File name:

WindowsCleaner.zip

Full analysis: https://app.any.run/tasks/a364ff68-7414-49d3-9c58-eeba54f2f7fe
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: April 10, 2025, 09:38:22
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
arch-doc
opera
tool
evasion
github
stealer
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

CF8B8EA28CF515BED4107D20BB78065C

SHA1:

7933B1D223A0BEF46561CD5B8C8536FA7810D162

SHA256:

0AAD0367A86A6F53A37D54A48985F4E504A86C19ECB73916FFAC7F07FF8A06A7

SSDEEP:

24:9rJV9CJy+TjJrvJrG9ZBaJrAaMVvK4rBJJZJyDXJr7JrMQBprbQCI:9rJqJrTjJrvJrG93aJr8VJ3JIJr7JrMZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • opera.exe (PID: 6456)
      • opera.exe (PID: 7776)

    • Changes Windows Defender settings

      • ExLoader_Installer.exe (PID: 1132)
      • amongperformance.exe (PID: 6028)

    • Adds path to the Windows Defender exclusion list

      • ExLoader_Installer.exe (PID: 1132)
      • amongperformance.exe (PID: 6028)

    • Steals credentials from Web Browsers

      • setup.exe (PID: 8756)
      • setup.exe (PID: 8964)
      • assistant_installer.exe (PID: 1664)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 8756)
      • setup.exe (PID: 8964)
      • assistant_installer.exe (PID: 6728)
      • assistant_installer.exe (PID: 1664)

  • SUSPICIOUS

    • Creates file in the systems drive root

      • explorer.exe (PID: 5492)

    • Starts itself from another location

      • setup.exe (PID: 7348)
      • setup.exe (PID: 8244)
      • ExLoader.exe (PID: 8264)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 6824)
      • OperaGXSetup.exe (PID: 7412)
      • setup.exe (PID: 7348)
      • setup.exe (PID: 2136)
      • setup.exe (PID: 2420)
      • setup.exe (PID: 7308)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 8068)
      • installer.exe (PID: 7184)
      • installer.exe (PID: 7364)
      • installer.exe (PID: 8764)
      • opera_autoupdate.exe (PID: 240)
      • installer.exe (PID: 7244)
      • installer.exe (PID: 8836)
      • opera.exe (PID: 6456)
      • opera.exe (PID: 3976)
      • opera_autoupdate.exe (PID: 4608)
      • opera.exe (PID: 7776)
      • installer.exe (PID: 7284)
      • ExLoader_Installer.exe (PID: 5796)
      • ExLoader_Installer.exe (PID: 1132)
      • setup.exe (PID: 8756)
      • OperaSetup.exe (PID: 2152)
      • setup.exe (PID: 8244)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 8964)
      • setup.exe (PID: 8728)
      • opera.exe (PID: 2780)
      • ExLoader.exe (PID: 8264)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 2028)
      • amongperformance.exe (PID: 6028)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 7348)
      • installer.exe (PID: 7364)
      • opera.exe (PID: 6456)
      • opera.exe (PID: 8828)
      • opera.exe (PID: 7308)
      • opera.exe (PID: 8572)
      • opera.exe (PID: 7776)
      • opera.exe (PID: 8356)
      • ExLoader_Installer.exe (PID: 5796)
      • setup.exe (PID: 8244)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 7348)
      • setup.exe (PID: 6824)
      • setup.exe (PID: 2136)
      • setup.exe (PID: 2420)

    • Reads the date of Windows installation

      • installer.exe (PID: 7364)
      • opera.exe (PID: 6456)
      • opera.exe (PID: 7776)
      • ExLoader_Installer.exe (PID: 5796)

    • Searches for installed software

      • installer.exe (PID: 7364)
      • setup.exe (PID: 8244)

    • Creates a software uninstall entry

      • installer.exe (PID: 7364)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 240)
      • opera_autoupdate.exe (PID: 4608)

    • The process checks if it is being run in the virtual environment

      • opera.exe (PID: 6456)
      • opera.exe (PID: 7776)

    • Checks for external IP

      • opera.exe (PID: 3976)
      • svchost.exe (PID: 2196)
      • ExLoader_Installer.exe (PID: 1132)

    • The process drops C-runtime libraries

      • ExLoader_Installer.exe (PID: 5796)
      • ExLoader_Installer.exe (PID: 1132)

    • Process drops legitimate windows executable

      • ExLoader_Installer.exe (PID: 5796)
      • ExLoader_Installer.exe (PID: 1132)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 2028)
      • amongperformance.exe (PID: 6028)

    • Script adds exclusion path to Windows Defender

      • ExLoader_Installer.exe (PID: 1132)
      • amongperformance.exe (PID: 6028)

    • Starts POWERSHELL.EXE for commands execution

      • ExLoader_Installer.exe (PID: 1132)
      • amongperformance.exe (PID: 6028)

    • Connects to unusual port

      • ExLoader_Installer.exe (PID: 1132)
      • ExLoader.exe (PID: 8264)
      • amongperformance.exe (PID: 6028)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 3960)

    • Starts CMD.EXE for commands execution

      • amongperformance.exe (PID: 6028)

    • The executable file from the user directory is run by the CMD process

      • dxwebsetup.exe (PID: 3804)

  • INFO

    • Manual execution by a user

      • chrome.exe (PID: 4272)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 4272)

    • Autorun file from Downloads

      • chrome.exe (PID: 4272)
      • chrome.exe (PID: 7216)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 5492)
      • powershell.exe (PID: 7048)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 5492)
      • setup.exe (PID: 6824)
      • setup.exe (PID: 7348)
      • setup.exe (PID: 2136)
      • opera.exe (PID: 6456)
      • installer.exe (PID: 7364)
      • opera.exe (PID: 3976)
      • opera_autoupdate.exe (PID: 240)
      • opera.exe (PID: 7776)
      • opera.exe (PID: 4652)
      • setup.exe (PID: 8756)
      • amongperformance.exe (PID: 6028)
      • setup.exe (PID: 8244)
      • setup.exe (PID: 8964)

    • Checks proxy server information

      • explorer.exe (PID: 5492)
      • setup.exe (PID: 7348)
      • opera.exe (PID: 6456)
      • opera_autoupdate.exe (PID: 8632)
      • slui.exe (PID: 7532)
      • opera_autoupdate.exe (PID: 240)
      • opera.exe (PID: 8828)
      • opera_autoupdate.exe (PID: 7532)
      • opera.exe (PID: 7776)
      • opera_autoupdate.exe (PID: 5964)
      • opera_autoupdate.exe (PID: 4608)
      • opera.exe (PID: 8356)
      • setup.exe (PID: 8244)

    • Checks supported languages

      • setup.exe (PID: 7348)
      • setup.exe (PID: 7308)
      • OperaGXSetup.exe (PID: 7412)
      • setup.exe (PID: 6824)
      • setup.exe (PID: 2420)
      • setup.exe (PID: 2136)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 8068)
      • installer.exe (PID: 7364)
      • assistant_installer.exe (PID: 5136)
      • assistant_installer.exe (PID: 7256)
      • installer.exe (PID: 7184)
      • opera.exe (PID: 6456)
      • opera_crashreporter.exe (PID: 2692)
      • opera.exe (PID: 3976)
      • opera.exe (PID: 7100)
      • opera.exe (PID: 7212)
      • opera.exe (PID: 6072)
      • opera.exe (PID: 4152)
      • opera.exe (PID: 7980)
      • opera_gx_splash.exe (PID: 7776)
      • opera.exe (PID: 632)
      • opera.exe (PID: 1348)
      • opera.exe (PID: 7760)
      • opera.exe (PID: 7364)
      • opera.exe (PID: 7248)
      • opera.exe (PID: 4528)
      • opera.exe (PID: 4728)
      • opera.exe (PID: 7244)
      • opera.exe (PID: 7408)
      • opera.exe (PID: 4980)
      • opera.exe (PID: 7628)
      • opera.exe (PID: 3888)
      • opera.exe (PID: 5980)
      • opera.exe (PID: 2268)
      • opera.exe (PID: 7240)
      • opera.exe (PID: 7192)
      • opera.exe (PID: 540)
      • opera.exe (PID: 7200)
      • opera.exe (PID: 8212)
      • opera.exe (PID: 5500)
      • opera.exe (PID: 8936)
      • opera.exe (PID: 8944)
      • opera.exe (PID: 8516)
      • opera.exe (PID: 9144)
      • opera.exe (PID: 8968)
      • opera.exe (PID: 9028)
      • opera.exe (PID: 8976)
      • opera.exe (PID: 8960)
      • opera.exe (PID: 8952)
      • opera.exe (PID: 9036)
      • opera.exe (PID: 9044)
      • opera.exe (PID: 9020)
      • opera.exe (PID: 9136)
      • opera.exe (PID: 8460)
      • opera.exe (PID: 8424)
      • installer.exe (PID: 8764)
      • opera.exe (PID: 8400)
      • opera.exe (PID: 8416)
      • opera_autoupdate.exe (PID: 240)
      • opera_autoupdate.exe (PID: 9068)
      • installer.exe (PID: 7244)
      • opera.exe (PID: 9052)
      • opera.exe (PID: 8944)
      • opera_autoupdate.exe (PID: 8632)
      • opera_autoupdate.exe (PID: 7392)
      • opera.exe (PID: 9132)
      • opera.exe (PID: 9048)
      • opera.exe (PID: 3032)
      • opera.exe (PID: 8744)
      • opera.exe (PID: 9024)
      • opera.exe (PID: 6108)
      • opera.exe (PID: 616)
      • opera.exe (PID: 8712)
      • opera.exe (PID: 4028)
      • installer.exe (PID: 8836)
      • opera.exe (PID: 9188)
      • opera.exe (PID: 7528)
      • opera.exe (PID: 8716)
      • opera.exe (PID: 8336)
      • opera.exe (PID: 5988)
      • opera.exe (PID: 7084)
      • opera.exe (PID: 660)
      • opera.exe (PID: 4784)
      • opera.exe (PID: 4448)
      • opera.exe (PID: 8880)
      • opera.exe (PID: 8604)
      • opera.exe (PID: 1120)
      • opera.exe (PID: 8696)
      • opera.exe (PID: 7220)
      • opera.exe (PID: 7308)
      • opera.exe (PID: 9192)
      • opera.exe (PID: 6800)
      • opera.exe (PID: 8828)
      • opera.exe (PID: 7412)
      • opera.exe (PID: 7628)
      • opera.exe (PID: 8364)
      • opera.exe (PID: 7772)
      • opera.exe (PID: 6944)
      • opera.exe (PID: 8268)
      • opera.exe (PID: 1512)
      • opera.exe (PID: 9000)
      • opera.exe (PID: 4812)
      • opera.exe (PID: 9092)
      • opera.exe (PID: 8820)
      • opera.exe (PID: 8480)
      • opera.exe (PID: 5212)
      • opera.exe (PID: 9192)
      • opera_autoupdate.exe (PID: 7532)
      • opera_autoupdate.exe (PID: 5048)
      • opera_crashreporter.exe (PID: 7388)
      • opera.exe (PID: 9032)
      • opera.exe (PID: 9188)
      • opera.exe (PID: 2408)
      • opera.exe (PID: 7776)
      • opera.exe (PID: 8852)
      • opera.exe (PID: 7508)
      • opera.exe (PID: 8856)
      • opera.exe (PID: 4652)
      • opera.exe (PID: 7048)
      • opera.exe (PID: 7984)
      • opera.exe (PID: 5428)
      • opera.exe (PID: 8608)
      • opera.exe (PID: 7956)
      • opera.exe (PID: 1748)
      • opera.exe (PID: 8988)
      • opera.exe (PID: 8868)
      • opera.exe (PID: 8292)
      • opera.exe (PID: 8592)
      • opera.exe (PID: 9128)
      • opera.exe (PID: 8584)
      • opera.exe (PID: 7368)
      • opera.exe (PID: 8776)
      • opera.exe (PID: 1116)
      • opera.exe (PID: 5344)
      • opera_autoupdate.exe (PID: 5416)
      • opera_autoupdate.exe (PID: 5964)
      • opera.exe (PID: 7948)
      • opera_autoupdate.exe (PID: 4608)
      • opera_autoupdate.exe (PID: 1056)
      • opera.exe (PID: 3100)
      • opera.exe (PID: 8572)
      • installer.exe (PID: 7284)
      • opera.exe (PID: 7636)
      • opera.exe (PID: 8356)
      • ExLoader_Installer.exe (PID: 5796)
      • ExLoader_Installer.exe (PID: 1132)
      • ExLoader.exe (PID: 8264)
      • OperaSetup.exe (PID: 2152)
      • setup.exe (PID: 8756)
      • setup.exe (PID: 8244)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 8964)
      • setup.exe (PID: 8728)
      • opera.exe (PID: 1244)
      • opera.exe (PID: 2780)
      • amongperformance.exe (PID: 6028)
      • opera.exe (PID: 7800)
      • opera.exe (PID: 8212)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 2028)
      • assistant_installer.exe (PID: 6728)
      • assistant_installer.exe (PID: 1664)

    • Create files in a temporary directory

      • setup.exe (PID: 7308)
      • setup.exe (PID: 7348)
      • setup.exe (PID: 6824)
      • OperaGXSetup.exe (PID: 7412)
      • setup.exe (PID: 2136)
      • setup.exe (PID: 2420)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 8068)
      • installer.exe (PID: 7364)
      • installer.exe (PID: 7184)
      • opera.exe (PID: 6456)
      • installer.exe (PID: 8764)
      • installer.exe (PID: 7244)
      • opera_autoupdate.exe (PID: 240)
      • installer.exe (PID: 8836)
      • opera.exe (PID: 7776)
      • installer.exe (PID: 7284)
      • ExLoader_Installer.exe (PID: 5796)
      • OperaSetup.exe (PID: 2152)
      • ExLoader_Installer.exe (PID: 1132)
      • setup.exe (PID: 7804)
      • setup.exe (PID: 8964)
      • setup.exe (PID: 8728)
      • setup.exe (PID: 8244)
      • amongperformance.exe (PID: 6028)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 2028)

    • Reads the software policy settings

      • explorer.exe (PID: 5492)
      • setup.exe (PID: 7348)
      • slui.exe (PID: 5592)
      • slui.exe (PID: 7532)
      • powershell.exe (PID: 7048)
      • setup.exe (PID: 8244)

    • The sample compiled with english language support

      • setup.exe (PID: 7348)
      • OperaGXSetup.exe (PID: 7412)
      • setup.exe (PID: 6824)
      • setup.exe (PID: 2136)
      • setup.exe (PID: 2420)
      • setup.exe (PID: 7308)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 8068)
      • installer.exe (PID: 7364)
      • installer.exe (PID: 7184)
      • installer.exe (PID: 8764)
      • installer.exe (PID: 7244)
      • opera_autoupdate.exe (PID: 240)
      • installer.exe (PID: 8836)
      • opera_autoupdate.exe (PID: 4608)
      • installer.exe (PID: 7284)
      • ExLoader_Installer.exe (PID: 5796)
      • ExLoader_Installer.exe (PID: 1132)
      • OperaSetup.exe (PID: 2152)
      • setup.exe (PID: 8244)
      • setup.exe (PID: 8756)
      • setup.exe (PID: 8964)
      • setup.exe (PID: 8728)
      • setup.exe (PID: 7804)
      • opera.exe (PID: 2780)
      • ExLoader.exe (PID: 8264)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 2028)
      • amongperformance.exe (PID: 6028)

    • Reads the computer name

      • setup.exe (PID: 7348)
      • setup.exe (PID: 2136)
      • installer.exe (PID: 7364)
      • assistant_installer.exe (PID: 5136)
      • opera.exe (PID: 6456)
      • opera.exe (PID: 3976)
      • opera.exe (PID: 7100)
      • opera_gx_splash.exe (PID: 7776)
      • opera.exe (PID: 7200)
      • opera.exe (PID: 2268)
      • installer.exe (PID: 8764)
      • opera_autoupdate.exe (PID: 240)
      • opera_autoupdate.exe (PID: 8632)
      • opera.exe (PID: 8828)
      • opera.exe (PID: 7308)
      • opera_autoupdate.exe (PID: 7532)
      • opera.exe (PID: 7776)
      • opera.exe (PID: 4652)
      • opera.exe (PID: 8856)
      • opera.exe (PID: 8608)
      • opera.exe (PID: 7984)
      • opera_autoupdate.exe (PID: 5964)
      • opera.exe (PID: 8572)
      • opera_autoupdate.exe (PID: 4608)
      • opera.exe (PID: 8356)
      • ExLoader_Installer.exe (PID: 5796)
      • ExLoader.exe (PID: 8264)
      • ExLoader_Installer.exe (PID: 1132)
      • setup.exe (PID: 8244)
      • setup.exe (PID: 8964)
      • amongperformance.exe (PID: 6028)
      • assistant_installer.exe (PID: 6728)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 7348)
      • opera.exe (PID: 6456)
      • opera_autoupdate.exe (PID: 240)
      • opera_autoupdate.exe (PID: 9068)
      • opera_autoupdate.exe (PID: 7392)
      • opera_autoupdate.exe (PID: 8632)
      • opera_autoupdate.exe (PID: 5048)
      • opera_autoupdate.exe (PID: 7532)
      • opera.exe (PID: 7776)
      • opera_autoupdate.exe (PID: 5964)
      • opera_autoupdate.exe (PID: 5416)
      • opera_autoupdate.exe (PID: 4608)
      • opera_autoupdate.exe (PID: 1056)
      • setup.exe (PID: 8244)

    • OPERA mutex has been found

      • opera.exe (PID: 6456)
      • opera_autoupdate.exe (PID: 8632)
      • opera_autoupdate.exe (PID: 240)
      • opera_autoupdate.exe (PID: 7532)
      • opera.exe (PID: 7776)
      • opera_autoupdate.exe (PID: 5964)
      • opera_autoupdate.exe (PID: 4608)

    • Process checks computer location settings

      • opera.exe (PID: 6456)
      • opera.exe (PID: 4728)
      • opera.exe (PID: 632)
      • opera.exe (PID: 1348)
      • opera.exe (PID: 7248)
      • opera.exe (PID: 7364)
      • opera.exe (PID: 7760)
      • opera.exe (PID: 5980)
      • opera.exe (PID: 7192)
      • opera.exe (PID: 540)
      • opera.exe (PID: 7240)
      • opera.exe (PID: 5500)
      • opera.exe (PID: 8516)
      • opera.exe (PID: 8212)
      • opera.exe (PID: 9020)
      • opera.exe (PID: 8944)
      • opera.exe (PID: 9048)
      • opera.exe (PID: 3032)
      • opera.exe (PID: 8744)
      • opera.exe (PID: 6108)
      • opera.exe (PID: 9024)
      • opera.exe (PID: 4784)
      • opera.exe (PID: 8364)
      • opera.exe (PID: 7412)
      • opera.exe (PID: 7772)
      • opera.exe (PID: 7776)
      • opera.exe (PID: 2408)
      • opera.exe (PID: 7508)
      • opera.exe (PID: 8868)
      • opera.exe (PID: 8592)
      • opera.exe (PID: 1748)
      • opera.exe (PID: 8776)
      • opera.exe (PID: 8988)
      • opera.exe (PID: 8292)
      • opera.exe (PID: 7956)
      • opera.exe (PID: 7368)
      • opera.exe (PID: 3100)
      • opera.exe (PID: 7636)
      • opera.exe (PID: 7948)
      • ExLoader_Installer.exe (PID: 5796)
      • ExLoader_Installer.exe (PID: 1132)
      • ExLoader.exe (PID: 8264)
      • amongperformance.exe (PID: 6028)

    • Reads CPU info

      • opera.exe (PID: 6456)
      • opera.exe (PID: 7776)

    • Creates files in the program directory

      • ExLoader_Installer.exe (PID: 1132)
      • ExLoader.exe (PID: 8264)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 8568)
      • powershell.exe (PID: 8492)
      • powershell.exe (PID: 8132)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 8568)
      • powershell.exe (PID: 8492)
      • powershell.exe (PID: 8132)

    • Reads Environment values

      • amongperformance.exe (PID: 6028)

    • Reads product name

      • amongperformance.exe (PID: 6028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:03:19 12:01:48
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: WindowsCleaner/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
355
Monitored processes
216
Malicious processes
15
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe no specs sppextcomobj.exe no specs slui.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs rundll32.exe no specs explorer.exe operagxsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe slui.exe opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe assistant_installer.exe no specs assistant_installer.exe no specs chrome.exe no specs installer.exe installer.exe chrome.exe no specs opera.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs chrome.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs comppkgsrv.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe installer.exe opera_autoupdate.exe no specs opera.exe no specs opera_autoupdate.exe opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs installer.exe chrome.exe no specs opera.exe no specs chrome.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs chrome.exe no specs opera.exe no specs opera_autoupdate.exe opera_autoupdate.exe no specs opera.exe opera_crashreporter.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs comppkgsrv.exe no specs opera.exe no specs opera_autoupdate.exe opera.exe no specs opera_autoupdate.exe opera_autoupdate.exe no specs opera.exe no specs opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs installer.exe opera.exe no specs exloader_installer.exe exloader_installer.exe no specs exloader_installer.exe powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs exloader.exe powershell.exe no specs conhost.exe no specs operasetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe opera.exe no specs opera.exe amongperformance.exe powershell.exe no specs conhost.exe no specs opera.exe no specs opera.exe no specs assistant_117.0.5408.35_setup.exe_sfx.exe powershell.exe no specs conhost.exe no specs assistant_installer.exe assistant_installer.exe cmd.exe no specs conhost.exe no specs taskkill.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs dxwebsetup.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
240"C:\Users\admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --scheduledtask --bypasslauncher --requesttype=automatic --scheduledtask --enableipv6 --bypasslauncher --pipeid=oauc_task_pipec12dca2c6d0f4844aad7502765c89329C:\Users\admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe
svchost.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX auto-updater
Exit code:
0
Version:
117.0.5408.213
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\autoupdate\opera_autoupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
540"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-new-ids=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=on --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=off --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7276,i,10882461004521235076,9407266043664703945,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
117.0.5408.213
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\117.0.5408.213\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
616"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-new-ids=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=on --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=off --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --field-trial-handle=8524,i,10882461004521235076,9407266043664703945,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=10704 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
117.0.5408.213
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\117.0.5408.213\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
632"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-new-ids=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=on --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=off --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4408,i,10882461004521235076,9407266043664703945,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
117.0.5408.213
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\117.0.5408.213\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
660"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-new-ids=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=on --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=off --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --field-trial-handle=8268,i,10882461004521235076,9407266043664703945,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
117.0.5408.213
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\117.0.5408.213\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
808C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command (gwmi Win32_BaseBoard)C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeamongperformance.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
900"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3732 --field-trial-handle=1924,i,468055790799553980,1310550729359598516,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
908\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1056"C:\Users\admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=117.0.5408.213 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7e720ee10,0x7ff7e720ee1c,0x7ff7e720ee28C:\Users\admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exeopera_autoupdate.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX auto-updater
Exit code:
0
Version:
117.0.5408.213
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\autoupdate\opera_autoupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
1116"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-new-ids=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=on --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:suggestion-redirect-handler=off --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --field-trial-handle=6024,i,6265235990678166445,12313870461920923424,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7072 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
117.0.5408.213
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\117.0.5408.213\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
262 185
Read events
260 882
Write events
1 268
Delete events
35

Modification events

(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\5\ApplicationViewManagement\W32:0000000000050304
Operation:writeName:VirtualDesktop
Value:
1000000030304456BFA0DB55E4278845B426357D5B5F97B3
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\WindowsCleaner.zip
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\5\ApplicationViewManagement\W32:0000000000050304
Operation:delete keyName:(default)
Value:
Executable files
173
Suspicious files
1 608
Text files
1 280
Unknown types
0

Dropped files

PID
Process
Filename
Type
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF10edad.TMP
MD5:
SHA256:
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF10edad.TMP
MD5:
SHA256:
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF10edbd.TMP
MD5:
SHA256:
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF10edbd.TMP
MD5:
SHA256:
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF10edbd.TMP
MD5:
SHA256:
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4272chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
45
TCP/UDP connections
370
DNS requests
377
Threats
106

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.21:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
8064
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8064
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5492
explorer.exe
GET
200
23.40.158.218:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA3ri9giEg1QVRsEGETa5zg%3D
unknown
whitelisted
5492
explorer.exe
GET
200
23.40.158.218:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
5492
explorer.exe
GET
200
23.40.158.218:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
7348
setup.exe
GET
200
23.40.158.218:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAsA6S1NbXMfyjBZx8seGIY%3D
unknown
whitelisted
7348
setup.exe
GET
200
23.40.158.218:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
7348
setup.exe
GET
200
142.250.186.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
23.216.77.21:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.76:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2112
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4272
chrome.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.216.77.21
  • 23.216.77.25
  • 23.216.77.23
whitelisted
google.com
  • 142.250.184.206
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.32.76
  • 20.190.160.128
  • 40.126.32.68
  • 20.190.160.14
  • 20.190.160.17
  • 20.190.160.20
  • 20.190.160.65
  • 20.190.160.66
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 23.40.158.218
  • 2.23.77.188
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
clientservices.googleapis.com
  • 142.250.186.163
whitelisted
accounts.google.com
  • 64.233.184.84
whitelisted
www.google.com
  • 142.250.186.164
  • 142.250.186.68
  • 2a00:1450:4001:828::2004
whitelisted
www.gstatic.com
  • 142.250.185.99
whitelisted

Threats

PID
Process
Class
Message
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
3976
opera.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WindowsCleaner.zip