General Info

File name

New Text Document.txt

Full analysis
https://app.any.run/tasks/b010dec0-7b1d-4329-8088-ab839efa4bd0
Verdict
Malicious activity
Analysis date
10/9/2019, 17:39:00
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/plain
File info:
ASCII text, with no line terminators
MD5

047eada1c08b45202fe75723600ad429

SHA1

2181f60da557adc4e054a7d89765a6ea441d9004

SHA256

85e439e0ec75a8150015924eb95294f14162ee7f29ace5c8afe0e1fe6ef2e34f

SSDEEP

3:N8RGKQjrj19Qn:2gKeJ9Qn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Creates files in the user directory
  • opera.exe (PID: 1936)
Manual execution by user
  • opera.exe (PID: 1936)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

Screenshots

Processes

Total processes
32
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start notepad.exe no specs opera.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1144
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\New Text Document.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll

PID
1936
CMD
"C:\Program Files\Opera\opera.exe"
Path
C:\Program Files\Opera\opera.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Opera Software
Description
Opera Internet Browser
Version
1748
Modules
Image
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\opera\opera.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\quartz.dll
c:\program files\adobe\acrobat reader dc\reader\browser\nppdf32.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\progra~1\micros~1\office14\npauthz.dll
c:\progra~1\micros~1\office14\npspwrap.dll
c:\program files\google\update\1.3.34.11\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll

Registry activity

Total events
202
Read events
144
Write events
58
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1936
opera.exe
write
HKEY_CURRENT_USER\Software\Opera Software
Last CommandLine v2
C:\Program Files\Opera\opera.exe
1936
opera.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
32
Text files
22
Unknown types
2

Dropped files

PID
Process
Filename
Type
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000A.tmp
image
MD5: b02f4a2776b104d3144e3829d2a3bda3
SHA256: a9d65e88b9f25a240e8664f636534f0b7c368dc3b491b463723860f87ca0605e
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00002.tmp
woff
MD5: fa2772327f55d8198301fdb8bcfc8158
SHA256: a26394f7ede100ca118eff2eda08596275a9839b959c226e15439557a5a80742
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000I.tmp
image
MD5: b6ebe55a7d176720cd2b1003298187a8
SHA256: 07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00005.tmp
image
MD5: ae506a6c014bfeb8d8cbfdfbe94c14c9
SHA256: bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000B.tmp
compressed
MD5: cd6a4bffc06fe20175dd794b168e0643
SHA256: d72298468b6e60236df82ef91aa1ad7840d0869d275d5fa08727b9ef15eabcba
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000G.tmp
image
MD5: e81efecf1a1b1d3a17d00a904c5cc3c9
SHA256: 54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00007.tmp
image
MD5: baf3aff7caef0be58f29b41f20a0e4db
SHA256: 0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000H.tmp
image
MD5: 9f8cc07c258bcd2de0c7900861e20ffc
SHA256: 07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000D.tmp
image
MD5: ccaf96cfc341dc9a17e24b96bef223ff
SHA256: 728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00008.tmp
image
MD5: f14ac70aa6dd4d371671c0e6d7cba4e3
SHA256: 9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000K.tmp
image
MD5: 5fa381a8eb16d9e673d32980e7fd1710
SHA256: 7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00004.tmp
image
MD5: d8df89b036e6afb48f72d2440831bad0
SHA256: 2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000J.tmp
image
MD5: 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
SHA256: 0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00009.tmp
image
MD5: ee0e6dd4ef643128a1b7bd4ab32b8a79
SHA256: 51f305558b4ed6fcf3a31b4f9e404fc2ea426cb5e785ac46ce827de0c5cabb4c
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000E.tmp
image
MD5: 0ea9115d18d5210d4f1db520881faa3a
SHA256: 544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000C.tmp
image
MD5: 857f6f0e0886a3729b758b7241e42e61
SHA256: 8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000F.tmp
image
MD5: cb22f00511d088a71e84f8c1c864caed
SHA256: 09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\anonfile.com.idx
text
MD5: 5ed3f55d43cd922c3b3e53f30c18e311
SHA256: a322d95f1d8675a6d186ae70f7cd7509f0e3a252e73f482e0d2e5b3cf009487f
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fanonfile.com%2Fimg%2Ffavicon%2Ffavicon-32x32-anonfile.png%3F156183.png
image
MD5: 9977ce1fb695e8de6c529de23b86fbdf
SHA256: 8b91fe0f5e3b37916f86cbf5a489a9a6e9af7dc1b3c2513ce5fb29fb37598f72
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00003.tmp
compressed
MD5: 61f63bbe73cfad234524b0645aa34ca3
SHA256: 771c63448cbc345495de1c75af26f439c4750a2014811cfe38ffeeb9d61da7b7
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\assoc002\sesn\opr00002.000
ttf
MD5: e18bbf611f2a2e43afc071aa2f4e1512
SHA256: e395044093757d82afcb138957d06a1ea9361bdcf0b442d06a18a8051af57456
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00006.tmp
image
MD5: c9b1e40987c4411b4a7d13c07a8843aa
SHA256: 8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: 84d5f43291d75e6589e385f59559229a
SHA256: b8ec4183770c40d86e4d0936f7094adc18855bef49083e4fc2fc1a2bdaa29801
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: e35c52e475c6a1a14bd15febab0198da
SHA256: 69a714a65e8160601d5a46476a3b3b9e3acefabdba7a325b11886e1954d7c318
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
xml
MD5: 3e7e73f2c23156bd79373da27848bc65
SHA256: f5ef19f276e90312b85b9cdada9d28dd9059e3e22e7b650b7996cc2bda0dfda0
1936
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms
binary
MD5: 309173a3d7ac96e52ca7bb6e941c2cf1
SHA256: d0de40593bce48bb74d7df605809beaa2c8dc578294215278dceb978d10b4c6f
1936
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF189a85.TMP
binary
MD5: 309173a3d7ac96e52ca7bb6e941c2cf1
SHA256: d0de40593bce48bb74d7df605809beaa2c8dc578294215278dceb978d10b4c6f
1936
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HZ9NWR17C8SGN9E06HVM.temp
––
MD5:  ––
SHA256:  ––
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 7f5dcbf9f067f258078d5071195d5c51
SHA256: fec0be3946fe4780375cee50eb647bea4fb130af228e473fe442b39ff19d0492
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: d656e98f888091b8ac8a9d3d5c912159
SHA256: be6c53668a3c6b44ea8705f11f36921b79a18d6a2f71a408ad85384ae83f6724
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp
––
MD5:  ––
SHA256:  ––
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
binary
MD5: 82f1a2b1176a5ecc457d32301e2ad833
SHA256: a783052804dd4c232be2ed3dc00c430cb67a20370890e235562ed2b27b5a602e
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 59761e989f564f76a3a4b778db7abcf1
SHA256: af879942d234d85c0ce75921dbdda50e2f6d135bd961f259106131751359052b
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: 810ca07f868f5f51557e325ac291d129
SHA256: a890c54be6086484c411989ee6b569d6afe9d755f306ae89f39394be5b406702
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
xml
MD5: 0fdfac9e3f87c76490a2a4dfc6d3a17c
SHA256: ce2a115a6232db0a87ab513c731469d04612f59f27fb9306e4f543d31978b14a
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr8F5B.tmp
––
MD5:  ––
SHA256:  ––
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: ff4ebdcc39b6b56cf730cbec98797900
SHA256: 6cc56a364fee2089f08329f1ea27f9d2ff5b73b135d83e4d72496e1d18a42f45
1936
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr8F2B.tmp
––
MD5:  ––
SHA256:  ––
1936
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\CACHEDIR.TAG
text
MD5: e717f92fa29ae97dbe4f6f5c04b7a3d9
SHA256: 5bbd5dcbf87fd8cd7544c522badf22a2951cf010ad9f25c40f9726f09ea2b552

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
6
TCP/UDP connections
33
DNS requests
13
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
1936 opera.exe GET 200 93.184.220.29:80 http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl US
der
whitelisted
1936 opera.exe GET 200 2.20.189.244:80 http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgO4VdgpPDpsZKiHZKn8sXFI5w%3D%3D unknown
der
whitelisted
1936 opera.exe GET 200 192.35.177.64:80 http://crl.identrust.com/DSTROOTCAX3CRL.crl US
der
whitelisted
1936 opera.exe GET 200 93.184.220.29:80 http://crl4.digicert.com/DigiCertGlobalRootG2.crl US
der
whitelisted
1936 opera.exe GET 200 93.184.220.29:80 http://s.symcb.com/pca3-g5.crl US
der
whitelisted
1936 opera.exe GET 200 216.58.208.35:80 http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDZ0XRmzo2h%2BwgAAAAAFPsF US
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
1936 opera.exe 185.26.182.94:443 Opera Software AS –– malicious
1936 opera.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
1936 opera.exe 185.26.182.93:443 Opera Software AS –– unknown
1936 opera.exe 194.32.146.60:443 –– unknown
1936 opera.exe 107.167.110.216:443 Opera Software Americas LLC US suspicious
1936 opera.exe 192.35.177.64:80 IdenTrust US malicious
1936 opera.exe 2.20.189.244:80 Akamai International B.V. –– whitelisted
1936 opera.exe 107.167.110.211:443 Opera Software Americas LLC US unknown
1936 opera.exe 151.101.2.217:443 Fastly US unknown
1936 opera.exe 104.18.39.148:443 Cloudflare Inc US shared
1936 opera.exe 52.222.168.229:443 Amazon.com, Inc. US unknown
1936 opera.exe 172.217.22.72:443 Google Inc. US whitelisted
1936 opera.exe 194.32.146.61:443 –– unknown
1936 opera.exe 151.101.66.217:443 Fastly US unknown
1936 opera.exe 104.18.38.148:443 Cloudflare Inc US shared
1936 opera.exe 52.222.168.249:443 Amazon.com, Inc. US unknown
1936 opera.exe 216.58.208.35:80 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
certs.opera.com 185.26.182.94
185.26.182.93
whitelisted
crl4.digicert.com 93.184.220.29
whitelisted
anonfile.com 194.32.146.60
194.32.146.61
malicious
sitecheck2.opera.com 107.167.110.216
107.167.110.211
whitelisted
crl.identrust.com 192.35.177.64
whitelisted
ocsp.int-x3.letsencrypt.org 2.20.189.244
2.20.190.17
whitelisted
vjs.zencdn.net 151.101.2.217
151.101.66.217
151.101.130.217
151.101.194.217
unknown
www.googletagmanager.com 172.217.22.72
whitelisted
shermore.info 104.18.39.148
104.18.38.148
whitelisted
d3ud741uvs727m.cloudfront.net 52.222.168.229
52.222.168.249
52.222.168.84
52.222.168.137
whitelisted
s.symcb.com 93.184.220.29
whitelisted
ocsp.pki.goog 216.58.208.35
whitelisted
crl.pki.goog 216.58.208.35
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.