Users\admin\AppData\Local\Temp\inH171568724031\css\main.scsstext
MD5:809FF7028B1952FDAEDE53E407A7DF93
SHA256:DE6C3DD2BE22340B3E95E14AE7FF6611CFACD7B9A7B134F536254C48FD3C5DF6
4084JavaSetup_0896841932.exeC:\Users\admin\AppData\Local\Temp\inH171568724031\form.bmp.Maskbinary
MD5:D2FC989F9C2043CD32332EC0FAD69C70
SHA256:27DD029405CBFB0C3BF8BAC517BE5DB9AA83E981B1DC2BD5C5D6C549FA514101
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
15
DNS requests
11
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4084
JavaSetup_0896841932.exe
GET
199.115.112.67:80
http://cdnus.laboratoryconecpttoday.com/app/softjug/javaSetup.exe
US
malicious
4084
JavaSetup_0896841932.exe
HEAD
200
199.115.112.67:80
http://cdnus.laboratoryconecpttoday.com/app/softjug/javaSetup.exe
US
malicious
4084
JavaSetup_0896841932.exe
HEAD
200
185.26.182.112:80
http://net.geo.opera.com/opera/stable?utm_medium=pbc&utm_source=ais&utm_campaign=_CRT_nc&utm_id=Pe0FA322VAp4tFV%2FeLAgeHuyVQlu9wVKdbZRD3G0Uw95tVEOcbZVBnu0R1Eu4gRMdcsRWzrlI0wn8xJbOqICTCu3UwN7sFgPfbFYB3G8%2Fk4AAABIhGE%2B
unknown
whitelisted
4084
JavaSetup_0896841932.exe
GET
199.115.112.67:80
http://cdnus.laboratoryconecpttoday.com/app/softjug/javaSetup.exe
US
malicious
4084
JavaSetup_0896841932.exe
GET
199.115.112.67:80
http://cdnus.laboratoryconecpttoday.com/app/softjug/javaSetup.exe
US
malicious
4084
JavaSetup_0896841932.exe
GET
200
199.201.110.78:80
http://img.tepat-teku.com/img/Rowabobeso/icon3.png
US
image
351 b
malicious
4084
JavaSetup_0896841932.exe
POST
200
54.194.149.175:80
http://www2.tepat-teku.com/
IE
malicious
4084
JavaSetup_0896841932.exe
GET
200
95.211.184.67:80
http://cdn.tepat-teku.com/app/softjug/java_32.png
NL
image
1.83 Kb
malicious
4084
JavaSetup_0896841932.exe
GET
200
199.201.110.78:80
http://img.tepat-teku.com/img/Rowabobeso/b2_win_clean.png
US
image
42.9 Kb
malicious
4084
JavaSetup_0896841932.exe
GET
200
199.201.110.78:80
http://img.tepat-teku.com/img/Rowabobeso/icon2.png
US
image
422 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4084
JavaSetup_0896841932.exe
54.194.149.175:80
www2.tepat-teku.com
Amazon.com, Inc.
IE
malicious
4084
JavaSetup_0896841932.exe
34.251.155.7:80
cloud.tepat-teku.com
Amazon.com, Inc.
IE
whitelisted
4084
JavaSetup_0896841932.exe
52.31.54.204:80
server.tepat-teku.com
Amazon.com, Inc.
IE
malicious
4084
JavaSetup_0896841932.exe
95.211.184.67:80
cdn.tepat-teku.com
LeaseWeb Netherlands B.V.
NL
malicious
4084
JavaSetup_0896841932.exe
199.201.110.78:80
img.tepat-teku.com
Namecheap, Inc.
US
malicious
4084
JavaSetup_0896841932.exe
185.26.182.112:80
net.geo.opera.com
Opera Software AS
malicious
2140
OperaSetup.exe
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
suspicious
4084
JavaSetup_0896841932.exe
199.115.112.67:80
cdnus.laboratoryconecpttoday.com
Leaseweb USA, Inc.
US
malicious
82.145.217.121:443
desktop-netinstaller-sub.osp.opera.software
Opera Software AS
suspicious
2140
OperaSetup.exe
151.101.2.2:443
download1.operacdn.com
Fastly
US
shared

DNS requests

Domain
IP
Reputation
www2.tepat-teku.com
  • 54.194.149.175
  • 52.214.73.247
malicious
cloud.tepat-teku.com
  • 34.251.155.7
  • 52.209.116.64
  • 52.212.157.66
malicious
cdn.tepat-teku.com
  • 95.211.184.67
malicious
server.tepat-teku.com
  • 52.31.54.204
  • 52.31.245.195
  • 52.214.236.246
malicious
img.tepat-teku.com
  • 199.201.110.78
malicious
cdnus.laboratoryconecpttoday.com
  • 199.115.112.67
malicious
net.geo.opera.com
  • 185.26.182.112
  • 185.26.182.111
whitelisted
autoupdate.geo.opera.com
  • 185.26.182.105
  • 185.26.182.95
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
dl.opera.com
  • 185.26.182.111
  • 185.26.182.112
whitelisted

Threats

PID
Process
Class
Message
4084
JavaSetup_0896841932.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2
4084
JavaSetup_0896841932.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1
4084
JavaSetup_0896841932.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3
4084
JavaSetup_0896841932.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M4
4084
JavaSetup_0896841932.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4084
JavaSetup_0896841932.exe
Misc activity
ET INFO EXE - Served Attached HTTP
4084
JavaSetup_0896841932.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
infected.zip