URL:

https://enigmatechcheats.com/

Full analysis: https://app.any.run/tasks/57277a13-b4cf-40a9-a85e-2220402705f9
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 14, 2026, 07:01:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
github
evasion
stealer
opera
tool
fingerprinting
anti-evasion
Indicators:
MD5:

93D7B3E887B3E6A45D4537A6D6D45EBB

SHA1:

311FF72D1E5342E5016127FE076BCF20AC6DF83C

SHA256:

33808E4A904307A1097CE8372F621037E284CAF5B23F5DD988D0DECC0A2602D4

SSDEEP:

3:N8OAGNwRWZ3n:2vvWt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Adds path to the Windows Defender exclusion list

      • cmd.exe (PID: 1688)
      • ExLoader_Installer.exe (PID: 4516)

    • Executing a file with an untrusted certificate

      • EnigmaTech-v2.exe (PID: 3588)
      • EnigmaTech-v2.exe (PID: 5500)
      • SEMgrSvc.exe (PID: 8692)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 1688)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 1688)

    • Changes Windows Defender settings

      • cmd.exe (PID: 1688)
      • ExLoader_Installer.exe (PID: 4516)

    • Actions looks like stealing of personal data

      • ExLoader_Installer.exe (PID: 4516)
      • installer.exe (PID: 9340)
      • opera_crashreporter.exe (PID: 9736)
      • opera_crashreporter.exe (PID: 6704)
      • opera_crashreporter.exe (PID: 7696)
      • opera.exe (PID: 8024)
      • opera_crashreporter.exe (PID: 1836)
      • opera.exe (PID: 4136)
      • opera_crashreporter.exe (PID: 10268)
      • browser_assistant.exe (PID: 3168)
      • browser_assistant.exe (PID: 8260)
      • opera.exe (PID: 11096)
      • opera_crashreporter.exe (PID: 10508)
      • opera.exe (PID: 11220)
      • opera.exe (PID: 10604)
      • opera_autoupdate.exe (PID: 10408)
      • opera_autoupdate.exe (PID: 10132)
      • aswEngSrv.exe (PID: 6484)
      • engsup.exe (PID: 12664)
      • AvastUI.exe (PID: 12452)

    • Steals credentials from Web Browsers

      • installer.exe (PID: 9340)
      • installer.exe (PID: 9368)
      • installer.exe (PID: 9628)
      • installer.exe (PID: 9580)
      • assistant_installer.exe (PID: 2912)
      • assistant_installer.exe (PID: 9200)
      • installer.exe (PID: 9760)
      • installer.exe (PID: 9556)
      • assistant_installer.exe (PID: 756)
      • assistant_installer.exe (PID: 9780)
      • assistant_installer.exe (PID: 7308)
      • assistant_installer.exe (PID: 6316)
      • opera_crashreporter.exe (PID: 6704)
      • opera_crashreporter.exe (PID: 9736)
      • opera.exe (PID: 8064)
      • opera.exe (PID: 8024)
      • opera_crashreporter.exe (PID: 7696)
      • opera.exe (PID: 10212)
      • opera.exe (PID: 9812)
      • opera_crashreporter.exe (PID: 1836)
      • opera.exe (PID: 4136)
      • opera_crashreporter.exe (PID: 10268)
      • browser_assistant.exe (PID: 3168)
      • browser_assistant.exe (PID: 8260)
      • opera_crashreporter.exe (PID: 10508)
      • opera.exe (PID: 6928)
      • opera.exe (PID: 10444)
      • opera_crashreporter.exe (PID: 11116)
      • opera.exe (PID: 11096)
      • opera_crashreporter.exe (PID: 9588)
      • opera.exe (PID: 11220)
      • opera.exe (PID: 10604)
      • installer.exe (PID: 10444)
      • installer.exe (PID: 1488)
      • opera_autoupdate.exe (PID: 10132)
      • opera_autoupdate.exe (PID: 10408)
      • opera_autoupdate.exe (PID: 8916)
      • opera_autoupdate.exe (PID: 10948)
      • AvastSvc.exe (PID: 9708)
      • aswEngSrv.exe (PID: 6484)
      • engsup.exe (PID: 12664)
      • AvastUI.exe (PID: 12452)

    • Changes the autorun value in the registry

      • assistant_installer.exe (PID: 9780)
      • opera.exe (PID: 8024)
      • opera.exe (PID: 11220)
      • icarus.exe (PID: 10080)

    • Changes settings of System certificates

      • AvastSvc.exe (PID: 9708)

    • Antivirus name has been found in the command line (generic signature)

      • AvastUI.exe (PID: 12452)
      • AvastUI.exe (PID: 12320)
      • AvastUI.exe (PID: 9440)
      • AvastUI.exe (PID: 7512)
      • AvastUI.exe (PID: 12804)
      • AvastUI.exe (PID: 12780)
      • AvastUI.exe (PID: 9912)
      • AvastUI.exe (PID: 10072)
      • AvastUI.exe (PID: 13720)

  • SUSPICIOUS

    • Executing commands from a ".bat" file

      • wscript.exe (PID: 7228)

    • The process executes VB scripts

      • wscript.exe (PID: 7228)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 1688)

    • Executable content was dropped or overwritten

      • EnigmaTech-v2.exe (PID: 5500)
      • powershell.exe (PID: 2140)
      • Enigma.exe (PID: 7340)
      • ExLoader_Installer.exe (PID: 4516)
      • OperaSetup.exe (PID: 8356)
      • installer.exe (PID: 9340)
      • avast_free_antivirus_setup_online.exe (PID: 9304)
      • avast_free_antivirus_online_setup.exe (PID: 9544)
      • icarus.exe (PID: 9844)
      • icarus.exe (PID: 10080)
      • Assistant_128.0.5807.52_Setup.exe_sfx.exe (PID: 3536)
      • installer.exe (PID: 9580)
      • installer.exe (PID: 9556)
      • assistant_installer.exe (PID: 9780)
      • ExLoader.exe (PID: 8628)
      • icarus.exe (PID: 10072)
      • opera_autoupdate.exe (PID: 8916)
      • AvastSvc.exe (PID: 9708)
      • aswOfferTool.exe (PID: 13168)

    • Reads the date of Windows installation

      • EnigmaTech-v2.exe (PID: 5500)
      • Enigma.exe (PID: 7340)
      • ExLoader_Installer.exe (PID: 4516)
      • ExLoader.exe (PID: 8628)
      • installer.exe (PID: 9556)
      • understandingslight.exe (PID: 2708)
      • opera.exe (PID: 11220)
      • aswidsagent.exe (PID: 12052)
      • AvastUI.exe (PID: 12452)

    • Hides errors and continues executing the command without stopping

      • powershell.exe (PID: 3464)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 1688)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 1688)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 2140)
      • powershell.exe (PID: 3464)

    • Uses base64 encoding (POWERSHELL)

      • powershell.exe (PID: 2140)

    • Writes data into a file (POWERSHELL)

      • powershell.exe (PID: 2140)

    • Creates scheduled task with highest privileges

      • schtasks.exe (PID: 6472)

    • Adds exclusion path to Windows Defender (POWERSHELL)

      • cmd.exe (PID: 1688)
      • ExLoader_Installer.exe (PID: 4516)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 1688)
      • ExLoader_Installer.exe (PID: 4516)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 1688)

    • The process drops C-runtime libraries

      • Enigma.exe (PID: 7340)
      • ExLoader_Installer.exe (PID: 4516)
      • icarus.exe (PID: 10080)

    • The process executes via Task Scheduler

      • SEMgrSvc.exe (PID: 8692)
      • opera_autoupdate.exe (PID: 8916)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 7228)

    • Checks for external IP

      • svchost.exe (PID: 2292)
      • ExLoader_Installer.exe (PID: 4516)
      • avast_free_antivirus_setup_online.exe (PID: 9304)
      • AvEmUpdate.exe (PID: 7532)
      • aswToolsSvc.exe (PID: 6084)
      • AvastSvc.exe (PID: 9708)

    • Reads the Windows owner or organization settings

      • ExLoader_Installer.exe (PID: 4516)
      • ExLoader.exe (PID: 8628)
      • understandingslight.exe (PID: 2708)

    • Application launched itself

      • installer.exe (PID: 9340)
      • installer.exe (PID: 9580)
      • assistant_installer.exe (PID: 2912)
      • installer.exe (PID: 9556)
      • assistant_installer.exe (PID: 9780)
      • assistant_installer.exe (PID: 6316)
      • browser_assistant.exe (PID: 8260)
      • opera.exe (PID: 8024)
      • opera.exe (PID: 11096)
      • opera.exe (PID: 11220)
      • installer.exe (PID: 1488)
      • opera_autoupdate.exe (PID: 10408)
      • opera_autoupdate.exe (PID: 8916)
      • AvastUI.exe (PID: 12452)

    • Starts itself from another location

      • installer.exe (PID: 9340)
      • icarus.exe (PID: 9844)
      • assistant_installer.exe (PID: 9780)
      • ExLoader.exe (PID: 8628)

    • The process verifies whether the antivirus software is installed

      • icarus.exe (PID: 10080)
      • icarus.exe (PID: 10072)
      • SetupInf.exe (PID: 8940)
      • AvEmUpdate.exe (PID: 10216)
      • engsup.exe (PID: 2820)
      • RegSvr.exe (PID: 7344)
      • RegSvr.exe (PID: 11072)
      • AvEmUpdate.exe (PID: 7532)
      • SetupInf.exe (PID: 3552)
      • wsc_proxy.exe (PID: 10944)
      • wsc_proxy.exe (PID: 10128)
      • aswToolsSvc.exe (PID: 6084)
      • AvastSvc.exe (PID: 9708)
      • afwServ.exe (PID: 2228)
      • aswEngSrv.exe (PID: 6484)
      • AvastNM.exe (PID: 11992)
      • aswidsagent.exe (PID: 12052)
      • AvastUI.exe (PID: 12452)
      • icarus.exe (PID: 12320)
      • engsup.exe (PID: 12664)
      • icarus.exe (PID: 9844)
      • overseer.exe (PID: 12164)
      • AvastUI.exe (PID: 12320)
      • AvastUI.exe (PID: 7512)
      • AvastUI.exe (PID: 10072)
      • AvastUI.exe (PID: 12804)
      • AvastUI.exe (PID: 9440)
      • AvastUI.exe (PID: 12780)
      • AvastUI.exe (PID: 9912)
      • AvastUI.exe (PID: 13720)

    • The process creates files with name similar to system file names

      • icarus.exe (PID: 10080)

    • Searches for installed software

      • installer.exe (PID: 9556)
      • browser_assistant.exe (PID: 8260)
      • AvastSvc.exe (PID: 9708)

    • Possible stealing from browsers

      • opera_crashreporter.exe (PID: 9736)
      • opera_crashreporter.exe (PID: 6704)
      • opera.exe (PID: 8024)
      • opera_crashreporter.exe (PID: 7696)
      • opera_crashreporter.exe (PID: 1836)
      • opera_crashreporter.exe (PID: 10268)
      • browser_assistant.exe (PID: 3168)
      • opera_crashreporter.exe (PID: 10508)
      • browser_assistant.exe (PID: 8260)
      • opera.exe (PID: 11220)
      • AvastSvc.exe (PID: 9708)
      • aswEngSrv.exe (PID: 6484)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 11220)

    • Drops a system driver (possible attempt to evade defenses)

      • icarus.exe (PID: 10080)

    • Potential Corporate Privacy Violation

      • avast_free_antivirus_setup_online.exe (PID: 9304)

    • Using the short paths format

      • engsup.exe (PID: 2820)
      • SetupInf.exe (PID: 8940)

    • Creates or modifies Windows services

      • icarus.exe (PID: 10080)

    • Creates/Modifies COM task schedule object

      • icarus.exe (PID: 10080)
      • RegSvr.exe (PID: 7344)
      • RegSvr.exe (PID: 11072)

    • Process checks presence of unattended files

      • icarus.exe (PID: 10080)

    • Creates files in the driver directory

      • icarus.exe (PID: 10080)

    • Executes as Windows Service

      • wsc_proxy.exe (PID: 10128)
      • AvastSvc.exe (PID: 9708)
      • afwServ.exe (PID: 2228)
      • aswToolsSvc.exe (PID: 6084)
      • aswidsagent.exe (PID: 12052)

    • Modifies hosts file to alter network resolution

      • AvastSvc.exe (PID: 9708)

    • Adds/modifies Windows certificates

      • AvastSvc.exe (PID: 9708)

    • Read startup parameters

      • aswidsagent.exe (PID: 12052)
      • AvastSvc.exe (PID: 9708)

    • Checks for Java to be installed

      • AvastSvc.exe (PID: 9708)

    • Reads Microsoft Outlook installation path

      • AvastSvc.exe (PID: 9708)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 3644)
      • identity_helper.exe (PID: 1944)
      • EnigmaTech-v2.exe (PID: 5500)
      • SEMgrSvc.exe (PID: 8692)
      • Enigma.exe (PID: 7340)
      • ExLoader_Installer.exe (PID: 4516)
      • ExLoader.exe (PID: 8628)
      • OperaSetup.exe (PID: 8356)
      • avast_free_antivirus_setup_online.exe (PID: 9304)
      • installer.exe (PID: 9368)
      • installer.exe (PID: 9340)
      • avast_free_antivirus_online_setup.exe (PID: 9544)
      • installer.exe (PID: 9440)
      • installer.exe (PID: 9580)
      • installer.exe (PID: 9628)
      • icarus.exe (PID: 9844)
      • icarus.exe (PID: 10072)
      • Assistant_128.0.5807.52_Setup.exe_sfx.exe (PID: 3536)
      • assistant_installer.exe (PID: 2912)
      • icarus.exe (PID: 10080)
      • assistant_installer.exe (PID: 9200)
      • installer.exe (PID: 9760)
      • installer.exe (PID: 9556)
      • assistant_installer.exe (PID: 9780)
      • assistant_installer.exe (PID: 756)
      • assistant_installer.exe (PID: 6316)
      • assistant_installer.exe (PID: 7308)
      • browser_assistant.exe (PID: 8260)
      • opera.exe (PID: 8064)
      • opera.exe (PID: 8024)
      • opera_crashreporter.exe (PID: 9736)
      • opera_crashreporter.exe (PID: 6704)
      • opera.exe (PID: 10212)
      • browser_assistant.exe (PID: 3168)
      • opera_crashreporter.exe (PID: 7696)
      • opera.exe (PID: 4136)
      • opera.exe (PID: 3628)
      • opera.exe (PID: 9812)
      • opera.exe (PID: 10016)
      • opera_crashreporter.exe (PID: 1836)
      • opera.exe (PID: 10236)
      • opera.exe (PID: 6928)
      • opera.exe (PID: 5204)
      • opera.exe (PID: 9300)
      • opera_crashreporter.exe (PID: 10268)
      • opera.exe (PID: 10324)
      • opera.exe (PID: 10444)
      • opera.exe (PID: 10276)
      • opera_crashreporter.exe (PID: 10508)
      • opera.exe (PID: 10316)
      • opera_crashreporter.exe (PID: 11116)
      • opera.exe (PID: 11004)
      • opera.exe (PID: 11096)
      • opera.exe (PID: 10544)
      • opera.exe (PID: 10604)
      • opera.exe (PID: 10712)
      • opera.exe (PID: 10800)
      • opera.exe (PID: 11220)
      • opera_crashreporter.exe (PID: 9588)
      • opera.exe (PID: 10852)
      • opera.exe (PID: 10328)
      • opera.exe (PID: 10416)
      • opera.exe (PID: 10736)
      • opera.exe (PID: 10752)
      • understandingslight.exe (PID: 2708)
      • opera.exe (PID: 10868)
      • opera.exe (PID: 10844)
      • opera_gx_splash.exe (PID: 10408)
      • opera.exe (PID: 11240)
      • opera.exe (PID: 9684)
      • opera.exe (PID: 9496)
      • opera.exe (PID: 9616)
      • opera.exe (PID: 9640)
      • opera.exe (PID: 11116)
      • opera.exe (PID: 8968)
      • opera.exe (PID: 6956)
      • opera.exe (PID: 11128)
      • opera.exe (PID: 7728)
      • opera.exe (PID: 4700)
      • opera.exe (PID: 9576)
      • opera.exe (PID: 3544)
      • opera.exe (PID: 10312)
      • opera.exe (PID: 8692)
      • opera.exe (PID: 9344)
      • opera.exe (PID: 4272)
      • opera.exe (PID: 3404)
      • opera.exe (PID: 9488)
      • opera.exe (PID: 7028)
      • opera.exe (PID: 6224)
      • opera.exe (PID: 11076)
      • opera.exe (PID: 5896)
      • opera.exe (PID: 8152)
      • opera.exe (PID: 8184)
      • opera.exe (PID: 9464)
      • installer.exe (PID: 1488)
      • opera.exe (PID: 5736)
      • opera.exe (PID: 9724)
      • opera.exe (PID: 9168)
      • installer.exe (PID: 10444)
      • opera.exe (PID: 11156)
      • opera_autoupdate.exe (PID: 8916)
      • opera_autoupdate.exe (PID: 10408)
      • opera_autoupdate.exe (PID: 10132)
      • opera_autoupdate.exe (PID: 10948)
      • opera.exe (PID: 8472)
      • opera.exe (PID: 10452)
      • opera.exe (PID: 8676)
      • opera.exe (PID: 10848)
      • opera.exe (PID: 9432)
      • opera.exe (PID: 1344)
      • opera.exe (PID: 9484)
      • opera.exe (PID: 10468)
      • opera.exe (PID: 8472)
      • opera.exe (PID: 4700)
      • opera.exe (PID: 10864)
      • opera.exe (PID: 7180)
      • installer.exe (PID: 8428)
      • opera.exe (PID: 9976)
      • opera.exe (PID: 5700)
      • engsup.exe (PID: 2820)
      • opera.exe (PID: 2896)
      • SetupInf.exe (PID: 8940)
      • AvEmUpdate.exe (PID: 10216)
      • opera.exe (PID: 10112)
      • opera.exe (PID: 1136)
      • RegSvr.exe (PID: 7344)
      • RegSvr.exe (PID: 11072)
      • AvEmUpdate.exe (PID: 7532)
      • SetupInf.exe (PID: 3552)
      • wsc_proxy.exe (PID: 10944)
      • wsc_proxy.exe (PID: 10128)
      • afwServ.exe (PID: 2228)
      • aswToolsSvc.exe (PID: 6084)
      • AvastSvc.exe (PID: 9708)
      • aswEngSrv.exe (PID: 6484)
      • AvastNM.exe (PID: 11992)
      • aswidsagent.exe (PID: 12052)
      • overseer.exe (PID: 12164)
      • icarus.exe (PID: 12320)
      • AvastUI.exe (PID: 12452)
      • engsup.exe (PID: 12664)
      • icarus.exe (PID: 12780)
      • aswOfferTool.exe (PID: 13168)
      • icarus.exe (PID: 13212)
      • opera.exe (PID: 13308)
      • AvastUI.exe (PID: 12320)
      • AvastUI.exe (PID: 7512)
      • AvastUI.exe (PID: 12804)
      • AvastUI.exe (PID: 9440)
      • AvastUI.exe (PID: 9912)
      • AvastUI.exe (PID: 12780)
      • AvastUI.exe (PID: 10072)
      • AvastUI.exe (PID: 13720)

    • Reads the computer name

      • identity_helper.exe (PID: 3644)
      • identity_helper.exe (PID: 1944)
      • EnigmaTech-v2.exe (PID: 5500)
      • Enigma.exe (PID: 7340)
      • ExLoader_Installer.exe (PID: 4516)
      • ExLoader.exe (PID: 8628)
      • avast_free_antivirus_setup_online.exe (PID: 9304)
      • installer.exe (PID: 9340)
      • avast_free_antivirus_online_setup.exe (PID: 9544)
      • icarus.exe (PID: 9844)
      • installer.exe (PID: 9580)
      • icarus.exe (PID: 10080)
      • icarus.exe (PID: 10072)
      • assistant_installer.exe (PID: 2912)
      • installer.exe (PID: 9556)
      • assistant_installer.exe (PID: 9780)
      • assistant_installer.exe (PID: 6316)
      • opera.exe (PID: 8064)
      • opera.exe (PID: 8024)
      • opera.exe (PID: 10212)
      • opera.exe (PID: 3628)
      • browser_assistant.exe (PID: 8260)
      • opera.exe (PID: 4136)
      • opera.exe (PID: 9812)
      • opera.exe (PID: 6928)
      • opera.exe (PID: 10276)
      • opera.exe (PID: 10444)
      • opera.exe (PID: 11096)
      • opera.exe (PID: 11220)
      • opera.exe (PID: 10544)
      • opera.exe (PID: 10604)
      • understandingslight.exe (PID: 2708)
      • opera_gx_splash.exe (PID: 10408)
      • opera.exe (PID: 8184)
      • installer.exe (PID: 1488)
      • opera_autoupdate.exe (PID: 10408)
      • opera_autoupdate.exe (PID: 8916)
      • opera_autoupdate.exe (PID: 10132)
      • opera_autoupdate.exe (PID: 10948)
      • SetupInf.exe (PID: 8940)
      • AvEmUpdate.exe (PID: 10216)
      • AvEmUpdate.exe (PID: 7532)
      • RegSvr.exe (PID: 7344)
      • RegSvr.exe (PID: 11072)
      • SetupInf.exe (PID: 3552)
      • wsc_proxy.exe (PID: 10944)
      • wsc_proxy.exe (PID: 10128)
      • AvastSvc.exe (PID: 9708)
      • afwServ.exe (PID: 2228)
      • aswToolsSvc.exe (PID: 6084)
      • aswidsagent.exe (PID: 12052)
      • icarus.exe (PID: 12320)
      • AvastUI.exe (PID: 12452)
      • engsup.exe (PID: 12664)
      • icarus.exe (PID: 12780)
      • overseer.exe (PID: 12164)
      • aswOfferTool.exe (PID: 13168)
      • icarus.exe (PID: 13212)
      • opera.exe (PID: 13308)
      • AvastUI.exe (PID: 12320)
      • AvastUI.exe (PID: 7512)
      • AvastUI.exe (PID: 9440)
      • AvastUI.exe (PID: 12804)
      • AvastUI.exe (PID: 12780)
      • AvastUI.exe (PID: 10072)
      • AvastUI.exe (PID: 9912)
      • AvastUI.exe (PID: 13720)

    • Manual execution by a user

      • firefox.exe (PID: 2252)
      • notepad.exe (PID: 7712)
      • AvastUI.exe (PID: 12452)

    • Application launched itself

      • msedge.exe (PID: 8392)
      • firefox.exe (PID: 2252)
      • firefox.exe (PID: 8168)

    • Reads Environment values

      • identity_helper.exe (PID: 1944)
      • identity_helper.exe (PID: 3644)
      • ExLoader_Installer.exe (PID: 4516)
      • ExLoader.exe (PID: 8628)
      • icarus.exe (PID: 10080)
      • understandingslight.exe (PID: 2708)
      • AvEmUpdate.exe (PID: 10216)
      • AvEmUpdate.exe (PID: 7532)
      • afwServ.exe (PID: 2228)
      • AvastSvc.exe (PID: 9708)
      • aswToolsSvc.exe (PID: 6084)
      • aswidsagent.exe (PID: 12052)
      • AvastUI.exe (PID: 12452)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 8392)
      • firefox.exe (PID: 8168)

    • Process checks computer location settings

      • EnigmaTech-v2.exe (PID: 5500)
      • Enigma.exe (PID: 7340)
      • ExLoader_Installer.exe (PID: 4516)
      • ExLoader.exe (PID: 8628)
      • opera.exe (PID: 8024)
      • opera.exe (PID: 10236)
      • opera.exe (PID: 5204)
      • opera.exe (PID: 10316)
      • opera.exe (PID: 11220)
      • opera.exe (PID: 10328)
      • understandingslight.exe (PID: 2708)
      • opera.exe (PID: 9684)
      • opera.exe (PID: 11240)
      • opera.exe (PID: 9496)
      • opera.exe (PID: 9616)
      • opera.exe (PID: 9640)
      • opera.exe (PID: 4272)
      • opera.exe (PID: 9464)
      • opera.exe (PID: 11156)
      • opera.exe (PID: 9168)
      • opera.exe (PID: 8676)
      • opera.exe (PID: 8472)
      • opera.exe (PID: 7180)
      • opera.exe (PID: 9976)
      • opera.exe (PID: 10864)
      • aswToolsSvc.exe (PID: 6084)
      • AvastUI.exe (PID: 12452)
      • AvastUI.exe (PID: 12780)
      • AvastUI.exe (PID: 12804)
      • AvastUI.exe (PID: 9912)
      • AvastUI.exe (PID: 10072)
      • AvastUI.exe (PID: 13720)

    • Create files in a temporary directory

      • EnigmaTech-v2.exe (PID: 5500)
      • Enigma.exe (PID: 7340)
      • powershell.exe (PID: 6944)
      • ExLoader_Installer.exe (PID: 4516)
      • OperaSetup.exe (PID: 8356)
      • installer.exe (PID: 9340)
      • avast_free_antivirus_online_setup.exe (PID: 9544)
      • Assistant_128.0.5807.52_Setup.exe_sfx.exe (PID: 3536)
      • installer.exe (PID: 9556)
      • opera.exe (PID: 8024)
      • opera.exe (PID: 11220)
      • understandingslight.exe (PID: 2708)
      • opera_autoupdate.exe (PID: 8916)
      • engsup.exe (PID: 12664)
      • AvastUI.exe (PID: 12452)

    • Reads Microsoft Office registry keys

      • EnigmaTech-v2.exe (PID: 5500)

    • Reads security settings of Internet Explorer

      • EnigmaTech-v2.exe (PID: 5500)
      • Enigma.exe (PID: 7340)
      • powershell.exe (PID: 6944)
      • installer.exe (PID: 9340)
      • installer.exe (PID: 9556)
      • browser_assistant.exe (PID: 8260)
      • AvastSvc.exe (PID: 9708)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 3464)
      • powershell.exe (PID: 1684)
      • powershell.exe (PID: 7296)
      • powershell.exe (PID: 8184)

    • Disables trace logs

      • powershell.exe (PID: 2140)

    • Creates files in the program directory

      • powershell.exe (PID: 2140)
      • ExLoader_Installer.exe (PID: 4516)
      • avast_free_antivirus_online_setup.exe (PID: 9544)
      • icarus.exe (PID: 9844)
      • icarus.exe (PID: 10080)
      • ExLoader.exe (PID: 8628)
      • icarus.exe (PID: 10072)
      • engsup.exe (PID: 2820)
      • AvEmUpdate.exe (PID: 7532)
      • AvEmUpdate.exe (PID: 10216)
      • wsc_proxy.exe (PID: 10944)
      • afwServ.exe (PID: 2228)
      • aswToolsSvc.exe (PID: 6084)
      • AvastSvc.exe (PID: 9708)
      • AvastNM.exe (PID: 11992)
      • aswidsagent.exe (PID: 12052)
      • AvastUI.exe (PID: 12452)
      • engsup.exe (PID: 12664)
      • aswOfferTool.exe (PID: 13168)

    • Launching a file from Task Scheduler

      • cmd.exe (PID: 1688)

    • The sample compiled with english language support

      • Enigma.exe (PID: 7340)
      • firefox.exe (PID: 8168)
      • ExLoader_Installer.exe (PID: 4516)
      • OperaSetup.exe (PID: 8356)
      • installer.exe (PID: 9340)
      • avast_free_antivirus_setup_online.exe (PID: 9304)
      • avast_free_antivirus_online_setup.exe (PID: 9544)
      • icarus.exe (PID: 9844)
      • icarus.exe (PID: 10080)
      • Assistant_128.0.5807.52_Setup.exe_sfx.exe (PID: 3536)
      • installer.exe (PID: 9580)
      • installer.exe (PID: 9556)
      • assistant_installer.exe (PID: 9780)
      • ExLoader.exe (PID: 8628)
      • opera_autoupdate.exe (PID: 8916)
      • icarus.exe (PID: 10072)
      • AvastSvc.exe (PID: 9708)
      • aswOfferTool.exe (PID: 13168)

    • There is functionality for taking screenshot (YARA)

      • EnigmaTech-v2.exe (PID: 5500)
      • Enigma.exe (PID: 7340)

    • Reads product name

      • ExLoader_Installer.exe (PID: 4516)
      • ExLoader.exe (PID: 8628)
      • understandingslight.exe (PID: 2708)
      • aswidsagent.exe (PID: 12052)

    • Creates files or folders in the user directory

      • ExLoader_Installer.exe (PID: 4516)
      • ExLoader.exe (PID: 8628)
      • installer.exe (PID: 9368)
      • installer.exe (PID: 9340)
      • installer.exe (PID: 9580)
      • installer.exe (PID: 9556)
      • assistant_installer.exe (PID: 9780)
      • opera.exe (PID: 8024)
      • opera.exe (PID: 4136)
      • opera.exe (PID: 11096)
      • opera.exe (PID: 11220)
      • understandingslight.exe (PID: 2708)
      • opera.exe (PID: 10604)
      • browser_assistant.exe (PID: 8260)
      • opera_autoupdate.exe (PID: 10132)
      • opera_autoupdate.exe (PID: 10408)
      • opera_autoupdate.exe (PID: 8916)
      • opera.exe (PID: 13308)
      • AvastUI.exe (PID: 12452)
      • AvastUI.exe (PID: 7512)

    • Reads Windows Product ID

      • ExLoader_Installer.exe (PID: 4516)
      • ExLoader.exe (PID: 8628)
      • understandingslight.exe (PID: 2708)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 1684)
      • powershell.exe (PID: 7296)
      • powershell.exe (PID: 8184)

    • Reads the machine GUID from the registry

      • avast_free_antivirus_setup_online.exe (PID: 9304)
      • avast_free_antivirus_online_setup.exe (PID: 9544)
      • installer.exe (PID: 9340)
      • icarus.exe (PID: 9844)
      • icarus.exe (PID: 10072)
      • icarus.exe (PID: 10080)
      • installer.exe (PID: 9556)
      • opera.exe (PID: 8024)
      • browser_assistant.exe (PID: 8260)
      • opera.exe (PID: 11220)
      • opera_autoupdate.exe (PID: 8916)
      • opera_autoupdate.exe (PID: 10132)
      • opera_autoupdate.exe (PID: 10948)
      • opera_autoupdate.exe (PID: 10408)
      • wsc_proxy.exe (PID: 10944)
      • afwServ.exe (PID: 2228)
      • aswToolsSvc.exe (PID: 6084)
      • AvastSvc.exe (PID: 9708)
      • icarus.exe (PID: 12320)
      • aswidsagent.exe (PID: 12052)
      • AvastUI.exe (PID: 12452)
      • icarus.exe (PID: 12780)
      • overseer.exe (PID: 12164)
      • icarus.exe (PID: 13212)
      • opera.exe (PID: 13308)

    • Reads CPU info

      • icarus.exe (PID: 9844)
      • icarus.exe (PID: 10072)
      • icarus.exe (PID: 10080)
      • opera.exe (PID: 11220)
      • engsup.exe (PID: 2820)
      • SetupInf.exe (PID: 8940)
      • AvEmUpdate.exe (PID: 10216)
      • AvEmUpdate.exe (PID: 7532)
      • RegSvr.exe (PID: 7344)
      • RegSvr.exe (PID: 11072)
      • SetupInf.exe (PID: 3552)
      • wsc_proxy.exe (PID: 10944)
      • wsc_proxy.exe (PID: 10128)
      • AvastSvc.exe (PID: 9708)
      • afwServ.exe (PID: 2228)
      • aswToolsSvc.exe (PID: 6084)
      • aswEngSrv.exe (PID: 6484)
      • AvastNM.exe (PID: 11992)
      • aswidsagent.exe (PID: 12052)
      • icarus.exe (PID: 12320)
      • AvastUI.exe (PID: 12452)
      • engsup.exe (PID: 12664)
      • icarus.exe (PID: 12780)
      • icarus.exe (PID: 13212)
      • AvastUI.exe (PID: 12320)
      • AvastUI.exe (PID: 7512)
      • AvastUI.exe (PID: 12804)
      • AvastUI.exe (PID: 9440)
      • AvastUI.exe (PID: 12780)
      • AvastUI.exe (PID: 10072)
      • AvastUI.exe (PID: 9912)
      • AvastUI.exe (PID: 13720)

    • The sample compiled with czech language support

      • icarus.exe (PID: 10080)

    • Launching a file from a Registry key

      • assistant_installer.exe (PID: 9780)
      • opera.exe (PID: 8024)
      • opera.exe (PID: 11220)
      • icarus.exe (PID: 10080)

    • Creates a software uninstall entry

      • installer.exe (PID: 9556)
      • icarus.exe (PID: 10080)

    • OPERA mutex has been found

      • opera.exe (PID: 8024)
      • browser_assistant.exe (PID: 8260)
      • opera.exe (PID: 11220)
      • opera_autoupdate.exe (PID: 10408)
      • opera_autoupdate.exe (PID: 8916)

    • Reads the time zone

      • aswidsagent.exe (PID: 12052)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • aswidsagent.exe (PID: 12052)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
394
Monitored processes
231
Malicious processes
43
Suspicious processes
32

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs enigmatech-v2.exe no specs enigmatech-v2.exe wscript.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs msedge.exe no specs reg.exe no specs reg.exe no specs timeout.exe no specs powershell.exe schtasks.exe no specs schtasks.exe no specs semgrsvc.exe no specs enigma.exe exloader_installer.exe powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs svchost.exe exloader.exe powershell.exe no specs conhost.exe no specs operasetup.exe powershell.exe no specs conhost.exe no specs avast_free_antivirus_setup_online.exe installer.exe installer.exe installer.exe no specs avast_free_antivirus_online_setup.exe installer.exe installer.exe icarus.exe icarus.exe icarus.exe msedge.exe no specs assistant_128.0.5807.52_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe installer.exe installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe browser_assistant.exe opera.exe opera.exe msedge.exe no specs opera_crashreporter.exe opera_crashreporter.exe browser_assistant.exe opera.exe opera_crashreporter.exe opera.exe no specs opera.exe opera.exe opera.exe no specs opera_crashreporter.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe opera_crashreporter.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe opera_crashreporter.exe unsecapp.exe no specs opera.exe no specs opera.exe opera_crashreporter.exe opera.exe opera_crashreporter.exe opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs understandingslight.exe opera_gx_splash.exe no specs msedge.exe no specs msedge.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs installer.exe opera_autoupdate.exe opera.exe no specs opera_autoupdate.exe opera_autoupdate.exe opera_autoupdate.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs updater.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs updater.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe no specs firefox.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs opera.exe no specs msedge.exe no specs opera.exe no specs opera.exe no specs engsup.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe opera.exe no specs opera.exe no specs regsvr.exe no specs regsvr.exe no specs setupinf.exe no specs wsc_proxy.exe no specs wsc_proxy.exe no specs avastsvc.exe afwserv.exe no specs aswtoolssvc.exe aswengsrv.exe avastnm.exe no specs aswidsagent.exe no specs overseer.exe wpr.exe no specs icarus.exe conhost.exe no specs avastui.exe engsup.exe unsecapp.exe no specs icarus.exe aswoffertool.exe icarus.exe opera.exe no specs avastui.exe avastui.exe no specs avastui.exe avastui.exe no specs avastui.exe no specs avastui.exe no specs avastui.exe no specs msedge.exe no specs avastui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
748"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6464,i,17015518224050843556,5006613905136745712,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
756"C:\Users\admin\AppData\Local\Temp\.opera\6789a7c7-1d1e-48a0-81ed-8aaee5ba6c4a Opera Installer Temp\opera_package_202603140304101\assistant\assistant_installer.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=128.0.5807.52 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x1259dc0,0x1259dcc,0x1259dd8C:\Users\admin\AppData\Local\Temp\.opera\6789a7c7-1d1e-48a0-81ed-8aaee5ba6c4a Opera Installer Temp\opera_package_202603140304101\assistant\assistant_installer.exe
assistant_installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Browser Assistant Installer
Exit code:
0
Version:
128.0.5807.52
Modules
Images
c:\users\admin\appdata\local\temp\.opera\6789a7c7-1d1e-48a0-81ed-8aaee5ba6c4a opera installer temp\opera_package_202603140304101\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1044"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2208,i,17015518224050843556,5006613905136745712,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6848,i,17015518224050843556,5006613905136745712,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1136"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-intent=on --with-feature:address-bar-intent-competitors=on --with-feature:address-bar-intent-internal-matching=on --with-feature:address-bar-intent-server-switch=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amp-requests-stats=on --with-feature:audio-analysis=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-filter=on --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:domain-suggestions-with-misspells=on --with-feature:early-bird=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:installer-use-mojo-in-au=on --with-feature:keywords-from-backend=on --with-feature:opera-one-unskippable-introduction=on --with-feature:opera-startpage-special-2=on --with-feature:platform-software-h264-encoder-in-gpu=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-content=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner=on --with-feature:translator=on --with-feature:vpn-pro-v4-support=on --metrics-shmem-handle=5272,i,9358843791839218649,3020259452676301591,524288 --field-trial-handle=2040,i,18123382604777741316,10328992774122811180,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor,PermissionElement,PlatformSoftwareH264EncoderInGpu --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,SkiaGraphite,SyncWorkspacesInSessions --variations-seed-version --trace-process-track-uuid=3190709042534382434 --mojo-platform-channel-handle=5556 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
128.0.5807.77
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\128.0.5807.77\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1340"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7388,i,17015518224050843556,5006613905136745712,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-intent=on --with-feature:address-bar-intent-competitors=on --with-feature:address-bar-intent-internal-matching=on --with-feature:address-bar-intent-server-switch=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amp-requests-stats=on --with-feature:audio-analysis=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-filter=on --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:domain-suggestions-with-misspells=on --with-feature:early-bird=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:installer-use-mojo-in-au=on --with-feature:keywords-from-backend=on --with-feature:opera-one-unskippable-introduction=on --with-feature:opera-startpage-special-2=on --with-feature:platform-software-h264-encoder-in-gpu=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-content=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner=on --with-feature:translator=on --with-feature:vpn-pro-v4-support=on --metrics-shmem-handle=9868,i,4747664029765052273,6633109661993703734,524288 --field-trial-handle=2040,i,18123382604777741316,10328992774122811180,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor,PermissionElement,PlatformSoftwareH264EncoderInGpu --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,SkiaGraphite,SyncWorkspacesInSessions --variations-seed-version --trace-process-track-uuid=3190709033163963944 --mojo-platform-channel-handle=8712 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
128.0.5807.77
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\128.0.5807.77\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1488"C:\Users\admin\AppData\Local\Programs\Opera\128.0.5807.77\installer.exe" --fix-taskbar-pinsC:\Users\admin\AppData\Local\Programs\Opera\128.0.5807.77\installer.exe
opera.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Exit code:
0
Version:
128.0.5807.77
Modules
Images
c:\users\admin\appdata\local\programs\opera\128.0.5807.77\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1684C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command Add-MpPreference -ExclusionPath "\"C:\Program Files\ExLoader\""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeExLoader_Installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1688C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\RarSFX0\MSY.bat" "C:\Windows\System32\cmd.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
Total events
234 860
Read events
233 130
Write events
1 590
Delete events
140

Modification events

(PID) Process:(5500) EnigmaTech-v2.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vbs\OpenWithProgids
Operation:writeName:VBSFile
Value:
(PID) Process:(1932) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths
Operation:writeName:C:\ProgramData
Value:
0
(PID) Process:(7340) Enigma.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR SFX
Operation:writeName:C%%Users%admin%AppData%Local%Temp
Value:
C:\Users\admin\AppData\Local\Temp\RarSFX1
(PID) Process:(9340) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(9340) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(9340) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(9544) avast_free_antivirus_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:8C5CFDF4-AB05-4EB0-8EF6-7B4620DC2CF3
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABV2on6Qie0ug2MAN1gx+wAQAAAACAAAAAAAQZgAAAAEAACAAAAAhHL62DOBWVWiL2cNzNnjnr9jNDaa7LHt0g4t0vK2iGwAAAAAOgAAAAAIAACAAAADY/Vk5cTIJRiLFDcpu0/bgHWpdzlqOYdi5bhpxGEIDtlAAAABPweBhzcAylP0mPAJg5EhUbQ0D7GFcHEcgIe7a+7R0FRHkApM4oe6gD+K2TWWsZEFeHFrBoxE3tM/myqzBUtr1dwpCzwU5RFovm1JOzUj5nEAAAACYmCqDk1wlLrxTyconfZJcXP39tsEfgIu/nzNclOj8p9uB3Fug5fSAdtjSwAO4/+XDzryK4UQuxXKHsgPlb3+O
(PID) Process:(9544) avast_free_antivirus_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:5E1D6A55-0134-486E-A166-38C2E4919BB1
Value:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABV2on6Qie0ug2MAN1gx+wAQAAAACAAAAAAAQZgAAAAEAACAAAAAhHL62DOBWVWiL2cNzNnjnr9jNDaa7LHt0g4t0vK2iGwAAAAAOgAAAAAIAACAAAADY/Vk5cTIJRiLFDcpu0/bgHWpdzlqOYdi5bhpxGEIDtlAAAABPweBhzcAylP0mPAJg5EhUbQ0D7GFcHEcgIe7a+7R0FRHkApM4oe6gD+K2TWWsZEFeHFrBoxE3tM/myqzBUtr1dwpCzwU5RFovm1JOzUj5nEAAAACYmCqDk1wlLrxTyconfZJcXP39tsEfgIu/nzNclOj8p9uB3Fug5fSAdtjSwAO4/+XDzryK4UQuxXKHsgPlb3+O
(PID) Process:(9544) avast_free_antivirus_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
Operation:writeName:144807F0-DE37-4C62-9C05-EB4CC64A7A2F
Value:
4b344861-a6d5-4a47-a5f1-5039a18195d7
(PID) Process:(9544) avast_free_antivirus_online_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F
Operation:writeName:56C7A9DA-4B11-406A-8B1A-EFF157C294D6
Value:
4b344861-a6d5-4a47-a5f1-5039a18195d7
Executable files
835
Suspicious files
2 252
Text files
1 917
Unknown types
10

Dropped files

PID
Process
Filename
Type
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e52a2.TMP
MD5:
SHA256:
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e52c1.TMP
MD5:
SHA256:
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e52c1.TMP
MD5:
SHA256:
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1e52c1.TMP
MD5:
SHA256:
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e52d1.TMP
MD5:
SHA256:
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
8392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
410
TCP/UDP connections
401
DNS requests
436
Threats
41

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1044
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:Eu6a7sSTnGErMwHPbRUA47AF1JZ57z4199695XsQYPg&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
98 b
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
958 b
whitelisted
1044
msedge.exe
GET
200
52.123.243.83:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
4.55 Kb
whitelisted
1044
msedge.exe
GET
200
172.67.148.22:443
https://enigmatechcheats.com/
US
html
451 Kb
unknown
1044
msedge.exe
GET
200
13.107.246.44:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
82 b
whitelisted
1044
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
446 b
whitelisted
1044
msedge.exe
GET
200
172.67.148.22:443
https://enigmatechcheats.com/assets/scriptv2.js
US
text
20.7 Kb
unknown
1044
msedge.exe
GET
200
172.67.148.22:443
https://enigmatechcheats.com/assets/i40PUpS8m9yVXYLfLu3tmAE9jg.png?width=225&height=225
US
image
1.34 Kb
unknown
1044
msedge.exe
GET
200
172.67.148.22:443
https://enigmatechcheats.com/assets/9cS51ns3c7k44FDz7jUVGIoemA0.jpg?scale-down-to=2048&width=2912&height=1632
US
image
199 Kb
unknown
1044
msedge.exe
GET
200
172.67.148.22:443
https://enigmatechcheats.com/assets/XvYZNyDD9ZPtC2DFfz1BkiLgHSg.jpg?width=1119&height=652
US
image
17.6 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7544
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
8888
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
2.16.204.141:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
5568
SearchApp.exe
23.210.252.238:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3412
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
1044
msedge.exe
52.123.243.83:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 4.231.128.59
  • 51.104.136.2
whitelisted
self.events.data.microsoft.com
  • 13.89.179.9
  • 20.189.173.4
whitelisted
www.bing.com
  • 2.16.204.141
  • 2.16.204.161
whitelisted
ocsp.digicert.com
  • 23.210.252.238
  • 2.17.190.73
  • 172.66.2.5
  • 162.159.142.9
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
google.com
  • 142.251.36.110
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 52.123.243.83
  • 52.123.224.66
  • 52.123.243.214
whitelisted
enigmatechcheats.com
  • 172.67.148.22
  • 104.21.71.191
malicious

Threats

PID
Process
Class
Message
1044
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
1044
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
1044
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access release user assets on GitHub
1044
msedge.exe
Potentially Bad Traffic
ET INFO PE EXE or DLL Windows file download HTTP
1044
msedge.exe
Misc activity
ET INFO EXE - Served Attached HTTP
1044
msedge.exe
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
2292
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
2292
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
2292
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (ipapi .co in DNS lookup)
2292
svchost.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
Process
Message
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
assistant_installer.exe
[0314/030429.801:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:171] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\6789a7c7-1d1e-48a0-81ed-8aaee5ba6c4a Opera Installer Temp\opera_package_202603140304101\assistant\assistant_installer.exe" --version
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
assistant_installer.exe
[0314/030454.080:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:171] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\6789a7c7-1d1e-48a0-81ed-8aaee5ba6c4a Opera Installer Temp\opera_package_202603140304101\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
assistant_installer.exe
[0314/030454.173:INFO:opera\desktop\windows\assistant\installer\assistant_installer.cc:312] Setting up the registry
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
assistant_installer.exe
[0314/030454.278:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:171] Running assistant installer with command line "C:\Users\admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://enigmatechcheats.com/