Malware analysis https://www.mywatchseries.cyou Malicious activity

Add for printing

URL:	https://www.mywatchseries.cyou
Full analysis:	https://app.any.run/tasks/93b1d8ea-c151-4d20-ab0d-bee073fc1e4d
Verdict:	Malicious activity
Analysis date:	April 12, 2024, 11:56:55
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:	DF5A434C471168400CF78FCF2E975AF4
SHA1:	1685D2812DE55BA9BFB279E55AD8EE6A61256AF0
SHA256:	499E3CD0EB6E7189B7B374619F7141C8806E6264AC236BF7D6965F68AD01AD1F
SSDEEP:	3:N8DSL6NHxMLL:2OL6NRMv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - Opera_95.0.4635.90_Setup.exe (PID: 3000)
  - Opera_95.0.4635.90_Setup.exe (PID: 4080)
  - Opera_95.0.4635.90_Setup.exe (PID: 2560)
  - Opera_95.0.4635.90_Setup.exe (PID: 332)
  - Opera_95.0.4635.90_Setup.exe (PID: 3772)
  - Opera_95.0.4635.90_Setup.exe (PID: 4008)
  - assistant_package_sfx.exe (PID: 3504)
  - installer.exe (PID: 2588)
  - installer.exe (PID: 4040)
  - assistant_installer.exe (PID: 1384)
  - installer.exe (PID: 1840)
  - installer.exe (PID: 3236)
  - launcher.exe (PID: 2472)
  - installer.exe (PID: 4516)
  - installer.exe (PID: 5728)
  - opera_autoupdate.exe (PID: 4784)
- Actions looks like stealing of personal data
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - Opera_95.0.4635.90_Setup.exe (PID: 4080)
  - Opera_95.0.4635.90_Setup.exe (PID: 2560)
  - Opera_95.0.4635.90_Setup.exe (PID: 332)
  - Opera_95.0.4635.90_Setup.exe (PID: 3772)
  - assistant_installer.exe (PID: 3148)
  - installer.exe (PID: 2588)
  - Opera_95.0.4635.90_Setup.exe (PID: 4008)
  - assistant_installer.exe (PID: 2132)
  - installer.exe (PID: 4040)
  - assistant_installer.exe (PID: 1384)
  - assistant_installer.exe (PID: 2300)
  - assistant_installer.exe (PID: 3096)
  - browser_assistant.exe (PID: 2752)
  - assistant_installer.exe (PID: 1548)
  - browser_assistant.exe (PID: 2416)
  - installer.exe (PID: 1840)
  - installer.exe (PID: 3236)
  - assistant_installer.exe (PID: 2528)
  - assistant_installer.exe (PID: 3440)
  - opera.exe (PID: 2424)
  - opera_crashreporter.exe (PID: 752)
  - opera.exe (PID: 2612)
  - opera.exe (PID: 1288)
  - opera.exe (PID: 2536)
  - opera.exe (PID: 1496)
  - opera.exe (PID: 1608)
  - opera.exe (PID: 3856)
  - opera.exe (PID: 3516)
  - opera.exe (PID: 2360)
  - opera.exe (PID: 1168)
  - opera.exe (PID: 3668)
  - opera.exe (PID: 2512)
  - opera.exe (PID: 604)
  - opera.exe (PID: 1380)
  - opera.exe (PID: 3292)
  - opera.exe (PID: 3844)
  - opera.exe (PID: 3828)
  - opera.exe (PID: 764)
  - opera.exe (PID: 3128)
  - opera.exe (PID: 1056)
  - opera.exe (PID: 1784)
  - opera.exe (PID: 2500)
  - opera.exe (PID: 452)
  - opera.exe (PID: 2448)
  - opera.exe (PID: 3796)
  - opera.exe (PID: 2328)
  - opera.exe (PID: 116)
  - opera.exe (PID: 1036)
  - opera.exe (PID: 3824)
  - opera.exe (PID: 2056)
  - opera.exe (PID: 2928)
  - opera.exe (PID: 3448)
  - opera_autoupdate.exe (PID: 3024)
  - opera.exe (PID: 3716)
  - opera.exe (PID: 2016)
  - opera.exe (PID: 3776)
  - opera.exe (PID: 3068)
  - opera.exe (PID: 2348)
  - opera.exe (PID: 2688)
  - opera.exe (PID: 1584)
  - opera.exe (PID: 3104)
  - opera.exe (PID: 3832)
  - opera.exe (PID: 2432)
  - opera.exe (PID: 3080)
  - opera.exe (PID: 4028)
  - opera_autoupdate.exe (PID: 4336)
  - opera.exe (PID: 4920)
  - opera.exe (PID: 3780)
  - opera.exe (PID: 4992)
  - opera.exe (PID: 5000)
  - opera.exe (PID: 5136)
  - opera.exe (PID: 5192)
  - opera.exe (PID: 5368)
  - opera.exe (PID: 5292)
  - opera.exe (PID: 5308)
  - opera.exe (PID: 5236)
  - opera.exe (PID: 5228)
  - opera.exe (PID: 5608)
  - opera.exe (PID: 5424)
  - opera.exe (PID: 5572)
  - opera.exe (PID: 5408)
  - opera.exe (PID: 5464)
  - opera.exe (PID: 5648)
  - opera.exe (PID: 5688)
  - opera.exe (PID: 4684)
  - opera.exe (PID: 4520)
  - opera.exe (PID: 3292)
  - opera.exe (PID: 4912)
  - opera.exe (PID: 4896)
  - opera.exe (PID: 2588)
  - opera.exe (PID: 2432)
  - opera.exe (PID: 5028)
  - opera.exe (PID: 3476)
  - opera.exe (PID: 4676)
  - opera.exe (PID: 2912)
  - opera.exe (PID: 4892)
  - opera.exe (PID: 5000)
- Changes the autorun value in the registry
  - assistant_installer.exe (PID: 1384)
  - opera.exe (PID: 3476)
SUSPICIOUS
- Executable content was dropped or overwritten
  - Opera_95.0.4635.90_Setup.exe (PID: 4080)
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - Opera_95.0.4635.90_Setup.exe (PID: 3000)
  - Opera_95.0.4635.90_Setup.exe (PID: 2560)
  - Opera_95.0.4635.90_Setup.exe (PID: 332)
  - Opera_95.0.4635.90_Setup.exe (PID: 4008)
  - assistant_package_sfx.exe (PID: 3504)
  - Opera_95.0.4635.90_Setup.exe (PID: 3772)
  - installer.exe (PID: 2588)
  - installer.exe (PID: 4040)
  - assistant_installer.exe (PID: 1384)
  - installer.exe (PID: 1840)
  - installer.exe (PID: 3236)
  - launcher.exe (PID: 2472)
  - installer.exe (PID: 4516)
  - opera_autoupdate.exe (PID: 4784)
  - installer.exe (PID: 5728)
- Application launched itself
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - Opera_95.0.4635.90_Setup.exe (PID: 332)
  - Opera_95.0.4635.90_Setup.exe (PID: 3772)
  - installer.exe (PID: 2588)
  - assistant_installer.exe (PID: 2132)
  - assistant_installer.exe (PID: 1384)
  - assistant_installer.exe (PID: 3096)
  - browser_assistant.exe (PID: 2416)
  - installer.exe (PID: 1840)
  - assistant_installer.exe (PID: 3440)
  - opera.exe (PID: 3476)
  - opera_autoupdate.exe (PID: 3024)
  - opera_autoupdate.exe (PID: 4784)
- Cleans NTFS data stream (Zone Identifier)
  - msedge.exe (PID: 3936)
- Reads the Internet Settings
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - Opera_95.0.4635.90_Setup.exe (PID: 332)
  - browser_assistant.exe (PID: 2416)
  - opera.exe (PID: 3476)
  - opera_autoupdate.exe (PID: 3024)
  - opera_autoupdate.exe (PID: 4784)
- Starts itself from another location
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
- Reads security settings of Internet Explorer
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - Opera_95.0.4635.90_Setup.exe (PID: 332)
  - installer.exe (PID: 2588)
  - browser_assistant.exe (PID: 2416)
- Reads settings of System Certificates
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - installer.exe (PID: 2588)
  - browser_assistant.exe (PID: 2416)
  - opera.exe (PID: 3476)
- Checks Windows Trust Settings
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - installer.exe (PID: 2588)
  - browser_assistant.exe (PID: 2416)
- Creates a software uninstall entry
  - installer.exe (PID: 2588)
- Searches for installed software
  - installer.exe (PID: 2588)
- Reads the date of Windows installation
  - installer.exe (PID: 2588)
  - opera.exe (PID: 3476)
- Changes Internet Explorer settings (feature browser emulation)
  - assistant_installer.exe (PID: 1384)
- The process executes via Task Scheduler
  - launcher.exe (PID: 2472)
- Connects to unusual port
  - opera.exe (PID: 2612)
INFO
- Manual execution by a user
  - wmpnscfg.exe (PID: 2152)
  - assistant_installer.exe (PID: 3096)
- Drops the executable file immediately after the start
  - msedge.exe (PID: 3936)
- Checks supported languages
  - wmpnscfg.exe (PID: 2152)
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - Opera_95.0.4635.90_Setup.exe (PID: 4080)
  - Opera_95.0.4635.90_Setup.exe (PID: 3000)
  - Opera_95.0.4635.90_Setup.exe (PID: 2560)
  - Opera_95.0.4635.90_Setup.exe (PID: 332)
  - assistant_package_sfx.exe (PID: 3504)
  - Opera_95.0.4635.90_Setup.exe (PID: 3772)
  - Opera_95.0.4635.90_Setup.exe (PID: 4008)
  - assistant_installer.exe (PID: 3148)
  - installer.exe (PID: 2588)
  - installer.exe (PID: 4040)
  - assistant_installer.exe (PID: 2132)
  - assistant_installer.exe (PID: 1384)
  - assistant_installer.exe (PID: 2300)
  - assistant_installer.exe (PID: 3096)
  - launcher.exe (PID: 3180)
  - assistant_installer.exe (PID: 1548)
  - browser_assistant.exe (PID: 2416)
  - launcher.exe (PID: 3320)
  - launcher.exe (PID: 2032)
  - browser_assistant.exe (PID: 2752)
  - installer.exe (PID: 1840)
  - launcher.exe (PID: 1544)
  - launcher.exe (PID: 3444)
  - launcher.exe (PID: 2672)
  - opera.exe (PID: 3476)
  - installer.exe (PID: 3236)
  - assistant_installer.exe (PID: 3440)
  - assistant_installer.exe (PID: 2528)
  - opera.exe (PID: 2612)
  - opera.exe (PID: 2536)
  - opera_crashreporter.exe (PID: 752)
  - opera.exe (PID: 2424)
  - opera.exe (PID: 3856)
  - opera.exe (PID: 1496)
  - opera.exe (PID: 1608)
  - opera.exe (PID: 3516)
  - opera.exe (PID: 1168)
  - opera.exe (PID: 1288)
  - opera.exe (PID: 2360)
  - opera.exe (PID: 2448)
  - opera.exe (PID: 2328)
  - opera.exe (PID: 3780)
  - opera.exe (PID: 3824)
  - opera.exe (PID: 2652)
  - opera.exe (PID: 1832)
  - opera.exe (PID: 2512)
  - opera.exe (PID: 2056)
  - opera.exe (PID: 3128)
  - opera.exe (PID: 3292)
  - opera.exe (PID: 3844)
  - opera.exe (PID: 452)
  - opera.exe (PID: 3796)
  - opera.exe (PID: 3080)
  - opera.exe (PID: 1036)
  - opera.exe (PID: 1056)
  - opera.exe (PID: 604)
  - opera.exe (PID: 3828)
  - opera.exe (PID: 2928)
  - opera.exe (PID: 2500)
  - opera.exe (PID: 3716)
  - opera.exe (PID: 1784)
  - opera.exe (PID: 116)
  - opera.exe (PID: 3448)
  - opera.exe (PID: 2016)
  - opera.exe (PID: 3832)
  - opera.exe (PID: 764)
  - opera.exe (PID: 3668)
  - opera.exe (PID: 2688)
  - opera.exe (PID: 3068)
  - opera.exe (PID: 2432)
  - opera.exe (PID: 1380)
  - opera.exe (PID: 3776)
  - opera.exe (PID: 4028)
  - opera.exe (PID: 3104)
  - opera.exe (PID: 1584)
  - opera.exe (PID: 2348)
  - opera_autoupdate.exe (PID: 3024)
  - launcher.exe (PID: 2472)
  - opera_autoupdate.exe (PID: 4336)
  - installer.exe (PID: 4516)
  - opera_autoupdate.exe (PID: 4784)
  - opera_autoupdate.exe (PID: 4804)
  - opera.exe (PID: 4920)
  - opera.exe (PID: 5136)
  - opera.exe (PID: 5192)
  - opera.exe (PID: 4992)
  - opera.exe (PID: 5000)
  - opera.exe (PID: 5308)
  - opera.exe (PID: 5292)
  - opera.exe (PID: 5368)
  - opera.exe (PID: 5408)
  - opera.exe (PID: 5228)
  - opera.exe (PID: 5236)
  - opera.exe (PID: 5464)
  - opera.exe (PID: 5608)
  - opera.exe (PID: 5424)
  - opera.exe (PID: 5572)
  - opera.exe (PID: 5688)
  - opera.exe (PID: 5648)
  - opera.exe (PID: 2432)
  - opera.exe (PID: 4676)
  - opera.exe (PID: 4520)
  - opera.exe (PID: 2912)
  - opera.exe (PID: 2588)
  - opera.exe (PID: 4896)
  - opera.exe (PID: 4912)
  - opera.exe (PID: 3292)
  - opera.exe (PID: 4892)
  - opera.exe (PID: 5028)
  - opera.exe (PID: 4684)
  - installer.exe (PID: 5728)
  - opera.exe (PID: 5000)
- Reads the computer name
  - wmpnscfg.exe (PID: 2152)
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - Opera_95.0.4635.90_Setup.exe (PID: 332)
  - Opera_95.0.4635.90_Setup.exe (PID: 3772)
  - installer.exe (PID: 2588)
  - assistant_installer.exe (PID: 2132)
  - assistant_installer.exe (PID: 1384)
  - assistant_installer.exe (PID: 3096)
  - browser_assistant.exe (PID: 2416)
  - assistant_installer.exe (PID: 3440)
  - launcher.exe (PID: 2672)
  - installer.exe (PID: 1840)
  - opera.exe (PID: 2424)
  - opera.exe (PID: 2536)
  - opera.exe (PID: 3476)
  - opera.exe (PID: 1496)
  - opera.exe (PID: 1608)
  - opera.exe (PID: 2612)
  - opera.exe (PID: 3856)
  - opera.exe (PID: 1288)
  - opera.exe (PID: 2652)
  - opera.exe (PID: 2360)
  - opera.exe (PID: 2448)
  - opera.exe (PID: 1832)
  - opera.exe (PID: 3780)
  - opera.exe (PID: 3824)
  - opera.exe (PID: 1168)
  - opera.exe (PID: 3516)
  - opera.exe (PID: 2328)
  - opera.exe (PID: 3128)
  - opera.exe (PID: 2056)
  - opera.exe (PID: 3292)
  - opera.exe (PID: 1056)
  - opera.exe (PID: 2512)
  - opera.exe (PID: 3844)
  - opera.exe (PID: 604)
  - opera.exe (PID: 3828)
  - opera.exe (PID: 452)
  - opera.exe (PID: 3796)
  - opera.exe (PID: 3448)
  - opera.exe (PID: 1784)
  - opera.exe (PID: 2500)
  - opera.exe (PID: 3716)
  - opera.exe (PID: 3080)
  - opera.exe (PID: 1036)
  - opera.exe (PID: 2928)
  - opera.exe (PID: 116)
  - opera.exe (PID: 3832)
  - opera.exe (PID: 764)
  - opera.exe (PID: 3776)
  - opera.exe (PID: 3668)
  - opera.exe (PID: 2688)
  - opera.exe (PID: 1380)
  - opera.exe (PID: 2432)
  - opera.exe (PID: 2016)
  - opera.exe (PID: 1584)
  - opera.exe (PID: 2348)
  - opera.exe (PID: 4028)
  - opera.exe (PID: 3104)
  - opera.exe (PID: 3068)
  - opera_autoupdate.exe (PID: 3024)
  - opera.exe (PID: 4920)
  - opera_autoupdate.exe (PID: 4784)
  - opera.exe (PID: 5136)
  - opera.exe (PID: 5192)
  - opera.exe (PID: 4992)
  - opera.exe (PID: 5000)
  - opera.exe (PID: 5292)
  - opera.exe (PID: 5368)
  - opera.exe (PID: 5408)
  - opera.exe (PID: 5424)
  - opera.exe (PID: 5228)
  - opera.exe (PID: 5236)
  - opera.exe (PID: 5308)
  - opera.exe (PID: 5464)
  - opera.exe (PID: 5572)
  - opera.exe (PID: 5608)
  - opera.exe (PID: 4676)
  - opera.exe (PID: 2432)
  - opera.exe (PID: 2588)
  - opera.exe (PID: 2912)
  - opera.exe (PID: 3292)
  - opera.exe (PID: 5648)
  - opera.exe (PID: 4684)
  - opera.exe (PID: 4892)
  - opera.exe (PID: 4896)
  - opera.exe (PID: 4520)
  - opera.exe (PID: 5028)
  - opera.exe (PID: 4912)
  - opera.exe (PID: 5688)
  - opera.exe (PID: 5000)
- Executable content was dropped or overwritten
  - msedge.exe (PID: 3936)
- The process uses the downloaded file
  - msedge.exe (PID: 2836)
  - msedge.exe (PID: 3936)
  - msedge.exe (PID: 3840)
- Connects to unusual port
  - msedge.exe (PID: 3164)
- Create files in a temporary directory
  - Opera_95.0.4635.90_Setup.exe (PID: 4080)
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - Opera_95.0.4635.90_Setup.exe (PID: 3000)
  - Opera_95.0.4635.90_Setup.exe (PID: 2560)
  - Opera_95.0.4635.90_Setup.exe (PID: 332)
  - Opera_95.0.4635.90_Setup.exe (PID: 4008)
  - assistant_package_sfx.exe (PID: 3504)
  - Opera_95.0.4635.90_Setup.exe (PID: 3772)
  - installer.exe (PID: 4040)
  - installer.exe (PID: 2588)
  - installer.exe (PID: 3236)
  - installer.exe (PID: 1840)
  - opera.exe (PID: 3476)
  - launcher.exe (PID: 2472)
  - installer.exe (PID: 4516)
  - opera_autoupdate.exe (PID: 4804)
  - opera_autoupdate.exe (PID: 4784)
  - installer.exe (PID: 5728)
- Creates files or folders in the user directory
  - Opera_95.0.4635.90_Setup.exe (PID: 4080)
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - installer.exe (PID: 2588)
  - browser_assistant.exe (PID: 2416)
  - opera.exe (PID: 3476)
  - opera.exe (PID: 2612)
- Checks proxy server information
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - browser_assistant.exe (PID: 2416)
- Reads the software policy settings
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - installer.exe (PID: 2588)
  - browser_assistant.exe (PID: 2416)
- Reads the machine GUID from the registry
  - Opera_95.0.4635.90_Setup.exe (PID: 2936)
  - installer.exe (PID: 2588)
  - assistant_installer.exe (PID: 1384)
  - browser_assistant.exe (PID: 2416)
  - installer.exe (PID: 1840)
  - opera.exe (PID: 3476)
  - opera_autoupdate.exe (PID: 3024)
  - opera_autoupdate.exe (PID: 4336)
  - opera_autoupdate.exe (PID: 4784)
  - opera_autoupdate.exe (PID: 4804)
  - opera.exe (PID: 5136)
  - opera.exe (PID: 5000)
- Application launched itself
  - msedge.exe (PID: 3936)
- Creates files in the program directory
  - Opera_95.0.4635.90_Setup.exe (PID: 3772)
  - installer.exe (PID: 2588)
  - assistant_installer.exe (PID: 1384)
  - opera_autoupdate.exe (PID: 4784)
- Process checks computer location settings
  - opera.exe (PID: 3476)
  - opera.exe (PID: 2360)
  - opera.exe (PID: 604)
  - opera.exe (PID: 2512)
  - opera.exe (PID: 1056)
  - opera.exe (PID: 3844)
  - opera.exe (PID: 3828)
  - opera.exe (PID: 2056)
  - opera.exe (PID: 3824)
  - opera.exe (PID: 2328)
  - opera.exe (PID: 2448)
  - opera.exe (PID: 3780)
  - opera.exe (PID: 5464)
- Reads CPU info
  - opera.exe (PID: 3476)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

230

Monitored processes

185

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

116

"C:\Program Files\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=5992 --field-trial-handle=1156,i,7396179613548773581,13781110346699848130,131072 /prefetch:8

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

332

"C:\Users\admin\Downloads\Opera_95.0.4635.90_Setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2936 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240412125957" --session-guid=1b2a9537-4954-4e54-9b08-bf56d5d5764c --desktopshortcut=1 --wait-for-package --initial-proc-handle=4806000000000000

C:\Users\admin\Downloads\Opera_95.0.4635.90_Setup.exe

Opera_95.0.4635.90_Setup.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Installer

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\users\admin\downloads\opera_95.0.4635.90_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll

452

"C:\Program Files\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2364 --field-trial-handle=1156,i,7396179613548773581,13781110346699848130,131072 /prefetch:8

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

552

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3964 --field-trial-handle=1316,i,11491878259647414399,9320209265343758294,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

568

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4140 --field-trial-handle=1316,i,11491878259647414399,9320209265343758294,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

604

"C:\Program Files\Opera\opera.exe" --type=renderer --extension-process --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2172 --field-trial-handle=1156,i,7396179613548773581,13781110346699848130,131072 /prefetch:1

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

696

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 --field-trial-handle=1316,i,11491878259647414399,9320209265343758294,131072 /prefetch:2

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

752

"C:\Program Files\Opera\95.0.4635.90\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.90 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x19935990,0x199359a0,0x199359ac

C:\Program Files\Opera\95.0.4635.90\opera_crashreporter.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera crash-reporter

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\95.0.4635.90\opera_crashreporter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

764

"C:\Program Files\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:amazon-new-ids=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:extended-unstoppable-domains=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6268 --field-trial-handle=1156,i,7396179613548773581,13781110346699848130,131072 /prefetch:8

C:\Program Files\Opera\opera.exe

opera.exe

User:

admin

Company:

Opera Software

Integrity Level:

LOW

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.90

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\opera\95.0.4635.90\opera_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll

844

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4436 --field-trial-handle=1316,i,11491878259647414399,9320209265343758294,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

52 225

Read events

51 738

Write events

440

Delete events

Modification events


(PID) Process:	(3936) msedge.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:	write	Name:	failed_count
Value: 0
(PID) Process:	(3936) msedge.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:	write	Name:	state
Value: 2
(PID) Process:	(3936) msedge.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:	write	Name:	StatusCodes
Value:
(PID) Process:	(3936) msedge.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:	write	Name:	StatusCodes
Value: 01000000
(PID) Process:	(3936) msedge.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:	write	Name:	state
Value: 1
(PID) Process:	(3936) msedge.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:	write	Name:	dr
Value: 1
(PID) Process:	(3936) msedge.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:	write	Name:	user_experience_metrics.stability.exited_cleanly
Value: 0
(PID) Process:	(3936) msedge.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:	write	Name:	UsageStatsInSample
Value: 1
(PID) Process:	(3936) msedge.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:	write	Name:	usagestats
Value: 1
(PID) Process:	(3936) msedge.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:	write	Name:	urlstats
Value: 1

Add for printing

Executable files

Suspicious files

338

Text files

544

Unknown types

302

Dropped files

PID	Process	Filename		Type
3936	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat		binary
		MD5:—	SHA256:—
1692	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pma		binary
		MD5:—	SHA256:—
3936	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variations		binary
		MD5:—	SHA256:—
3936	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\cf7bcefc-1418-4b5b-b115-3ab4ed133f46.tmp		text
		MD5:—	SHA256:—
3936	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF182333.TMP		text
		MD5:—	SHA256:—
3936	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State		—
		MD5:—	SHA256:—
3936	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Version		text
		MD5:—	SHA256:—
3936	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF1823b0.TMP		text
		MD5:—	SHA256:—
3936	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old		text
		MD5:—	SHA256:—
3936	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF1823cf.TMP		—
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

511

DNS requests

445

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2936	Opera_95.0.4635.90_Setup.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEAfyOr5A1UWlCmQhXhy%2Bwwk%3D	unknown	—	—	unknown
1080	svchost.exe	GET	200	2.16.100.168:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?1b8fee253118cbef	unknown	—	—	unknown
2936	Opera_95.0.4635.90_Setup.exe	GET	304	173.222.108.147:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e7a01d75146102e1	unknown	—	—	unknown
3164	msedge.exe	GET	302	103.224.182.224:80	http://googs.com/	unknown	—	—	unknown
3164	msedge.exe	GET	—	103.224.182.206:80	http://pinsid.com/favicon.ico	unknown	—	—	unknown
2936	Opera_95.0.4635.90_Setup.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D	unknown	—	—	unknown
3164	msedge.exe	GET	302	103.224.182.206:80	http://pinsid.com/r.php?u=https%3A%2F%2Fadonsonlyd.xyz%2Fclick.php%3Fkey%3D3cdq1k8mfqcc09umlzp5%26cpv%3D0.081%26subid%3D1593352750%26kw%3D.de.02.desktop.nonadult.windows.edge%26tt%3Dtt&s=j&enc=1kgM2DLf9w%2B6tq3%2FRFJnkn49flRURmp1RHZOaTZGWVdyYlpIZ1JPd3g4MFZ3LzZ2b1BTQWJtU0RueUxYTzBPN1BPc0EyL2x1UkRJUkt2Q21SeVZPbEpPZTJaV2grV0VHQnBHcFQ4a0VtSjA2dkd0Z3luK3doaU9veG1RTE80bU5SZnZMdGE5bUM3d2xDY0dMOWYyVHBNOHUrazhmRDAyaFRyUmMvdWptN3J4aUFhWHdFZ3N6czVLREFqNTJEUUU2S2dGQ0luMkdQaWdwaEQxaG54QWIvOHYrSWtoUEpHc1ZZQU5xWkZ1MDJocHM5Q0NVeWJmL0VWOUh4aUlFQWF2RnViSlJVZVgvbHBtWTdIR1JVMHA2UkNxZXlsLzdGbzJXdHVuOHhDb25ZRFFUT0xHbUFueWtBTHpabzhaK1hvZ2RuaGNWSmNCRm9SMDR4cnFmUXFnMDJET3d2dVhWYVlPRmhpVjYzNE5YU2NYNW8zUVRjUlhwRVIwckFia3R2eUM3QnEwMEM5N0Z5VW5nS0I3Q0lmMFBCYlRzOXpVdE1YalVibTdQK1ptbWd0NE91eWorSlNtS2g1SHZLRUZ6VlBka05WcHlwVXZMNTh0ZGxwTWU4WlY5UzdvUmpxTnZIRU1tVHlWS3VZUGpJYjVpV0lMTDBnbG1INFpDbHZod0d4V1hDdEpLdjRBSk9qMmp4ODBvRjdjeGJYQytQRXcySzY1NkhGVzBnUElENStxbE5ZMlNlOUIxZ2dxSVdSdVQxeEhMb2ZCM1ZHeTJYcHhKR2gyNURvZ0pBZENIOG9iRERqYTA1M1hUVDlTSk9SMnlYTy9TOXlLOHY0VlhKa3FLUktRT1J6RU52YVZnbVZrZmJRd0N3MHY1OUs3ZmdrZ2JPdE5kTmEzYjlub2cxbFR5SFlMUFpSeGxYS3pJL1pFMGsySFRXcTBoa3hWRmNCM3FkNlN0QXpmMExhNUpNYU5NS1FqQytwWXNmZGQ3MTR5TmM0Y0lDOW9XS05DU3dVOUFRVnUwZDFZdjE4S1JMK0N4QnB1Y3VRMFNPK3VZQU0vVEFrNmpSbURHYWJyVS9uL0dzYk5WT1VjWTV4N0NoczhSUC9Ueml4ZXd2U3ViOWh6UHJuZ3Z3NUtRTTMya2I5eVdjUGtvb0pRR1hkZk50TXptUUozaDV6eWhWWWVsbS9wcmNFS25oK3hoU1pGSldVWjlzM3pNcHdVYUlBaHdrYWx2dzNyQU5aS0hBNnRGVGZVWE0xY3ppb1VKMTdaY0JaU1ZtRTdaT1JoU3NydFZwOWUva2NIdmtIMDhGbTJsczU3c0JuK21INzFQOXlvUi9ERFlDUEl1MFYzcHN2c3c4S2RhTWYrVnRyNTdJeG9IOVIrZ1hIdElGbjU%3D&vs=1280:564&ds=1280:720&sl=0:0&os=f&nos=f&if=f&sc=f&gpu=Google%20Inc.%20(Google)%20-%20ANGLE%20(Google,%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE)),%20SwiftShader%20driver)&fp=-1	unknown	—	—	unknown
3164	msedge.exe	GET	200	103.224.182.206:80	http://zajtpa.com/jscheck.php?enc=N6N2%2FQ0dSRqFeTNxwLMMIH49flR3NzVwS21FRnoybzREQ1UzckxEOTFSY1VCMWgrdG1OYXRPUDVpbytaTzhuWW5RU3BBc0tRMjF2eTZlRG9iaHFpMFdUT1hIZm5vZzFZYXl6LzFSR3ljRmR6UTJZaHZWZjhCc2tPWERXMXVFSUVROTNhV1l6R2l0d0lHcUgxR0FUSEM4alNDeVEyOWVTZFk4SXhlZ1ZMcGs1L1BYS0oxcDlQdUdPN2h3ZU4yc1c4eGRVVjg0cldHMGFvdTBnaWZ3VTcxbGNBeUt4RCtxcTd1eXFBdFRpVk5HV0thbXJUMzNiUGhyRFVJMVZleXExcVY3R3pSTXduUEp2NmoyMGlqYUFOY2czNDlzQVJnQ0RSd0h0b2gvUG80U2twbjZ4d0IvSjdmanY3U015NnlLcmExQ0sxWXJQa0dndDdDZEFUdGFwMjZPWHRvME1MZlJaYzVtbGQ2cW1RN3l3K2Q4VHN4S05keEVKZ0UySVRWeFQzdW5Cd21COHRIVUg1Yjh2bm40MUM4L2VEZkhTY29BRVRJN1hLekk2ZDNoWXErS1lhL0o3RXNXdWhxMmp5cEhZV3pYMHpBbGFGbUFsYU9veVJRcGlzRURZbEpRZ0lPS3Y1TXpuU3NMRDR1amROeUViVUFOcmpCcnl4ajZ6Z3U3YmtmUTBRSEM3TEYrNkRsbTdtU1lQQVE1MVF6amNIODY0UXVRc01ESjlONnd2eG4rQ3ExNlZhWWZoZ3dpMUE4eGtlMTJIOGM5Z25FVTBBUnJVdmE3U1FZMTRnYS84RmxGZGxxWUlZc3ZtRHhZc1MzcGkxUThDU1JjRWMwRWNsNTNWcHMyaXNsK0JXNkMwZzQ1Y1VncjRxblBsODRiczJTSFY5TmE1bFJCYzlhZTJ2M0ZJaVcrR3dYOU9QeU9WVzdKTkx3SlVqWGVHSWZNNTNma1ord3NQMWw5SDRKbWtFN21pOHZBbDNDMEt6d1V2ZlpjZE90WDdOMlZGVnJoSzcrZjVOeGNHMnNWWHllUUIyOEhqUzVybG0rVU0zQ0ZVOUxzRGEzS09MYjRQdmQ5aUtSZ1J1b24zWmc5WS9pTDNscXFKUFAzQkwzbWZFU0dJdDNFSmI3TGcvN2N6c3dKMmZGb0hwZm9WVG8rc2w0eUVQN1VobS9uWWRGVHVTaDdFdDQ4YXc1ZFlaa1dxQ1NSR0MrR0QzMGJPNXIrcWUzNjJoQUVnMlFDVGoxYXhVbXdWVVdsVjREMG9GdUFMbGorSWtmZG83cTVGU29hekF0RmVkODV6VUlMYQ%3D%3D&rand=0.6659490917105058&vs=1280:564&ds=1280:720&sl=0:0&os=f&nos=f&if=f&sc=f&gpu=Google%20Inc.%20(Google)%20-%20ANGLE%20(Google,%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE)),%20SwiftShader%20driver)&fp=-1	unknown	—	—	unknown
3164	msedge.exe	GET	302	103.224.182.206:80	http://zajtpa.com/r.php?u=https%3A%2F%2Folfek.org%2Frun.php%3Fcum%3D80svbivevujml%26c%3D0.081%26s1%3D.de.02.desktop.nonadult.windows.edge%26s2%3D1593352750&s=j&enc=N6N2%2FQ0dSRqFeTNxwLMMIH49flR3NzVwS21FRnoybzREQ1UzckxEOTFSY1VCMWgrdG1OYXRPUDVpbytaTzhuWW5RU3BBc0tRMjF2eTZlRG9iaHFpMFdUT1hIZm5vZzFZYXl6LzFSR3ljRmR6UTJZaHZWZjhCc2tPWERXMXVFSUVROTNhV1l6R2l0d0lHcUgxR0FUSEM4alNDeVEyOWVTZFk4SXhlZ1ZMcGs1L1BYS0oxcDlQdUdPN2h3ZU4yc1c4eGRVVjg0cldHMGFvdTBnaWZ3VTcxbGNBeUt4RCtxcTd1eXFBdFRpVk5HV0thbXJUMzNiUGhyRFVJMVZleXExcVY3R3pSTXduUEp2NmoyMGlqYUFOY2czNDlzQVJnQ0RSd0h0b2gvUG80U2twbjZ4d0IvSjdmanY3U015NnlLcmExQ0sxWXJQa0dndDdDZEFUdGFwMjZPWHRvME1MZlJaYzVtbGQ2cW1RN3l3K2Q4VHN4S05keEVKZ0UySVRWeFQzdW5Cd21COHRIVUg1Yjh2bm40MUM4L2VEZkhTY29BRVRJN1hLekk2ZDNoWXErS1lhL0o3RXNXdWhxMmp5cEhZV3pYMHpBbGFGbUFsYU9veVJRcGlzRURZbEpRZ0lPS3Y1TXpuU3NMRDR1amROeUViVUFOcmpCcnl4ajZ6Z3U3YmtmUTBRSEM3TEYrNkRsbTdtU1lQQVE1MVF6amNIODY0UXVRc01ESjlONnd2eG4rQ3ExNlZhWWZoZ3dpMUE4eGtlMTJIOGM5Z25FVTBBUnJVdmE3U1FZMTRnYS84RmxGZGxxWUlZc3ZtRHhZc1MzcGkxUThDU1JjRWMwRWNsNTNWcHMyaXNsK0JXNkMwZzQ1Y1VncjRxblBsODRiczJTSFY5TmE1bFJCYzlhZTJ2M0ZJaVcrR3dYOU9QeU9WVzdKTkx3SlVqWGVHSWZNNTNma1ord3NQMWw5SDRKbWtFN21pOHZBbDNDMEt6d1V2ZlpjZE90WDdOMlZGVnJoSzcrZjVOeGNHMnNWWHllUUIyOEhqUzVybG0rVU0zQ0ZVOUxzRGEzS09MYjRQdmQ5aUtSZ1J1b24zWmc5WS9pTDNscXFKUFAzQkwzbWZFU0dJdDNFSmI3TGcvN2N6c3dKMmZGb0hwZm9WVG8rc2w0eUVQN1VobS9uWWRGVHVTaDdFdDQ4YXc1ZFlaa1dxQ1NSR0MrR0QzMGJPNXIrcWUzNjJoQUVnMlFDVGoxYXhVbXdWVVdsVjREMG9GdUFMbGorSWtmZG83cTVGU29hekF0RmVkODV6VUlMYQ%3D%3D&vs=1280:564&ds=1280:720&sl=0:0&os=f&nos=f&if=f&sc=f&gpu=Google%20Inc.%20(Google)%20-%20ANGLE%20(Google,%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE)),%20SwiftShader%20driver)&fp=-1	unknown	—	—	unknown
1080	svchost.exe	GET	304	2.16.100.168:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e90c163b6659448e	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
—	—	224.0.0.252:5355	—	—	—	unknown
3936	msedge.exe	239.255.255.250:1900	—	—	—	unknown
3164	msedge.exe	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
3164	msedge.exe	172.67.188.120:443	www.mywatchseries.cyou	—	—	unknown
3164	msedge.exe	131.253.33.239:443	edge.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown
3164	msedge.exe	35.190.80.1:443	a.nel.cloudflare.com	GOOGLE	US	unknown
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
3164	msedge.exe	104.17.3.184:443	challenges.cloudflare.com	—	—	unknown

DNS requests

Domain	IP	Reputation
config.edge.skype.com	13.107.42.16	whitelisted
www.mywatchseries.cyou	172.67.188.120 104.21.8.135	unknown
edge.microsoft.com	131.253.33.239 13.107.22.239	whitelisted
a.nel.cloudflare.com	35.190.80.1	whitelisted
challenges.cloudflare.com	104.17.3.184 104.17.2.184	whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com	152.199.21.175	whitelisted
www.bing.com	104.126.37.139 104.126.37.131 104.126.37.152 104.126.37.155 104.126.37.146 104.126.37.144 104.126.37.145 104.126.37.153 104.126.37.161 104.126.37.163 104.126.37.170 104.126.37.179 104.126.37.160 104.126.37.168 104.126.37.177 104.126.37.178 104.126.37.162 2.23.209.179 2.23.209.133 2.23.209.140 2.23.209.189 2.23.209.149 2.23.209.165 2.23.209.187 2.23.209.182 23.15.178.251 23.15.178.138 23.15.178.249 23.15.178.234 23.15.178.136 23.15.178.219 23.15.178.224 23.15.178.146 23.15.178.248 104.126.37.186 104.126.37.123 104.126.37.184 104.126.37.171 104.126.37.185	whitelisted
www.googletagmanager.com	142.250.184.200	whitelisted
static.mywatchseries.cyou	172.67.188.120 104.21.8.135	unknown
sizzledfirings.com	23.109.170.175 23.109.170.115 23.109.170.111 23.109.170.28 23.109.170.102 23.109.170.224	unknown

Threats

PID	Process	Class	Message
3164	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
3164	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
3164	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
3164	msedge.exe	Misc Attack	ET CINS Active Threat Intelligence Poor Reputation IP group 32
3164	msedge.exe	Misc activity	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
3164	msedge.exe	Misc activity	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
3164	msedge.exe	Misc activity	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
3164	msedge.exe	Misc activity	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
3164	msedge.exe	Misc activity	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
3164	msedge.exe	Misc activity	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)

Add for printing

Process	Message
assistant_installer.exe	[0412/130013.562:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404121259571\assistant\assistant_installer.exe" --version
assistant_installer.exe	[0412/130029.402:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404121259571\assistant\assistant_installer.exe" --installfolder="C:\Program Files\Opera\assistant" --copyonly=0 --allusers=0
assistant_installer.exe	[0412/130029.507:INFO:assistant_installer.cc(283)] Setting up the registry
assistant_installer.exe	[0412/130029.585:INFO:assistant_installer.cc(337)] Creating scheduled task
assistant_installer.exe	[0412/130029.636:INFO:assistant_installer.cc(242)] Running Assistant
assistant_installer.exe	[0412/130029.636:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Program Files\Opera\assistant\assistant_installer.exe" --installfolder="C:\Program Files\Opera\assistant" --run-assistant --allusers=0
browser_assistant.exe	[0412/130029.934:ERROR:tracking_data_utils.cc(72)] Can't read edition: missing value.
assistant_installer.exe	[0412/130030.419:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Program Files\Opera\assistant\assistant_installer.exe" --post-elevated-install-tasks --installfolder="C:\Program Files\Opera\assistant"

General Info

https://www.mywatchseries.cyou

DF5A434C471168400CF78FCF2E975AF4

1685D2812DE55BA9BFB279E55AD8EE6A61256AF0

499E3CD0EB6E7189B7B374619F7141C8806E6264AC236BF7D6965F68AD01AD1F

3:N8DSL6NHxMLL:2OL6NRMv

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Actions looks like stealing of personal data

Changes the autorun value in the registry

SUSPICIOUS

Executable content was dropped or overwritten

Application launched itself

Cleans NTFS data stream (Zone Identifier)

Reads the Internet Settings

Starts itself from another location

Reads security settings of Internet Explorer

Reads settings of System Certificates

Checks Windows Trust Settings

Creates a software uninstall entry

Searches for installed software

Reads the date of Windows installation

Changes Internet Explorer settings (feature browser emulation)

The process executes via Task Scheduler

Connects to unusual port

INFO

Manual execution by a user

Drops the executable file immediately after the start

Checks supported languages

Reads the computer name

Executable content was dropped or overwritten

The process uses the downloaded file

Connects to unusual port

Create files in a temporary directory

Creates files or folders in the user directory

Checks proxy server information

Reads the software policy settings

Reads the machine GUID from the registry

Application launched itself

Creates files in the program directory

Process checks computer location settings

Reads CPU info

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections