General Info

File name

awconfig.rar

Full analysis
https://app.any.run/tasks/3ecc76e3-cad5-4123-b1c1-ea6be961a698
Verdict
Malicious activity
Analysis date
9/11/2019, 09:58:45
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-rar
File info:
RAR archive data, v5
MD5

8a27db56d688b9ccc8fb8c3f6c8a995f

SHA1

6c4e03bb83b9b125ee50642762f89e052cbc837b

SHA256

6446e1660460053b2665b4769a369fc64c98a89160634f2850850698daefd553

SSDEEP

384:khc1amaHOAMFUWYbvdERbT766OqqaCM9yskI1fB713BpOhO49ohJFix3sISUi+Sx:2uaRuAa9YTyRvrHA6Jdsc4yhDIi+6yw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Manual execution by user
  • opera.exe (PID: 3432)
Creates files in the user directory
  • opera.exe (PID: 3432)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.rar
|   RAR compressed archive (v5.0) (61.5%)
.rar
|   RAR compressed archive (gen) (38.4%)

Screenshots

Processes

Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start winrar.exe no specs opera.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2872
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\awconfig.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3432
CMD
"C:\Program Files\Opera\opera.exe"
Path
C:\Program Files\Opera\opera.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Opera Software
Description
Opera Internet Browser
Version
1748
Modules
Image
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\opera\opera.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\quartz.dll
c:\program files\adobe\acrobat reader dc\reader\browser\nppdf32.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\progra~1\micros~1\office14\npauthz.dll
c:\progra~1\micros~1\office14\npspwrap.dll
c:\program files\google\update\1.3.34.11\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrtremote.dll

Registry activity

Total events
624
Read events
547
Write events
77
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2872
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\awconfig.rar
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000340102000000000039000000B40200000000000001000000
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000004C01010000000000160000002A0000000000000002000000
2872
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000380101000000000016000000640000000000000003000000
3432
opera.exe
write
HKEY_CURRENT_USER\Software\Opera Software
Last CommandLine v2
C:\Program Files\Opera\opera.exe
3432
opera.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
35
Text files
35
Unknown types
2

Dropped files

PID
Process
Filename
Type
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\url.axx-g
binary
MD5: 814bbc6e03fab3eb42ad47f4ae88d01d
SHA256: 970becdd318211084c0665863292c28d94f98ab9433d5aa602d3e470af7bd072
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
text
MD5: c2ebd8fa00a125708db60336bbe5d6d0
SHA256: f763d26940869a2322b348532ca51412107593b758e5038d33c4c190318b2576
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\adoc.bx-g
binary
MD5: d86abc728df7fb7a74e6fabffc1bd47c
SHA256: fef02424157f106b48d04276276c15ebba9c516e6024d4f82ea2f648af3e09c8
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000T.tmp
compressed
MD5: 18383378c91b40b088b91b7dd19e1d47
SHA256: 2624719399b42e74b0b1d4eb0ca4a2756bb7080e74cdb6eb53f446c9a78b405c
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000U.tmp
html
MD5: 7f077f1fce3d566040b0d69eb1f27d8f
SHA256: 487ad0d2cf075f4328a1adf57ef428759ad4e2c873a8ebd2ad9653990829c9cf
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000R.tmp
compressed
MD5: fbd0f931f8a8c02420a868975729021d
SHA256: 5a0fc111738100638b3888b834b82936ab93506c03f5915fa93b87cd5431478f
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000N.tmp
image
MD5: 9f8cc07c258bcd2de0c7900861e20ffc
SHA256: 07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000W.tmp
compressed
MD5: 1b70832e1d5930bbe50bc3ee6e6765fb
SHA256: 6d0902cc3c42521d6b4758a6cd690b751c926670568f698444900d18414b9527
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000V.tmp
image
MD5: b02f4a2776b104d3144e3829d2a3bda3
SHA256: a9d65e88b9f25a240e8664f636534f0b7c368dc3b491b463723860f87ca0605e
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000P.tmp
image
MD5: 35be5c43062e331761619641db43229f
SHA256: be7d7db733e4fc629ce9f6e40f9d9f47e81ed9538dd0243e53d8cd5906d0c52e
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000M.tmp
image
MD5: e81efecf1a1b1d3a17d00a904c5cc3c9
SHA256: 54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000K.tmp
image
MD5: cb22f00511d088a71e84f8c1c864caed
SHA256: 09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000S.tmp
image
MD5: 5fa381a8eb16d9e673d32980e7fd1710
SHA256: 7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000Q.tmp
image
MD5: 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
SHA256: 0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000O.tmp
image
MD5: b6ebe55a7d176720cd2b1003298187a8
SHA256: 07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000L.tmp
html
MD5: b9fd4946648d59c5c4c3a49fbae86246
SHA256: a5547062cff5246a893b4b15a294ccb8689d9c0e591e3a2c8835cb51af3ea0d2
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000G.tmp
image
MD5: 857f6f0e0886a3729b758b7241e42e61
SHA256: 8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000H.tmp
image
MD5: 569bf083114694830afab62962ac1646
SHA256: f45e80d0bd52b37b19ac5c6efbac04ce0fab261c9b27b743864a974702ae0b5b
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000C.tmp
compressed
MD5: 6f9905aca4be733967140c0e5851ba91
SHA256: fe9eb29c643f9c6fb173a178138b3cfdb8c6c7878c9301d151977196d7238766
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00007.tmp
image
MD5: d8df89b036e6afb48f72d2440831bad0
SHA256: 2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00009.tmp
html
MD5: 28fe65c887aca4320b6a5abbce41e90a
SHA256: aa3fa8944d828011326e8190497f85815c48d034296e6516ef002beb90e44a9c
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000I.tmp
image
MD5: ccaf96cfc341dc9a17e24b96bef223ff
SHA256: 728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000E.tmp
compressed
MD5: f66ce9f507641cbe02bbfe1fff696456
SHA256: d829f0f815f5b3b4c646791f6328837c2f7402ae1c355b8f8d8a3f5727397007
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000F.tmp
image
MD5: f14ac70aa6dd4d371671c0e6d7cba4e3
SHA256: 9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000D.tmp
image
MD5: baf3aff7caef0be58f29b41f20a0e4db
SHA256: 0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00008.tmp
image
MD5: ae506a6c014bfeb8d8cbfdfbe94c14c9
SHA256: bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000A.tmp
image
MD5: c9b1e40987c4411b4a7d13c07a8843aa
SHA256: 8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000J.tmp
image
MD5: 0ea9115d18d5210d4f1db520881faa3a
SHA256: 544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000B.tmp
compressed
MD5: 00e3fe8b8461dbec7a9a1332be8fec42
SHA256: 8859119d099978b899c8ba734cd027dfbe3591397864b190a46c174281c60246
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00005.tmp
image
MD5: 42ba7ec5e46441d53522a9addc70a6dc
SHA256: c5e5e45ae34162c295fb42e84e5065c8f5b02af0e131217facef0b931843c267
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00006.tmp
image
MD5: ee0e6dd4ef643128a1b7bd4ab32b8a79
SHA256: 51f305558b4ed6fcf3a31b4f9e404fc2ea426cb5e785ac46ce827de0c5cabb4c
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: 758a12c819866644abed153da5778824
SHA256: d3a3c7ba8c195213c2dfc32e8289e7ec7b0787deb55fd5ff9580f83080db56f2
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr26C6.tmp
––
MD5:  ––
SHA256:  ––
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\w.axx-g
binary
MD5: 814bbc6e03fab3eb42ad47f4ae88d01d
SHA256: 970becdd318211084c0665863292c28d94f98ab9433d5aa602d3e470af7bd072
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\assoc002\sesn\opr00004.000
ttf
MD5: e18bbf611f2a2e43afc071aa2f4e1512
SHA256: e395044093757d82afcb138957d06a1ea9361bdcf0b442d06a18a8051af57456
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00004.tmp
woff
MD5: fa2772327f55d8198301fdb8bcfc8158
SHA256: a26394f7ede100ca118eff2eda08596275a9839b959c226e15439557a5a80742
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
xml
MD5: faee7f29cb67db55bdfdf53e67e8df68
SHA256: 61df25eae90d5b029f2a4fda48378a345d9b65401fcdb14fdd742a037da8bda3
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\anonfile.com.idx
text
MD5: c3a8762715dac056379b76b8461a07f3
SHA256: 693feb96c7c92fac845b1bb95ac299408a5e358ed5296fbe42ad936c18808a5d
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fanonfile.com%2Fimg%2Ffavicon%2Ffavicon-32x32-anonfile.png%3F155438.png
image
MD5: 9977ce1fb695e8de6c529de23b86fbdf
SHA256: 8b91fe0f5e3b37916f86cbf5a489a9a6e9af7dc1b3c2513ce5fb29fb37598f72
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00003.tmp
compressed
MD5: 439bceddf1c3b32a7b4765abe86e06f5
SHA256: 8ec7201d6f151797afeb6f48172adc287e87027cae479821411e076902e43eb1
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00002.tmp
compressed
MD5: 852ad853c9d2e012906a687c2b8bef59
SHA256: 5141411cd8a40f33b66490ca068277f4fb9a0e3c35c7ed7205042147c1c92ce0
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: b1f71d66b8d495adc60bd925da09172b
SHA256: e7dedbce30e873276ba94f2de123e5af562869b096205fb15b26bc78db24242a
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
text
MD5: 3f5281b948860e52fe0e440fa12be986
SHA256: dd343f8defafcf2e27b3ef50edb66a7821a4b219a0d326e1373355c02e5289af
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr1AAF.tmp
––
MD5:  ––
SHA256:  ––
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\www.google.com.ua.idx
text
MD5: 0cb740044dd1341dd10bf5e3a3643699
SHA256: 2b4acb29006584c23ed3745d826928a755dde2422d92df4f1e85348e36e912bf
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fwww.google.com.ua%2Ffavicon.png
image
MD5: 049c8919cbc87f4298acb5af65c13783
SHA256: b0b7197d8ba5447af79ebd41e860c9ba52642048811cf27610c65ac94044b6aa
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: 3f5281b948860e52fe0e440fa12be986
SHA256: dd343f8defafcf2e27b3ef50edb66a7821a4b219a0d326e1373355c02e5289af
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprEE6.tmp
––
MD5:  ––
SHA256:  ––
3432
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF16f1c7.TMP
binary
MD5: 309173a3d7ac96e52ca7bb6e941c2cf1
SHA256: d0de40593bce48bb74d7df605809beaa2c8dc578294215278dceb978d10b4c6f
3432
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms
binary
MD5: 309173a3d7ac96e52ca7bb6e941c2cf1
SHA256: d0de40593bce48bb74d7df605809beaa2c8dc578294215278dceb978d10b4c6f
3432
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PS1Z9S50L6HDTQ0PQMYD.temp
––
MD5:  ––
SHA256:  ––
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 7f5dcbf9f067f258078d5071195d5c51
SHA256: fec0be3946fe4780375cee50eb647bea4fb130af228e473fe442b39ff19d0492
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: 9233ff8b7941fcf95374d3db473cde01
SHA256: 5cc2e9681eaa16763d77929913a2a930697296eeff81d644bfd1d170c979428f
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp
––
MD5:  ––
SHA256:  ––
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 59761e989f564f76a3a4b778db7abcf1
SHA256: af879942d234d85c0ce75921dbdda50e2f6d135bd961f259106131751359052b
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: fccccc75861ef0fe746e8a18eff620b4
SHA256: b9f4a7dd6daed0f425a09b66e619421f35673a9fa191a330566cbc811f2f5068
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
binary
MD5: 82f1a2b1176a5ecc457d32301e2ad833
SHA256: a783052804dd4c232be2ed3dc00c430cb67a20370890e235562ed2b27b5a602e
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
xml
MD5: 27d20e8450a066dd245be323c864fc7b
SHA256: 63b1551c88e1d75d2245bae467d10fe89748b7b6c7f1d865574629fad09c1458
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprE6DB.tmp
––
MD5:  ––
SHA256:  ––
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: 4d30bd6cdd1ddd2e6aa9ac3191284780
SHA256: 5ea9825c7d7d5f745350b832585b98c76f33be84224b0bccb029d4472b0b9c30
3432
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprE69C.tmp
––
MD5:  ––
SHA256:  ––
3432
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\CACHEDIR.TAG
text
MD5: e717f92fa29ae97dbe4f6f5c04b7a3d9
SHA256: 5bbd5dcbf87fd8cd7544c522badf22a2951cf010ad9f25c40f9726f09ea2b552
2872
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa2872.25714\awconfig
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
13
TCP/UDP connections
26
DNS requests
14
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3432 opera.exe GET 200 93.184.220.29:80 http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl US
der
whitelisted
3432 opera.exe GET 200 172.217.18.174:80 http://clients1.google.com/complete/search?q=ano&client=opera-suggest-omnibox&hl=de US
text
whitelisted
3432 opera.exe GET 200 172.217.18.174:80 http://clients1.google.com/complete/search?q=anof&client=opera-suggest-omnibox&hl=de US
text
whitelisted
3432 opera.exe GET 200 172.217.18.174:80 http://clients1.google.com/complete/search?q=anofile&client=opera-suggest-omnibox&hl=de US
text
whitelisted
3432 opera.exe GET 302 216.58.208.35:80 http://www.google.com.ua/search?q=anofile&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest US
html
whitelisted
3432 opera.exe GET 400 185.26.182.112:80 http://sitecheck2.opera.com/?host=www.google.com.ua&hdn=Nxr6KEmdGjdmqcWka8dkkA== unknown
html
whitelisted
3432 opera.exe GET 302 216.58.208.35:80 http://www.google.com.ua/search?client=opera&q=anofile&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest US
html
whitelisted
3432 opera.exe GET 200 172.217.22.3:80 http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBl7GqnL5JVcAgAAAABB5oE%3D US
der
whitelisted
3432 opera.exe GET 200 172.217.22.3:80 http://crl.pki.goog/gsr2/gsr2.crl US
der
whitelisted
3432 opera.exe GET 200 172.217.22.3:80 http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCrQ3TWXBFg3AIAAAAAQebm US
der
whitelisted
3432 opera.exe GET 200 192.35.177.64:80 http://crl.identrust.com/DSTROOTCAX3CRL.crl US
der
whitelisted
3432 opera.exe GET 200 2.16.186.11:80 http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgNg0mjaePvJInuBljKHR6Yp5A%3D%3D unknown
der
whitelisted
3432 opera.exe GET 200 172.217.22.3:80 http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEEanTyVp9ezcCAAAAAARu4s%3D US
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3432 opera.exe 185.26.182.94:443 Opera Software AS –– malicious
3432 opera.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3432 opera.exe 172.217.18.174:80 Google Inc. US whitelisted
3432 opera.exe 216.58.208.35:80 Google Inc. US whitelisted
3432 opera.exe 185.26.182.112:80 Opera Software AS –– suspicious
3432 opera.exe 216.58.208.35:443 Google Inc. US whitelisted
3432 opera.exe 172.217.22.3:80 Google Inc. US whitelisted
3432 opera.exe 172.217.22.35:443 Google Inc. US whitelisted
3432 opera.exe 172.217.23.163:443 Google Inc. US whitelisted
3432 opera.exe 194.32.146.61:443 –– unknown
3432 opera.exe 192.35.177.64:80 IdenTrust US malicious
3432 opera.exe 2.16.186.11:80 Akamai International B.V. –– whitelisted
3432 opera.exe 172.217.22.40:443 Google Inc. US whitelisted
3432 opera.exe 172.217.18.174:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
certs.opera.com 185.26.182.94
185.26.182.93
whitelisted
crl4.digicert.com 93.184.220.29
whitelisted
clients1.google.com 172.217.18.174
whitelisted
www.google.com.ua 216.58.208.35
whitelisted
sitecheck2.opera.com 185.26.182.112
185.26.182.93
185.26.182.94
185.26.182.111
whitelisted
crl.pki.goog 172.217.22.3
whitelisted
ocsp.pki.goog 172.217.22.3
whitelisted
id.google.com.ua 172.217.22.35
whitelisted
id.google.com 172.217.23.163
whitelisted
anonfile.com 194.32.146.61
194.32.146.60
malicious
crl.identrust.com 192.35.177.64
whitelisted
ocsp.int-x3.letsencrypt.org 2.16.186.11
2.16.186.27
whitelisted
www.googletagmanager.com 172.217.22.40
whitelisted
www.google-analytics.com 172.217.18.174
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.