URL:

https://reelzone.vip

Full analysis: https://app.any.run/tasks/e22b270b-ab48-4476-99c6-ac6733b9fc58
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 25, 2025, 11:35:47
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
opera
tool
stealer
Indicators:
MD5:

F08606E6C411A61F7708FDFF053B640C

SHA1:

03835D75C27F698153E4EE0DCBDC18B4C8BC172B

SHA256:

8E8D88F76B2E0505D1775D281C115027811500D9569F0F2DACD16B86C73E8845

SSDEEP:

3:N8h6n:2gn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • assistant_installer.exe (PID: 7020)
      • opera.exe (PID: 1412)

    • Actions looks like stealing of personal data

      • opera.exe (PID: 1412)

    • Steals credentials from Web Browsers

      • opera.exe (PID: 1412)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OperaGXSetup.exe (PID: 9076)
      • setup.exe (PID: 9136)
      • setup.exe (PID: 9112)
      • setup.exe (PID: 6916)
      • setup.exe (PID: 4632)
      • setup.exe (PID: 3368)
      • Opera_GX_assistant_125.0.5729.22_Setup.exe_sfx.exe (PID: 5304)
      • installer.exe (PID: 2196)
      • installer.exe (PID: 3688)
      • assistant_installer.exe (PID: 7020)
      • installer.exe (PID: 8656)
      • installer.exe (PID: 9224)

    • Application launched itself

      • setup.exe (PID: 9112)
      • setup.exe (PID: 4632)
      • installer.exe (PID: 3688)
      • assistant_installer.exe (PID: 7020)
      • assistant_installer.exe (PID: 8380)
      • browser_assistant.exe (PID: 6236)
      • opera.exe (PID: 1412)
      • assistant_installer.exe (PID: 6456)
      • installer.exe (PID: 8656)
      • opera_autoupdate.exe (PID: 7408)
      • opera_autoupdate.exe (PID: 9524)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 9112)
      • installer.exe (PID: 3688)
      • browser_assistant.exe (PID: 6236)

    • Starts itself from another location

      • setup.exe (PID: 9112)
      • assistant_installer.exe (PID: 7020)

    • Process drops legitimate windows executable

      • Opera_GX_assistant_125.0.5729.22_Setup.exe_sfx.exe (PID: 5304)
      • assistant_installer.exe (PID: 7020)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 9112)

    • Reads the date of Windows installation

      • installer.exe (PID: 3688)
      • opera.exe (PID: 1412)

    • Searches for installed software

      • installer.exe (PID: 3688)
      • browser_assistant.exe (PID: 6236)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 1412)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 9524)

  • INFO

    • Reads the computer name

      • identity_helper.exe (PID: 8172)
      • setup.exe (PID: 9112)
      • setup.exe (PID: 4632)
      • assistant_installer.exe (PID: 6456)
      • installer.exe (PID: 3688)
      • assistant_installer.exe (PID: 7020)
      • opera.exe (PID: 1412)
      • assistant_installer.exe (PID: 8380)
      • opera.exe (PID: 7240)
      • browser_assistant.exe (PID: 6236)
      • opera.exe (PID: 8772)
      • opera.exe (PID: 8472)
      • opera.exe (PID: 8828)
      • opera.exe (PID: 7276)
      • opera.exe (PID: 748)
      • opera.exe (PID: 7420)
      • opera_gx_splash.exe (PID: 9104)
      • opera.exe (PID: 9316)
      • TextInputHost.exe (PID: 9888)
      • installer.exe (PID: 8656)
      • opera_autoupdate.exe (PID: 7408)
      • opera_autoupdate.exe (PID: 9524)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 7624)

    • Checks supported languages

      • identity_helper.exe (PID: 8172)
      • OperaGXSetup.exe (PID: 9076)
      • setup.exe (PID: 9112)
      • setup.exe (PID: 9136)
      • setup.exe (PID: 6916)
      • setup.exe (PID: 4632)
      • setup.exe (PID: 3368)
      • assistant_installer.exe (PID: 6456)
      • assistant_installer.exe (PID: 8536)
      • installer.exe (PID: 2196)
      • Opera_GX_assistant_125.0.5729.22_Setup.exe_sfx.exe (PID: 5304)
      • assistant_installer.exe (PID: 7020)
      • assistant_installer.exe (PID: 5772)
      • installer.exe (PID: 3688)
      • assistant_installer.exe (PID: 8380)
      • assistant_installer.exe (PID: 6724)
      • browser_assistant.exe (PID: 8748)
      • opera.exe (PID: 1412)
      • browser_assistant.exe (PID: 6236)
      • opera.exe (PID: 7240)
      • opera_crashreporter.exe (PID: 4028)
      • opera_crashreporter.exe (PID: 6456)
      • opera.exe (PID: 8772)
      • opera.exe (PID: 8472)
      • opera_crashreporter.exe (PID: 6272)
      • opera_crashreporter.exe (PID: 8664)
      • opera.exe (PID: 7276)
      • opera_crashreporter.exe (PID: 8940)
      • opera.exe (PID: 8828)
      • opera_crashreporter.exe (PID: 8604)
      • opera.exe (PID: 7420)
      • opera.exe (PID: 748)
      • opera.exe (PID: 8764)
      • opera.exe (PID: 8204)
      • opera.exe (PID: 5224)
      • opera.exe (PID: 8604)
      • opera.exe (PID: 7212)
      • opera.exe (PID: 8720)
      • opera.exe (PID: 2488)
      • opera_gx_splash.exe (PID: 9104)
      • opera.exe (PID: 4312)
      • opera.exe (PID: 508)
      • opera.exe (PID: 9076)
      • opera.exe (PID: 9124)
      • opera.exe (PID: 5704)
      • opera.exe (PID: 9080)
      • opera.exe (PID: 8464)
      • opera.exe (PID: 7580)
      • opera.exe (PID: 8440)
      • opera.exe (PID: 7620)
      • opera.exe (PID: 6532)
      • opera.exe (PID: 9316)
      • opera.exe (PID: 9256)
      • opera.exe (PID: 9220)
      • opera.exe (PID: 9248)
      • opera.exe (PID: 9368)
      • opera.exe (PID: 9352)
      • opera.exe (PID: 9388)
      • opera.exe (PID: 9404)
      • opera.exe (PID: 9360)
      • opera.exe (PID: 9452)
      • opera.exe (PID: 9396)
      • opera.exe (PID: 9460)
      • TextInputHost.exe (PID: 9888)
      • opera.exe (PID: 5636)
      • opera.exe (PID: 8640)
      • opera.exe (PID: 8456)
      • opera.exe (PID: 1844)
      • installer.exe (PID: 8656)
      • opera.exe (PID: 10112)
      • opera.exe (PID: 4968)
      • opera.exe (PID: 9152)
      • opera.exe (PID: 10132)
      • installer.exe (PID: 9224)
      • opera_autoupdate.exe (PID: 7408)
      • opera_autoupdate.exe (PID: 9908)
      • opera_autoupdate.exe (PID: 8616)
      • opera.exe (PID: 9836)
      • opera_autoupdate.exe (PID: 9524)
      • opera.exe (PID: 10148)
      • opera.exe (PID: 5520)
      • opera.exe (PID: 6396)
      • opera.exe (PID: 10204)
      • opera.exe (PID: 1180)
      • opera.exe (PID: 9652)
      • opera.exe (PID: 1348)
      • opera.exe (PID: 3688)
      • opera.exe (PID: 4552)
      • opera.exe (PID: 10272)
      • opera.exe (PID: 10300)
      • opera.exe (PID: 10372)
      • opera.exe (PID: 10468)
      • opera.exe (PID: 10476)
      • opera.exe (PID: 8800)
      • opera.exe (PID: 10612)
      • opera.exe (PID: 10704)
      • opera.exe (PID: 10804)
      • opera.exe (PID: 10868)
      • opera.exe (PID: 10576)

    • Reads Environment values

      • identity_helper.exe (PID: 8172)

    • The sample compiled with english language support

      • OperaGXSetup.exe (PID: 9076)
      • setup.exe (PID: 9136)
      • setup.exe (PID: 9112)
      • setup.exe (PID: 6916)
      • setup.exe (PID: 4632)
      • setup.exe (PID: 3368)
      • Opera_GX_assistant_125.0.5729.22_Setup.exe_sfx.exe (PID: 5304)
      • installer.exe (PID: 2196)
      • installer.exe (PID: 3688)
      • assistant_installer.exe (PID: 7020)
      • installer.exe (PID: 8656)
      • installer.exe (PID: 9224)

    • Create files in a temporary directory

      • OperaGXSetup.exe (PID: 9076)
      • setup.exe (PID: 9136)
      • setup.exe (PID: 9112)
      • setup.exe (PID: 6916)
      • setup.exe (PID: 4632)
      • setup.exe (PID: 3368)
      • installer.exe (PID: 3688)
      • installer.exe (PID: 2196)
      • opera.exe (PID: 1412)
      • Opera_GX_assistant_125.0.5729.22_Setup.exe_sfx.exe (PID: 5304)
      • installer.exe (PID: 8656)
      • installer.exe (PID: 9224)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7624)
      • msedge.exe (PID: 7944)

    • Application launched itself

      • msedge.exe (PID: 7624)

    • Creates files or folders in the user directory

      • setup.exe (PID: 9136)
      • setup.exe (PID: 9112)
      • setup.exe (PID: 4632)
      • installer.exe (PID: 3688)
      • assistant_installer.exe (PID: 7020)
      • opera.exe (PID: 1412)
      • opera.exe (PID: 7420)
      • opera_autoupdate.exe (PID: 7408)
      • opera_autoupdate.exe (PID: 9908)
      • browser_assistant.exe (PID: 6236)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 9112)
      • installer.exe (PID: 3688)
      • opera.exe (PID: 1412)
      • browser_assistant.exe (PID: 6236)
      • opera_autoupdate.exe (PID: 7408)
      • opera_autoupdate.exe (PID: 9524)
      • opera_autoupdate.exe (PID: 9908)
      • opera_autoupdate.exe (PID: 8616)

    • Checks proxy server information

      • setup.exe (PID: 9112)
      • browser_assistant.exe (PID: 6236)
      • opera.exe (PID: 1412)
      • opera_autoupdate.exe (PID: 7408)

    • Creates a software uninstall entry

      • installer.exe (PID: 3688)

    • Launching a file from a Registry key

      • assistant_installer.exe (PID: 7020)
      • opera.exe (PID: 1412)

    • OPERA mutex has been found

      • browser_assistant.exe (PID: 6236)
      • opera.exe (PID: 1412)
      • opera_autoupdate.exe (PID: 7408)

    • Process checks computer location settings

      • opera.exe (PID: 1412)
      • opera.exe (PID: 7212)
      • opera.exe (PID: 8604)
      • opera.exe (PID: 508)
      • opera.exe (PID: 7620)
      • opera.exe (PID: 8464)
      • opera.exe (PID: 7580)
      • opera.exe (PID: 8440)
      • opera.exe (PID: 6532)
      • opera.exe (PID: 9256)
      • opera.exe (PID: 10132)
      • opera.exe (PID: 8456)
      • opera.exe (PID: 1844)
      • opera.exe (PID: 10148)
      • opera.exe (PID: 10272)
      • opera.exe (PID: 10476)
      • opera.exe (PID: 10612)
      • opera.exe (PID: 10868)
      • opera.exe (PID: 10804)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
275
Monitored processes
130
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs operagxsetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe opera_gx_assistant_125.0.5729.22_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs installer.exe installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe opera.exe browser_assistant.exe opera.exe no specs opera_crashreporter.exe opera_crashreporter.exe browser_assistant.exe opera.exe no specs opera_crashreporter.exe opera.exe no specs opera_crashreporter.exe opera.exe no specs opera_crashreporter.exe opera.exe no specs opera_crashreporter.exe unsecapp.exe no specs opera.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs textinputhost.exe no specs comppkgsrv.exe no specs installer.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe opera_autoupdate.exe opera_autoupdate.exe no specs opera_autoupdate.exe opera.exe no specs opera_autoupdate.exe slui.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
508"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36 OPR/125.0.0.0 (Edition std-2)" --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-autocomplete-filter=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-mixed=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=14 --metrics-shmem-handle=5116,i,5313556614012760509,4298295523693871850,2097152 --field-trial-handle=1976,i,7029571344071567908,2799804391068498830,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
125.0.5729.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\125.0.5729.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
748"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --no-pre-read-main-dll --force-high-res-timeticks=disabled --start-stack-profiler --with-feature:address-bar-dropdown-autocomplete-filter=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-mixed=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=1824,i,14407680488831502441,10229958048153961440,262144 --field-trial-handle=1976,i,7029571344071567908,2799804391068498830,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --mojo-platform-channel-handle=1972 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
125.0.5729.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\125.0.5729.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1180"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-autocomplete-filter=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-mixed=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --metrics-shmem-handle=9128,i,5270051521621065415,11286584336340602014,524288 --field-trial-handle=1976,i,7029571344071567908,2799804391068498830,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --mojo-platform-channel-handle=7664 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
125.0.5729.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\125.0.5729.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1348"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-autocomplete-filter=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-mixed=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --metrics-shmem-handle=6704,i,17365819198848304487,15234333202064347434,524288 --field-trial-handle=1976,i,7029571344071567908,2799804391068498830,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --mojo-platform-channel-handle=8676 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
125.0.5729.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\125.0.5729.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1412"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --start-maximizedC:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Internet Browser
Version:
125.0.5729.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\125.0.5729.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1844"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36 OPR/125.0.0.0 (Edition std-2)" --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-autocomplete-filter=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-mixed=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=24 --metrics-shmem-handle=5576,i,10868335683669927560,7290051831625684869,2097152 --field-trial-handle=1976,i,7029571344071567908,2799804391068498830,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Version:
125.0.5729.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\125.0.5729.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2196"C:\Users\admin\AppData\Local\Programs\Opera GX\125.0.5729.58\installer.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=125.0.5729.58 --initial-client-data=0x27c,0x280,0x284,0x84,0x288,0x7ffd6b3113f8,0x7ffd6b311404,0x7ffd6b311410C:\Users\admin\AppData\Local\Programs\Opera GX\125.0.5729.58\installer.exe
installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
125.0.5729.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\125.0.5729.58\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2220"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4176,i,8125596379516648505,4617875023798642690,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2488"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-autocomplete-filter=on --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-mixed=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --ab_tests=GXCTest50-ref:DNA-99214_GXCTest50 --metrics-shmem-handle=3008,i,7235301133029452232,14041853905611789162,524288 --field-trial-handle=1976,i,7029571344071567908,2799804391068498830,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --mojo-platform-channel-handle=3184 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
125.0.5729.58
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\125.0.5729.58\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
3368C:\Users\admin\AppData\Local\Temp\7zS473C5AA0\setup.exe --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=125.0.5729.58 --initial-client-data=0x27c,0x28c,0x290,0xb4,0x294,0x7ffd6ceb13f8,0x7ffd6ceb1404,0x7ffd6ceb1410C:\Users\admin\AppData\Local\Temp\7zS473C5AA0\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera GX Installer
Exit code:
0
Version:
125.0.5729.58
Modules
Images
c:\users\admin\appdata\local\temp\7zs473c5aa0\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
19 929
Read events
19 366
Write events
554
Delete events
9

Modification events

(PID) Process:(9112) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(9112) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(9112) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4632) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(3688) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(3688) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 125.0.5729.58
Operation:writeName:DisplayName
Value:
Opera GX Stable 125.0.5729.58
(PID) Process:(3688) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 125.0.5729.58
Operation:writeName:DisplayIcon
Value:
"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe",0
(PID) Process:(3688) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 125.0.5729.58
Operation:writeName:DisplayVersion
Value:
125.0.5729.58
(PID) Process:(3688) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 125.0.5729.58
Operation:writeName:HelpLink
Value:
https://help.opera.com/latest/
(PID) Process:(3688) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 125.0.5729.58
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX
Executable files
30
Suspicious files
527
Text files
1 230
Unknown types
9

Dropped files

PID
Process
Filename
Type
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFfdff7.TMP
MD5:
SHA256:
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFfe006.TMP
MD5:
SHA256:
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFfe006.TMP
MD5:
SHA256:
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFfe006.TMP
MD5:
SHA256:
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFfe006.TMP
MD5:
SHA256:
7624msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFfe016.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
277
TCP/UDP connections
236
DNS requests
212
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7944
msedge.exe
POST
204
216.239.32.36:443
https://region1.google-analytics.com/g/collect?v=2&tid=G-Z93W33F4WC&gtm=45je5ca1v9203737370za200zd9203737370&_p=1766662554581&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&cid=2001852214.1766662555&ul=en-us&sr=1360x768&uaa=x86&uab=64&uafvl=Not(A%253ABrand%3B99.0.0.0%7CMicrosoft%2520Edge%3B133.0.3065.92%7CChromium%3B133.0.6943.142&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~104527907~104528500~104684208~104684211~105391252~115583767~115616985~115938466~115938469~116184927~116184929~116251938~116251940~116682875&sid=1766662554&sct=1&seg=0&dl=https%3A%2F%2Freelzone.vip%2F&dt=ReelZone%20-%20Free%20and%20Fast%20Streaming%20of%20Movies%20and%20TV%20Shows&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=575
unknown
unknown
7944
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:Mmibfy6w19UjGFukfhxbJjmEMl1MjNbtrFCEEaZIEQM&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
7944
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=65&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1741678270&lafgdate=0
unknown
text
768 b
whitelisted
7944
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
text
462 b
whitelisted
7944
msedge.exe
GET
200
188.114.96.3:443
https://reelzone.vip/js/aclib.js
unknown
text
128 Kb
unknown
7944
msedge.exe
GET
200
188.114.96.3:443
https://reelzone.vip/script.js
unknown
text
13.4 Kb
unknown
7944
msedge.exe
GET
200
188.114.96.3:443
https://reelzone.vip/styles.css
unknown
text
10.5 Kb
unknown
7944
msedge.exe
GET
200
188.114.96.3:443
https://reelzone.vip/
unknown
html
8.65 Kb
unknown
7944
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
unknown
25 b
whitelisted
7944
msedge.exe
GET
200
23.3.88.27:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
text
128 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5148
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
3176
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7944
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7944
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7944
msedge.exe
188.114.96.3:443
reelzone.vip
CLOUDFLARENET
US
whitelisted
7944
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7944
msedge.exe
104.18.23.222:443
copilot.microsoft.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.142
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
reelzone.vip
  • 188.114.96.3
  • 188.114.97.3
  • 185.26.182.106
  • 185.26.182.94
  • 185.26.182.111
  • 185.26.182.112
  • 185.26.182.93
  • 185.26.182.118
unknown
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted
www.bing.com
  • 23.3.88.27
  • 23.3.88.19
  • 23.3.88.35
  • 23.3.88.43
  • 23.3.88.50
  • 23.3.88.8
  • 23.3.88.66
  • 23.3.88.18
  • 23.3.88.26
whitelisted
www.googletagmanager.com
  • 216.58.206.72
whitelisted
cdn.jsdelivr.net
  • 151.101.193.229
  • 151.101.65.229
  • 151.101.1.229
  • 151.101.129.229
whitelisted
static.cloudflareinsights.com
  • 104.16.80.73
  • 104.16.79.73
whitelisted

Threats

PID
Process
Class
Message
7944
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7944
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
7944
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
7944
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7944
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
7944
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7944
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
7944
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (ipapi .co in DNS lookup)
7944
msedge.exe
Potentially Bad Traffic
SUSPICIOUS [ANY.RUN] Possible Malicious CrossDomain (usrpubtrk .com)
7944
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (ipapi .co in DNS lookup)
Process
Message
setup.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
setup.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
assistant_installer.exe
[1225/063622.751:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:170] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\f5018961-cc54-4545-8896-0c9049db84c1 Opera GX Installer Temp\opera_package_202512250636131\assistant\assistant_installer.exe" --version
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
assistant_installer.exe
[1225/063633.603:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:170] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\f5018961-cc54-4545-8896-0c9049db84c1 Opera GX Installer Temp\opera_package_202512250636131\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX\assistant" --copyonly=0 --allusers=0
assistant_installer.exe
[1225/063633.626:INFO:opera\desktop\windows\assistant\installer\assistant_installer.cc:308] Setting up the registry
assistant_installer.exe
[1225/063633.641:INFO:opera\desktop\windows\assistant\installer\assistant_installer.cc:359] Creating scheduled task
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://reelzone.vip