Malware analysis winningcompetition.weebly.com Malicious activity

Add for printing

URL:	winningcompetition.weebly.com
Full analysis:	https://app.any.run/tasks/d01b26fe-8257-4d95-a3a6-e0efae1c3317
Verdict:	Malicious activity
Analysis date:	November 22, 2023, 20:33:40
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	qrcode
Indicators:
SHA1:	95C33FB66E11FA0BFD1B9549FF0AAC06DB04908B
SHA256:	0D251383F0838D3B52763DB67F52FBF1FC481202990EA95E801264ACBFEF5F4A
SSDEEP:	3:cLCKV0QMQ3nLdI:DQMQ3nZI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Actions looks like stealing of personal data
  - Opera_95.0.4635.90_Setup.exe (PID: 3760)
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - Opera_95.0.4635.90_Setup.exe (PID: 148)
  - Opera_95.0.4635.90_Setup.exe (PID: 1996)
  - Opera_95.0.4635.90_Setup.exe (PID: 1644)
  - Opera_95.0.4635.90_Setup.exe (PID: 2292)
  - assistant_installer.exe (PID: 1876)
  - assistant_installer.exe (PID: 668)
  - installer.exe (PID: 368)
  - installer.exe (PID: 2396)
  - assistant_installer.exe (PID: 2868)
  - assistant_installer.exe (PID: 2884)
  - assistant_installer.exe (PID: 3148)
  - browser_assistant.exe (PID: 3088)
  - assistant_installer.exe (PID: 3100)
  - browser_assistant.exe (PID: 2492)
  - installer.exe (PID: 3624)
  - installer.exe (PID: 3908)
  - assistant_installer.exe (PID: 3240)
  - assistant_installer.exe (PID: 3632)
  - opera_crashreporter.exe (PID: 2936)
  - opera.exe (PID: 1452)
  - opera.exe (PID: 3876)
  - opera.exe (PID: 1808)
  - opera.exe (PID: 600)
  - opera.exe (PID: 1352)
  - opera.exe (PID: 1604)
  - opera.exe (PID: 1608)
  - opera.exe (PID: 1152)
  - opera.exe (PID: 1356)
  - opera.exe (PID: 2804)
  - opera.exe (PID: 316)
  - opera.exe (PID: 3320)
  - opera.exe (PID: 556)
  - opera.exe (PID: 1820)
  - opera.exe (PID: 668)
  - opera.exe (PID: 1344)
  - opera.exe (PID: 2080)
  - opera.exe (PID: 2392)
  - opera.exe (PID: 1876)
  - opera.exe (PID: 1660)
  - opera.exe (PID: 3800)
  - opera.exe (PID: 2672)
  - opera.exe (PID: 120)
  - opera.exe (PID: 1868)
  - opera.exe (PID: 2408)
  - opera.exe (PID: 3000)
  - opera.exe (PID: 1584)
  - opera.exe (PID: 2532)
  - opera.exe (PID: 276)
  - opera.exe (PID: 2620)
  - opera.exe (PID: 1212)
  - opera.exe (PID: 2396)
  - opera.exe (PID: 1700)
  - opera.exe (PID: 2860)
  - opera_autoupdate.exe (PID: 1452)
  - opera.exe (PID: 3336)
  - opera_autoupdate.exe (PID: 4004)
  - opera.exe (PID: 2628)
  - opera.exe (PID: 2108)
  - opera.exe (PID: 2464)
  - opera.exe (PID: 3528)
  - opera.exe (PID: 1228)
  - opera.exe (PID: 2632)
  - opera.exe (PID: 1236)
  - opera.exe (PID: 916)
  - opera.exe (PID: 1152)
  - opera.exe (PID: 3472)
  - opera.exe (PID: 1432)
  - opera.exe (PID: 3480)
  - opera.exe (PID: 3192)
  - opera.exe (PID: 2400)
  - opera.exe (PID: 3348)
  - opera.exe (PID: 2620)
  - opera.exe (PID: 3796)
  - opera.exe (PID: 3552)
  - opera.exe (PID: 3636)
  - opera.exe (PID: 3236)
  - opera.exe (PID: 4012)
  - opera.exe (PID: 2464)
  - opera.exe (PID: 3804)
  - opera.exe (PID: 1348)
  - opera.exe (PID: 3512)
  - opera.exe (PID: 2824)
  - opera.exe (PID: 3924)
  - opera.exe (PID: 3912)
  - opera.exe (PID: 2096)
  - opera.exe (PID: 3796)
  - opera.exe (PID: 2428)
  - opera.exe (PID: 2640)
  - opera.exe (PID: 2396)
  - opera.exe (PID: 3192)
  - opera.exe (PID: 3564)
  - opera.exe (PID: 3468)
  - opera.exe (PID: 1360)
  - opera.exe (PID: 3732)
  - opera.exe (PID: 2688)
  - opera.exe (PID: 4080)
  - opera.exe (PID: 2792)
  - opera.exe (PID: 2108)
  - opera.exe (PID: 2176)
  - opera.exe (PID: 148)
  - opera.exe (PID: 3564)
  - opera.exe (PID: 3440)
  - opera.exe (PID: 1416)
  - opera.exe (PID: 3912)
  - opera.exe (PID: 3896)
  - opera.exe (PID: 3592)
  - opera.exe (PID: 1184)
  - opera.exe (PID: 4008)
  - opera.exe (PID: 3960)
  - opera.exe (PID: 1008)
- Drops the executable file immediately after the start
  - Opera_95.0.4635.90_Setup.exe (PID: 3760)
  - Opera_95.0.4635.90_Setup.exe (PID: 3560)
  - Opera_95.0.4635.90_Setup.exe (PID: 148)
  - Opera_95.0.4635.90_Setup.exe (PID: 1996)
  - Opera_95.0.4635.90_Setup.exe (PID: 1644)
  - Opera_95.0.4635.90_Setup.exe (PID: 2292)
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - assistant_package_sfx.exe (PID: 2780)
  - installer.exe (PID: 2396)
  - installer.exe (PID: 368)
  - assistant_installer.exe (PID: 2868)
  - installer.exe (PID: 3624)
  - installer.exe (PID: 3908)
  - installer.exe (PID: 2444)
  - launcher.exe (PID: 528)
  - opera_autoupdate.exe (PID: 1928)
  - installer.exe (PID: 2632)
  - opera.exe (PID: 2672)
SUSPICIOUS
- Application launched itself
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - Opera_95.0.4635.90_Setup.exe (PID: 148)
  - Opera_95.0.4635.90_Setup.exe (PID: 1644)
  - assistant_installer.exe (PID: 1876)
  - installer.exe (PID: 368)
  - assistant_installer.exe (PID: 2868)
  - assistant_installer.exe (PID: 3148)
  - browser_assistant.exe (PID: 3088)
  - installer.exe (PID: 3624)
  - assistant_installer.exe (PID: 3240)
  - opera.exe (PID: 2672)
  - opera_autoupdate.exe (PID: 1452)
  - opera_autoupdate.exe (PID: 1928)
- Reads the Internet Settings
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - Opera_95.0.4635.90_Setup.exe (PID: 148)
  - browser_assistant.exe (PID: 3088)
  - opera.exe (PID: 2672)
  - opera_autoupdate.exe (PID: 1452)
  - opera_autoupdate.exe (PID: 1928)
  - opera.exe (PID: 1184)
- Starts itself from another location
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
- Reads settings of System Certificates
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - installer.exe (PID: 368)
  - browser_assistant.exe (PID: 3088)
  - opera.exe (PID: 2672)
- Checks Windows Trust Settings
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - installer.exe (PID: 368)
  - browser_assistant.exe (PID: 3088)
- Reads security settings of Internet Explorer
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - installer.exe (PID: 368)
  - browser_assistant.exe (PID: 3088)
- The process executes via Task Scheduler
  - launcher.exe (PID: 528)
- Connects to unusual port
  - opera.exe (PID: 2804)
INFO
- Application launched itself
  - iexplore.exe (PID: 3448)
- Manual execution by a user
  - wmpnscfg.exe (PID: 3412)
  - assistant_installer.exe (PID: 3148)
- The process uses the downloaded file
  - iexplore.exe (PID: 3448)
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - Opera_95.0.4635.90_Setup.exe (PID: 148)
- Checks supported languages
  - wmpnscfg.exe (PID: 3412)
  - Opera_95.0.4635.90_Setup.exe (PID: 3760)
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - Opera_95.0.4635.90_Setup.exe (PID: 3560)
  - Opera_95.0.4635.90_Setup.exe (PID: 148)
  - Opera_95.0.4635.90_Setup.exe (PID: 1996)
  - Opera_95.0.4635.90_Setup.exe (PID: 1644)
  - Opera_95.0.4635.90_Setup.exe (PID: 2292)
  - assistant_package_sfx.exe (PID: 2780)
  - assistant_installer.exe (PID: 668)
  - assistant_installer.exe (PID: 1876)
  - installer.exe (PID: 368)
  - installer.exe (PID: 2396)
  - assistant_installer.exe (PID: 2868)
  - assistant_installer.exe (PID: 2884)
  - assistant_installer.exe (PID: 3148)
  - launcher.exe (PID: 3056)
  - browser_assistant.exe (PID: 3088)
  - browser_assistant.exe (PID: 2492)
  - launcher.exe (PID: 968)
  - assistant_installer.exe (PID: 3100)
  - installer.exe (PID: 3624)
  - launcher.exe (PID: 3364)
  - launcher.exe (PID: 3276)
  - launcher.exe (PID: 3832)
  - installer.exe (PID: 3908)
  - assistant_installer.exe (PID: 3240)
  - opera.exe (PID: 2672)
  - launcher.exe (PID: 4044)
  - assistant_installer.exe (PID: 3632)
  - opera_crashreporter.exe (PID: 2936)
  - opera.exe (PID: 2804)
  - opera.exe (PID: 3876)
  - opera.exe (PID: 1808)
  - opera.exe (PID: 1608)
  - opera.exe (PID: 600)
  - opera.exe (PID: 1452)
  - opera.exe (PID: 1352)
  - opera.exe (PID: 1152)
  - opera.exe (PID: 1604)
  - opera.exe (PID: 1660)
  - opera.exe (PID: 556)
  - opera.exe (PID: 2248)
  - opera.exe (PID: 316)
  - opera.exe (PID: 1820)
  - opera.exe (PID: 1344)
  - opera.exe (PID: 3320)
  - opera.exe (PID: 1356)
  - opera.exe (PID: 1876)
  - opera.exe (PID: 3800)
  - opera.exe (PID: 1584)
  - opera.exe (PID: 120)
  - opera.exe (PID: 2392)
  - opera.exe (PID: 2080)
  - opera.exe (PID: 668)
  - opera.exe (PID: 276)
  - opera.exe (PID: 3348)
  - opera.exe (PID: 1868)
  - opera.exe (PID: 3000)
  - opera.exe (PID: 1212)
  - opera.exe (PID: 2860)
  - opera.exe (PID: 3336)
  - opera.exe (PID: 2620)
  - opera.exe (PID: 1700)
  - opera.exe (PID: 2408)
  - opera.exe (PID: 2628)
  - opera.exe (PID: 2532)
  - opera.exe (PID: 1228)
  - opera.exe (PID: 1432)
  - opera.exe (PID: 2396)
  - opera.exe (PID: 2400)
  - opera.exe (PID: 2108)
  - opera.exe (PID: 3480)
  - opera.exe (PID: 2464)
  - opera.exe (PID: 2632)
  - opera.exe (PID: 3192)
  - opera.exe (PID: 3528)
  - opera.exe (PID: 916)
  - opera.exe (PID: 1236)
  - opera_autoupdate.exe (PID: 1452)
  - launcher.exe (PID: 528)
  - opera.exe (PID: 1152)
  - opera.exe (PID: 3472)
  - opera_autoupdate.exe (PID: 4004)
  - installer.exe (PID: 2444)
  - opera_autoupdate.exe (PID: 1928)
  - opera.exe (PID: 4012)
  - opera_autoupdate.exe (PID: 1560)
  - opera.exe (PID: 2620)
  - opera.exe (PID: 3552)
  - opera.exe (PID: 3636)
  - opera.exe (PID: 3236)
  - opera.exe (PID: 2464)
  - opera.exe (PID: 3796)
  - opera.exe (PID: 1348)
  - opera.exe (PID: 3512)
  - opera.exe (PID: 3924)
  - opera.exe (PID: 2824)
  - opera.exe (PID: 3912)
  - opera.exe (PID: 3804)
  - opera.exe (PID: 2428)
  - opera.exe (PID: 2096)
  - opera.exe (PID: 3796)
  - opera.exe (PID: 2640)
  - opera.exe (PID: 3192)
  - opera.exe (PID: 3564)
  - opera.exe (PID: 2396)
  - opera.exe (PID: 2108)
  - opera.exe (PID: 2792)
  - opera.exe (PID: 3440)
  - opera.exe (PID: 2176)
  - installer.exe (PID: 2632)
  - opera.exe (PID: 3468)
  - opera.exe (PID: 1360)
  - opera.exe (PID: 1416)
  - opera.exe (PID: 3564)
  - opera.exe (PID: 2688)
  - opera.exe (PID: 4080)
  - opera.exe (PID: 3732)
  - opera.exe (PID: 148)
  - opera.exe (PID: 3896)
  - opera.exe (PID: 3592)
  - opera.exe (PID: 4008)
  - opera.exe (PID: 3960)
  - opera.exe (PID: 1184)
  - opera.exe (PID: 1008)
  - opera.exe (PID: 3912)
- Reads the computer name
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - wmpnscfg.exe (PID: 3412)
  - Opera_95.0.4635.90_Setup.exe (PID: 148)
  - Opera_95.0.4635.90_Setup.exe (PID: 1644)
  - assistant_installer.exe (PID: 1876)
  - installer.exe (PID: 368)
  - assistant_installer.exe (PID: 2868)
  - assistant_installer.exe (PID: 3148)
  - browser_assistant.exe (PID: 3088)
  - installer.exe (PID: 3624)
  - assistant_installer.exe (PID: 3240)
  - launcher.exe (PID: 4044)
  - opera.exe (PID: 2672)
  - opera.exe (PID: 3876)
  - opera.exe (PID: 2804)
  - opera.exe (PID: 1608)
  - opera.exe (PID: 1452)
  - opera.exe (PID: 600)
  - opera.exe (PID: 1660)
  - opera.exe (PID: 316)
  - opera.exe (PID: 1152)
  - opera.exe (PID: 1604)
  - opera.exe (PID: 556)
  - opera.exe (PID: 2248)
  - opera.exe (PID: 1808)
  - opera.exe (PID: 1352)
  - opera.exe (PID: 1356)
  - opera.exe (PID: 1820)
  - opera.exe (PID: 1344)
  - opera.exe (PID: 3320)
  - opera.exe (PID: 3800)
  - opera.exe (PID: 1584)
  - opera.exe (PID: 120)
  - opera.exe (PID: 2392)
  - opera.exe (PID: 2080)
  - opera.exe (PID: 1876)
  - opera.exe (PID: 668)
  - opera.exe (PID: 2860)
  - opera.exe (PID: 276)
  - opera.exe (PID: 3348)
  - opera.exe (PID: 1868)
  - opera.exe (PID: 1212)
  - opera.exe (PID: 3000)
  - opera.exe (PID: 2620)
  - opera.exe (PID: 3336)
  - opera.exe (PID: 1700)
  - opera.exe (PID: 2400)
  - opera.exe (PID: 2628)
  - opera.exe (PID: 2408)
  - opera.exe (PID: 2532)
  - opera.exe (PID: 1228)
  - opera.exe (PID: 1432)
  - opera.exe (PID: 2396)
  - opera.exe (PID: 3480)
  - opera.exe (PID: 2108)
  - opera.exe (PID: 2464)
  - opera.exe (PID: 2632)
  - opera.exe (PID: 3192)
  - opera.exe (PID: 3528)
  - opera.exe (PID: 916)
  - opera.exe (PID: 1236)
  - opera.exe (PID: 1152)
  - opera_autoupdate.exe (PID: 1452)
  - opera.exe (PID: 3472)
  - opera_autoupdate.exe (PID: 1928)
  - opera.exe (PID: 2620)
  - opera.exe (PID: 4012)
  - opera.exe (PID: 3552)
  - opera.exe (PID: 3636)
  - opera.exe (PID: 3236)
  - opera.exe (PID: 2464)
  - opera.exe (PID: 3796)
  - opera.exe (PID: 1348)
  - opera.exe (PID: 3512)
  - opera.exe (PID: 3924)
  - opera.exe (PID: 3912)
  - opera.exe (PID: 3804)
  - opera.exe (PID: 2824)
  - opera.exe (PID: 3796)
  - opera.exe (PID: 2640)
  - opera.exe (PID: 2428)
  - opera.exe (PID: 2096)
  - opera.exe (PID: 3192)
  - opera.exe (PID: 3564)
  - opera.exe (PID: 2396)
  - opera.exe (PID: 2108)
  - opera.exe (PID: 1360)
  - opera.exe (PID: 2792)
  - opera.exe (PID: 2176)
  - opera.exe (PID: 3468)
  - opera.exe (PID: 148)
  - opera.exe (PID: 3564)
  - opera.exe (PID: 2688)
  - opera.exe (PID: 3732)
  - opera.exe (PID: 4080)
  - opera.exe (PID: 3440)
  - opera.exe (PID: 1416)
  - opera.exe (PID: 3592)
  - opera.exe (PID: 3912)
  - opera.exe (PID: 3896)
  - opera.exe (PID: 1184)
  - opera.exe (PID: 4008)
  - opera.exe (PID: 3960)
  - opera.exe (PID: 1008)
- Create files in a temporary directory
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - Opera_95.0.4635.90_Setup.exe (PID: 3760)
  - Opera_95.0.4635.90_Setup.exe (PID: 3560)
  - Opera_95.0.4635.90_Setup.exe (PID: 148)
  - Opera_95.0.4635.90_Setup.exe (PID: 1996)
  - Opera_95.0.4635.90_Setup.exe (PID: 1644)
  - Opera_95.0.4635.90_Setup.exe (PID: 2292)
  - assistant_package_sfx.exe (PID: 2780)
  - installer.exe (PID: 368)
  - installer.exe (PID: 2396)
  - installer.exe (PID: 3624)
  - installer.exe (PID: 3908)
  - opera.exe (PID: 2672)
  - launcher.exe (PID: 528)
  - installer.exe (PID: 2444)
  - opera_autoupdate.exe (PID: 1560)
  - opera_autoupdate.exe (PID: 1928)
  - installer.exe (PID: 2632)
- Creates files or folders in the user directory
  - Opera_95.0.4635.90_Setup.exe (PID: 3760)
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - installer.exe (PID: 368)
  - browser_assistant.exe (PID: 3088)
  - opera.exe (PID: 2672)
  - opera.exe (PID: 2804)
- Checks proxy server information
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - browser_assistant.exe (PID: 3088)
- Reads the machine GUID from the registry
  - wmpnscfg.exe (PID: 3412)
  - Opera_95.0.4635.90_Setup.exe (PID: 3708)
  - installer.exe (PID: 368)
  - assistant_installer.exe (PID: 2868)
  - installer.exe (PID: 3624)
  - browser_assistant.exe (PID: 3088)
  - opera.exe (PID: 2672)
  - opera_autoupdate.exe (PID: 1452)
  - opera_autoupdate.exe (PID: 4004)
  - opera.exe (PID: 2620)
  - opera_autoupdate.exe (PID: 1928)
  - opera_autoupdate.exe (PID: 1560)
  - opera.exe (PID: 3912)
  - opera.exe (PID: 1184)
- Creates files in the program directory
  - Opera_95.0.4635.90_Setup.exe (PID: 1644)
  - installer.exe (PID: 368)
  - assistant_installer.exe (PID: 2868)
  - opera_autoupdate.exe (PID: 1928)
- Drops the executable file immediately after the start
  - iexplore.exe (PID: 3484)
- Process checks computer location settings
  - opera.exe (PID: 2672)
  - opera.exe (PID: 1604)
  - opera.exe (PID: 1356)
  - opera.exe (PID: 3320)
  - opera.exe (PID: 556)
  - opera.exe (PID: 1820)
  - opera.exe (PID: 1660)
  - opera.exe (PID: 668)
  - opera.exe (PID: 1344)
  - opera.exe (PID: 2392)
  - opera.exe (PID: 1876)
  - opera.exe (PID: 1584)
  - opera.exe (PID: 120)
  - opera.exe (PID: 3236)
  - opera.exe (PID: 3512)
  - opera.exe (PID: 2428)
  - opera.exe (PID: 2396)
  - opera.exe (PID: 2096)
  - opera.exe (PID: 3564)
  - opera.exe (PID: 3192)
  - opera.exe (PID: 3468)
  - opera.exe (PID: 3592)
  - opera.exe (PID: 3896)
  - opera.exe (PID: 4008)
  - opera.exe (PID: 3960)
- Reads CPU info
  - opera.exe (PID: 2672)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

176

Monitored processes

129

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

120

"C:\Program Files\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4500 --field-trial-handle=1108,i,8836380703062188607,5838043566341095726,131072 /prefetch:1

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

148

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Opera_95.0.4635.90_Setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3708 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20231122203543" --session-guid=64feb958-5019-4ab7-97cb-410a0b476272 --desktopshortcut=1 --wait-for-package --initial-proc-handle=3C06000000000000

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Opera_95.0.4635.90_Setup.exe

Opera_95.0.4635.90_Setup.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Installer

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\opera_95.0.4635.90_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll

148

"C:\Program Files\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=648 --field-trial-handle=1108,i,8836380703062188607,5838043566341095726,131072 /prefetch:8

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

276

"C:\Program Files\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3992 --field-trial-handle=1108,i,8836380703062188607,5838043566341095726,131072 /prefetch:8

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

316

"C:\Program Files\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2024 --field-trial-handle=1108,i,8836380703062188607,5838043566341095726,131072 /prefetch:8

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

368

"C:\Program Files\Opera\95.0.4635.90\installer.exe" --backend --initial-pid=3708 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=0 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311222035431" --session-guid=64feb958-5019-4ab7-97cb-410a0b476272 --desktopshortcut=1 --install-subfolder=95.0.4635.90 --parent-pid=148

C:\Program Files\Opera\95.0.4635.90\installer.exe

Opera_95.0.4635.90_Setup.exe

User:

admin

Company:

Opera Software

Integrity Level:

HIGH

Description:

Opera Installer

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\95.0.4635.90\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll

528

"C:\Program Files\Opera\launcher.exe" --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=95.0.4635.90 --newautoupdaterlogic

C:\Program Files\Opera\launcher.exe

—

taskeng.exe

User:

admin

Company:

Opera Software

Integrity Level:

HIGH

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll

556

"C:\Program Files\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2964 --field-trial-handle=1108,i,8836380703062188607,5838043566341095726,131072 /prefetch:1

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

600

"C:\Program Files\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2000 --field-trial-handle=1108,i,8836380703062188607,5838043566341095726,131072 /prefetch:8

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

668

"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311222035431\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.90 --initial-client-data=0x120,0x124,0x128,0xf4,0x12c,0x1334bd0,0x1334be0,0x1334bec

C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311222035431\assistant\assistant_installer.exe

assistant_installer.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Browser Assistant Installer

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\opera_package_202311222035431\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll

Add for printing

Total events

49 953

Read events

49 639

Write events

285

Delete events

Modification events


(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 0
(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 30847387
(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 30847437
(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(3448) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

Suspicious files

656

Text files

592

Unknown types

Dropped files

PID	Process	Filename		Type
3484	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\main_style[1].css		text
		MD5:F8D3C9B6422BE85B0A85D64E08B2D209	SHA256:01FAE738C9A6A7015A30FCC090AAE6B499C34965E73EE84D67134A4AC4A62BF4
3484	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:CBE8578EA2343E4A20AE775CC8274F38	SHA256:3E66B216BCE1F3A7745B4A53DBDAFEFFDB502BA6F3735BB5E7516CC9A67F6FD1
3484	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419		binary
		MD5:27E6F24496689CAB05293311C6F9BB55	SHA256:0325D58C6B0745E2B24C2DB8AE8252BD4DA480B6780254776E81250CE912668D
3484	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_2C5F0ED2F89F8ECF54C55F34FCBF12DA		binary
		MD5:40BF9304BBFB897783CC36E6F4DF9073	SHA256:7DC4B493272433EF9CBA4AD277AE9A2493261CCA9335547F6FC0D6F7AE651205
3484	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ETCDF68.txt		text
		MD5:CD62875963023FF33D685A748D2A2188	SHA256:B1782A091AD3A0A6E80680190501453026F50B2371DC9801B22FF6F316A1B270
3484	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\fancybox[1].css		text
		MD5:1DCEBBB5A1EB8B028310CEEB72A339B3	SHA256:865CB87DE9FC4D6530EDCE21F0103107ABAE6ABE45CABDFF2AD9AF067B3D8E0A
3484	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\theme-plugins[1].js		text
		MD5:B6889BF0CFD5FBD322BDAC1906F1BF6E	SHA256:C4F595F154C135E6631DF3E3A986A1FDEBDA177A47A91CBB9E645D37A0E03311
3484	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\slideshow[1].css		text
		MD5:3986DB9081B6F62AE765B55503B9F6AD	SHA256:054411E5423615254088341E90D1C49C68E19E016690034B95437499EA18BA87
3484	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\font[3].css		text
		MD5:8748EEC74F3E1353FF5D59C4FC793928	SHA256:CB2642E037C6E74EACE100541B7E6776ECAF14371B49E4DECF7831BFB0A7147B
3484	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\sites[1].css		text
		MD5:251FE9DD065A30EFD11CCAB9A9613CDA	SHA256:5B6BD64C8F7D37DD7BD34E3760CFFFA93A982937376E2C02708F63C35C645A07

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

314

DNS requests

239

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3484	iexplore.exe	GET	301	199.34.228.53:80	http://winningcompetition.weebly.com/	unknown	html	398 b	unknown
3484	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D	unknown	binary	471 b	unknown
3484	iexplore.exe	GET	200	104.18.21.226:80	http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEH3wUWDKXSh7Z3b6AuDWurw%3D	unknown	binary	1.40 Kb	unknown
3484	iexplore.exe	GET	200	23.216.77.177:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ef2e01c2b2bd93b0	unknown	compressed	4.66 Kb	unknown
3484	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAgrLkwGpCB95PF3gVJY%2F%2Bw%3D	unknown	binary	471 b	unknown
3484	iexplore.exe	GET	200	142.250.185.163:80	http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D	unknown	binary	724 b	unknown
3484	iexplore.exe	GET	200	142.250.185.163:80	http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQChuVoVf7HVAxLxWCb2kXo7	unknown	binary	472 b	unknown
3484	iexplore.exe	GET	200	142.250.185.163:80	http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D	unknown	binary	1.41 Kb	unknown
3448	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D	unknown	binary	313 b	unknown
3484	iexplore.exe	GET	200	172.64.149.23:80	http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQDZLWqgBPPtncRRxAKDICn2	unknown	binary	472 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2588	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
3484	iexplore.exe	199.34.228.53:80	winningcompetition.weebly.com	WEEBLY	US	unknown
3484	iexplore.exe	199.34.228.53:443	winningcompetition.weebly.com	WEEBLY	US	unknown
3484	iexplore.exe	23.216.77.177:80	ctldl.windowsupdate.com	Akamai International B.V.	DE	unknown
3484	iexplore.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
3484	iexplore.exe	151.101.1.46:443	cdn2.editmysite.com	FASTLY	US	unknown
3484	iexplore.exe	104.18.21.226:80	ocsp2.globalsign.com	CLOUDFLARENET	—	shared
3484	iexplore.exe	216.58.206.40:443	ssl.google-analytics.com	GOOGLE	US	unknown
3484	iexplore.exe	142.250.185.163:80	ocsp.pki.goog	GOOGLE	US	whitelisted

DNS requests

Domain	IP	Reputation
winningcompetition.weebly.com	199.34.228.53 199.34.228.54	unknown
ctldl.windowsupdate.com	23.216.77.177 23.216.77.140 23.216.77.132 23.216.77.185 23.216.77.168 23.216.77.149 23.216.77.146 23.216.77.145 23.216.77.178 23.216.77.165	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
cdn2.editmysite.com	151.101.1.46 151.101.65.46 151.101.129.46 151.101.193.46	whitelisted
ocsp2.globalsign.com	104.18.21.226 104.18.20.226	whitelisted
ssl.google-analytics.com	216.58.206.40 142.250.185.72	whitelisted
ocsp.pki.goog	142.250.185.163	whitelisted
api.bing.com	13.107.5.80	whitelisted
www.bing.com	92.123.104.37 92.123.104.32 92.123.104.36 92.123.104.43 92.123.104.44 92.123.104.41 92.123.104.40 92.123.104.49 92.123.104.34 204.79.197.200 13.107.21.200	whitelisted
smrturl.co	104.21.29.202 172.67.149.199	malicious

Threats

No threats detected

Add for printing

Process	Message
assistant_installer.exe	[1122/203559.119:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311222035431\assistant\assistant_installer.exe" --version
assistant_installer.exe	[1122/203613.443:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311222035431\assistant\assistant_installer.exe" --installfolder="C:\Program Files\Opera\assistant" --copyonly=0 --allusers=0
assistant_installer.exe	[1122/203613.498:INFO:assistant_installer.cc(283)] Setting up the registry
assistant_installer.exe	[1122/203613.599:INFO:assistant_installer.cc(337)] Creating scheduled task
assistant_installer.exe	[1122/203613.638:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Program Files\Opera\assistant\assistant_installer.exe" --installfolder="C:\Program Files\Opera\assistant" --run-assistant --allusers=0
assistant_installer.exe	[1122/203613.638:INFO:assistant_installer.cc(242)] Running Assistant
browser_assistant.exe	[1122/203614.013:ERROR:tracking_data_utils.cc(72)] Can't read edition: missing value.
assistant_installer.exe	[1122/203614.318:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Program Files\Opera\assistant\assistant_installer.exe" --post-elevated-install-tasks --installfolder="C:\Program Files\Opera\assistant"

General Info

winningcompetition.weebly.com

95C33FB66E11FA0BFD1B9549FF0AAC06DB04908B

0D251383F0838D3B52763DB67F52FBF1FC481202990EA95E801264ACBFEF5F4A

3:cLCKV0QMQ3nLdI:DQMQ3nZI

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Actions looks like stealing of personal data

Drops the executable file immediately after the start

SUSPICIOUS

Application launched itself

Reads the Internet Settings

Starts itself from another location

Reads settings of System Certificates

Checks Windows Trust Settings

Reads security settings of Internet Explorer

The process executes via Task Scheduler

Connects to unusual port

INFO

Application launched itself

Manual execution by a user

The process uses the downloaded file

Checks supported languages

Reads the computer name

Create files in a temporary directory

Creates files or folders in the user directory

Checks proxy server information

Reads the machine GUID from the registry

Creates files in the program directory

Drops the executable file immediately after the start

Process checks computer location settings

Reads CPU info

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings