URL: | http://li-in-f188.1e100.net |
Full analysis: | https://app.any.run/tasks/29bf3a59-cb50-4676-9fbd-3f9b7033549c |
Verdict: | No threats detected |
Analysis date: | November 19, 2020, 16:54:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MD5: | E7A69B1D11728FEE73F362A5AB00F476 |
SHA1: | 11F0353784FE28157246BE94AD89863E7AF9FD6C |
SHA256: | 582FA1ADA8E70C0B4F57AB901B3D6762456961FB0C0F33AD5480ACBE629B891C |
SSDEEP: | 3:N1KSMxLIIWXAR:CSCLO0 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1908 | "C:\Program Files\Opera\opera.exe" "http://li-in-f188.1e100.net" | C:\Program Files\Opera\opera.exe | explorer.exe | ||||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Version: 1748 Modules
|
(PID) Process: | (1908) opera.exe | Key: | HKEY_CURRENT_USER\Software\Opera Software |
Operation: | write | Name: | Last CommandLine v2 |
Value: C:\Program Files\Opera\opera.exe "http://li-in-f188.1e100.net" | |||
(PID) Process: | (1908) opera.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US |
PID | Process | Filename | Type | |
---|---|---|---|---|
1908 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprADCE.tmp | — | |
MD5:— | SHA256:— | |||
1908 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprADCF.tmp | — | |
MD5:— | SHA256:— | |||
1908 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprAE2D.tmp | — | |
MD5:— | SHA256:— | |||
1908 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZOE2EVQXQ6SN21EBTWQU.temp | — | |
MD5:— | SHA256:— | |||
1908 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp | — | |
MD5:— | SHA256:— | |||
1908 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms | binary | |
MD5:2705C7592CB636F56CFD29AFC9E7C131 | SHA256:4CA9E9F6504E75871CF3FB660A931A29770BB1A7197A9AEBBB8C60EBB166CAED | |||
1908 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml | xml | |
MD5:C4A1A3F32F246B6CBB4234A68577469F | SHA256:5C451B01DA74419A4B5A4DF43C04AFB37CFC1ED1C569D582B4F92058EE6DCB06 | |||
1908 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini | text | |
MD5:8F953BFE2BAA445E31CCC9C5F2EB5EB3 | SHA256:80D6A0AAC7D44C792057CC5563D02536950BDF16CFC38059D3CFF3547047E6A9 | |||
1908 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat | binary | |
MD5:397C9D80171D43853A0999B7EC867AA4 | SHA256:48A31F7A25C98FBBB3524DE4E31BC1F3EA0E308784C82E06C9902B65B1881174 | |||
1908 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF15b918.TMP | binary | |
MD5:2705C7592CB636F56CFD29AFC9E7C131 | SHA256:4CA9E9F6504E75871CF3FB660A931A29770BB1A7197A9AEBBB8C60EBB166CAED |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1908 | opera.exe | GET | — | 64.233.162.188:80 | http://li-in-f188.1e100.net/ | US | — | — | whitelisted |
1908 | opera.exe | GET | 200 | 93.184.220.29:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 592 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1908 | opera.exe | 93.184.220.29:80 | crl4.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1908 | opera.exe | 185.26.182.94:443 | certs.opera.com | Opera Software AS | — | whitelisted |
1908 | opera.exe | 185.26.182.93:443 | certs.opera.com | Opera Software AS | — | whitelisted |
1908 | opera.exe | 74.125.238.188:80 | li-in-f188.1e100.net | Google Inc. | US | unknown |
1908 | opera.exe | 82.145.216.16:80 | sitecheck2.opera.com | Opera Software AS | — | suspicious |
1908 | opera.exe | 64.233.162.188:80 | li-in-f188.1e100.net | Google Inc. | US | unknown |
1908 | opera.exe | 82.145.216.15:80 | sitecheck2.opera.com | Opera Software AS | — | suspicious |
Domain | IP | Reputation |
---|---|---|
li-in-f188.1e100.net |
| unknown |
sitecheck2.opera.com |
| whitelisted |
certs.opera.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |