General Info Watch the FULL Interactive Analysis at ANY.RUN!

URL

http://wintercold.info

Verdict
Malicious activity
Analysis date
2/11/2019, 09:52:41
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Creates files in the user directory
  • opera.exe (PID: 2996)
Dropped object may contain Bitcoin addresses
  • opera.exe (PID: 2996)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
30
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start opera.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2996
CMD
"C:\Program Files\Opera\opera.exe" http://wintercold.info
Path
C:\Program Files\Opera\opera.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Opera Software
Description
Opera Internet Browser
Version
1748
Modules
Image
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\opera\opera.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\quartz.dll
c:\program files\adobe\acrobat reader dc\reader\browser\nppdf32.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\progra~1\micros~1\office14\npauthz.dll
c:\progra~1\micros~1\office14\npspwrap.dll
c:\program files\google\update\1.3.33.17\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shdocvw.dll

Registry activity

Total events
287
Read events
227
Write events
60
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2996
opera.exe
write
HKEY_CURRENT_USER\Software\Opera Software
Last CommandLine v2
C:\Program Files\Opera\opera.exe http://wintercold.info
2996
opera.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
60
Text files
167
Unknown types
10

Dropped files

PID Process Filename Type
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00056.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002F.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr00055.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\assoc002\g_0001\opr00054.000 otf
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr00054.tmp woff
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr00052.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00051.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004Y.tmp text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004X.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004Z.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr00050.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004Q.tmp binary
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004O.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004W.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004L.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004P.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004M.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004N.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004V.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004T.tmp text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004R.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004S.tmp text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004K.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004U.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004H.tmp image
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr90F1.tmp ––
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004I.tmp text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004G.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004H.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\icons\stavreg.ru.idx text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fstavreg.ru%2Ftemplates%2Fprotostar%2Ffavicon.png image
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr7440.tmp ––
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml xml
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004F.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004D.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004E.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0004C.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004B.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0004A.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00043.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00046.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00040.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00045.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr00044.tmp binary
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003Z.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00048.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003W.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003X.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00049.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00042.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00041.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00047.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003Y.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003U.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0001\opr0003R.tmp binary
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003T.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003L.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003O.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003Q.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003S.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003I.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003N.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003J.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003K.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003P.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003V.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00033.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00037.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003H.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003C.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003F.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003A.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00036.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00038.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003E.tmp text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00032.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00035.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00034.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00039.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003G.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00030.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003B.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00031.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0003D.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002U.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002R.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002Y.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002W.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002L.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002S.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002V.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002P.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002Z.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002N.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002O.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002T.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002X.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002M.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002Q.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002H.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002E.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002J.tmp text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00028.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00029.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002I.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00057.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002A.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002C.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002D.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002G.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002B.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0002K.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00022.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001Y.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00020.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00025.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001X.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001U.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001Z.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00026.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00027.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001V.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00024.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00023.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00021.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001W.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001T.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001S.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\pstorage\00\1F\00000000 text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\pstorage\00\1F\opr6A1D.tmp ––
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr6876.tmp ––
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\pstorage\psindex.dat xml
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\pstorage\opr6307.tmp ––
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\pstorage\00\1F\00000000 text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\pstorage\00\1F\opr62F6.tmp ––
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001Q.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001R.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001O.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001P.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001N.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001L.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001M.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001I.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001J.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001K.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001H.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001K.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001J.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001I.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001G.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001F.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001E.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\78922692-3601-de42-ac06-e30a85bf5633.png image
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat binary
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001D.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001C.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat binary
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\assoc002\sesn\opr0001B.000 ttf
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001B.tmp woff
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\assoc002\sesn\opr0001A.000 ttf
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0001A.tmp woff
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00019.tmp woff
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\assoc002\sesn\opr00019.000 ttf
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00018.tmp woff
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\assoc002\sesn\opr00018.000 ttf
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat text
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00017.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat binary
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\db8a2a05-cf67-924d-aebe-4f3590c88d40.png image
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat binary
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0000\opr00013.tmp html
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00015.tmp html
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0000\opr00014.tmp html
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00012.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0000\opr00011.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0000\opr00016.tmp image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0000\opr0000Z.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr523C.tmp ––
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\78922692-3601-de42-ac06-e30a85bf5633.png image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\db8a2a05-cf67-924d-aebe-4f3590c88d40.png image
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\g_0000\opr0000Y.tmp compressed
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr4664.tmp ––
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprD71.tmp ––
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprFDDF.tmp ––
2996 opera.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF20faa0.TMP binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\358MFZFREC7IO4JTASI2.temp ––
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000X.tmp html
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000W.tmp html
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat binary
2996 opera.exe C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000V.tmp xml
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat binary
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml xml
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\oprEF29.tmp ––
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win text
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprEED8.tmp ––
2996 opera.exe C:\Users\admin\AppData\Roaming\Opera\Opera\oprEED9.tmp ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
122
TCP/UDP connections
215
DNS requests
43
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2996 opera.exe GET 302 162.255.119.170:80 http://wintercold.info/ US
html
unknown
2996 opera.exe GET 400 185.26.182.93:80 http://sitecheck2.opera.com/?host=wintercold.info&hdn=XTDyhh/ssmaokQ1oX8sR%2Bw== unknown
html
whitelisted
2996 opera.exe GET 200 66.225.197.197:80 http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl US
der
whitelisted
2996 opera.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAOXQPQlVpLtFek%2BmcpabOk%3D US
der
whitelisted
2996 opera.exe GET 200 198.54.117.211:80 http://www.wintercold.info/ US
html
malicious
2996 opera.exe GET 200 13.32.223.230:80 http://i.cdnpark.com/themes/registrar/style_namecheap.css US
text
whitelisted
2996 opera.exe GET 200 13.32.223.230:80 http://i.cdnpark.com/themes/assets/style.css US
text
whitelisted
2996 opera.exe GET 200 185.53.179.29:80 http://parkingcrew.net/jsparkcaf.php?regcn=243142&_v=2&_h=www.wintercold.info&_t=1549875181650 DE
html
malicious
2996 opera.exe GET 200 172.217.18.100:80 http://www.google.com/adsense/domains/caf.js US
text
whitelisted
2996 opera.exe GET 200 13.32.223.230:80 http://i.cdnpark.com/themes/registrar/images/logo_namecheap.png US
image
whitelisted
2996 opera.exe GET 200 185.53.178.30:80 http://js.parkingcrew.net/assets/scripts/jsparkcaf.js DE
text
suspicious
2996 opera.exe GET 200 185.53.178.30:80 http://js.parkingcrew.net/track.php?domain=wintercold.info&toggle=browserjs&uid=MTU0OTg3NTIwMi43NzY1OjEzNDRhYjNiNTUxNGIyNmRmNWJkMjlhZjkxMjJkOWU0NGNiMTg5MWYxMTFjNTUyMzE0YWFlYjhkN2VkNWVmOWI6NWM2MTM4MDJiZDk0MQ%3D%3D DE
binary
suspicious
2996 opera.exe GET 200 185.53.178.30:80 http://js.parkingcrew.net/assets/scripts/registrar-caf/243142.js DE
text
suspicious
2996 opera.exe GET –– 198.54.117.211:80 http://www.wintercold.info/favicon.ico US
––
––
malicious
2996 opera.exe GET 200 172.217.18.100:80 http://www.google.com/afs/ads/i/iframe.html US
html
whitelisted
2996 opera.exe GET 200 172.217.18.100:80 http://www.google.com/dp/ads?max_radlink_len=40&r=m&client=dp-teaminternet09_3ph&channel=bucket044&hl=en&adtest=off&type=3&pcsa=false&optimize_terms=on&swp=as-drid-2744431292869648&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r10%7Cs&num=0&output=afd_ads&domain_name=www.wintercold.info&v=3&adext=as1%2Csr1&bsl=8&u_his=1&u_tz=0&dt=1549875203215&u_w=1280&u_h=720&biw=1280&bih=591&psw=1280&psh=309&frm=0&uio=ff2sa16fa2sl1sr1-st22sa14lt33-&jsv=10510&rurl=http%3A%2F%2Fwww.wintercold.info%2F US
html
whitelisted
2996 opera.exe GET 200 172.217.18.113:80 http://survey.g.doubleclick.net/async_survey?site=kv4ic6olrzkr6 US
text
whitelisted
2996 opera.exe GET 200 216.58.207.67:80 http://www.gstatic.com/domainads/tracking/caf.gif?ts=1549875203212&rid=5278498 US
image
whitelisted
2996 opera.exe GET 200 172.217.18.113:80 http://survey.g.doubleclick.net/insights/consumersurveys/static/415984757911223668/prompt_embed_static.js US
text
whitelisted
2996 opera.exe GET 200 185.53.178.30:80 http://js.parkingcrew.net/track.php?domain=wintercold.info&caf=1&toggle=answercheck&answer=yes&uid=MTU0OTg3NTIwMi43NzY1OjEzNDRhYjNiNTUxNGIyNmRmNWJkMjlhZjkxMjJkOWU0NGNiMTg5MWYxMTFjNTUyMzE0YWFlYjhkN2VkNWVmOWI6NWM2MTM4MDJiZDk0MQ%3D%3D DE
binary
suspicious
2996 opera.exe GET –– 198.54.117.211:80 http://www.wintercold.info/favicon.ico US
––
––
malicious
2996 opera.exe GET 200 172.217.16.161:80 http://afs.googleusercontent.com/dp-teaminternet/arr_de3723.png US
image
shared
2996 opera.exe GET 200 172.217.16.131:80 http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCHVBcORwbOiu US
der
whitelisted
2996 opera.exe GET 200 172.217.16.131:80 http://crl.pki.goog/gsr2/gsr2.crl US
der
whitelisted
2996 opera.exe GET 200 172.217.16.131:80 http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCDJJsUy%2F0gFW US
der
whitelisted
2996 opera.exe GET 200 172.217.16.131:80 http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCF1I5hik%2FNoa US
der
whitelisted
2996 opera.exe GET 200 172.217.18.113:80 http://survey.g.doubleclick.net/gk/prompt?t=a&site=kv4ic6olrzkr6&random=1549875203827&ref&token=NT US
binary
whitelisted
2996 opera.exe GET –– 198.54.117.211:80 http://www.wintercold.info/favicon.ico US
––
––
malicious
2996 opera.exe GET –– 198.54.117.211:80 http://www.wintercold.info/favicon.ico US
––
––
malicious
2996 opera.exe GET –– 198.54.117.211:80 http://www.wintercold.info/favicon.ico US
––
––
malicious
2996 opera.exe GET 302 185.26.182.110:80 http://redir.opera.com/speeddials/booking.com unknown
––
––
whitelisted
2996 opera.exe GET 302 185.26.182.110:80 http://redir.opera.com/speeddials/amazon/ unknown
––
––
whitelisted
2996 opera.exe GET 302 185.26.182.110:80 http://redir.opera.com/speeddials/shopping/de unknown
––
––
whitelisted
2996 opera.exe GET 302 185.26.182.110:80 http://redir.opera.com/speeddials/previews/booking/uk unknown
––
––
whitelisted
2996 opera.exe GET 302 185.26.182.110:80 http://redir.opera.com/speeddials/previews/shopping/de unknown
––
––
whitelisted
2996 opera.exe GET 301 13.32.217.242:80 http://www.amazon.co.uk/?tag=opspeeddial-21 US
html
whitelisted
2996 opera.exe GET 200 185.26.182.110:80 http://redir.opera.com/previews/shopping/de/index.html unknown
html
whitelisted
2996 opera.exe GET 200 185.26.182.110:80 http://redir.opera.com/previews/booking/uk/index.html unknown
html
whitelisted
2996 opera.exe GET 200 185.26.182.110:80 http://redir.opera.com/previews/booking/uk/sd.png unknown
binary
whitelisted
2996 opera.exe GET 200 185.26.182.110:80 http://redir.opera.com/favicon.ico unknown
image
whitelisted
2996 opera.exe GET 200 185.26.182.110:80 http://redir.opera.com/previews/booking/uk/icon.png unknown
binary
whitelisted
2996 opera.exe GET 200 185.26.182.110:80 http://redir.opera.com/previews/shopping/de/large.png unknown
binary
whitelisted
2996 opera.exe GET 200 185.26.182.110:80 http://redir.opera.com/previews/shopping/de/medium.png unknown
binary
whitelisted
2996 opera.exe GET 200 66.225.197.197:80 http://crl4.digicert.com/DigiCertGlobalRootG2.crl US
der
whitelisted
2996 opera.exe GET 200 93.184.220.29:80 http://s.symcb.com/pca3-g5.crl US
der
whitelisted
2996 opera.exe GET 200 13.32.222.176:80 http://crl.rootg2.amazontrust.com/rootg2.crl US
der
whitelisted
2996 opera.exe GET 200 13.32.222.193:80 http://s.ss2.us/r.crl US
der
whitelisted
2996 opera.exe GET 200 13.32.222.46:80 http://crl.rootca1.amazontrust.com/rootca1.crl US
der
whitelisted
2996 opera.exe GET 200 13.32.222.162:80 http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAnjJftXxKNryFeFVHpOfwQ%3D US
der
whitelisted
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/ RU
html
unknown
2996 opera.exe GET 200 172.217.16.131:80 http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCCnPI9sx8Pi2 US
der
whitelisted
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/modules/mod_zt_visitor_counter/assets/css/zt_visitor_counter.css RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/logo-mob.png RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/modules/mod_sj_flat_menu/assets/images/icon_active.png RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/thumbnails/images/NEWS/220119-fill-342x191.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/banners/kad_inj.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/icon/es-icon06.png RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/icon/es_icon16.png RU
––
––
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/icon/eecf7d70e497e08bfb44f3b55eba5101.jpg RU
image
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/thumbnails/images/NEWS/IMG_7602-fill-342x257.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/templates/protostar/favicon.ico RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/templates/protostar/css/template.css?7adfc5451d3bf8e24c7fb6dd6ff4ed18 RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/plugins/content/jllike/js/buttons.js?5 RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/modules/mod_sj_flat_menu/assets/css/styles-responsive.css RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/templates/protostar/js/template.js?7adfc5451d3bf8e24c7fb6dd6ff4ed18 RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/modules/mod_zt_visitor_counter/assets/style/-1.css RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/ban01.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/media/plg_content_mavikthumbnails/magnific/magnific-popup.css RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/media/jui/js/jquery-migrate.min.js?7adfc5451d3bf8e24c7fb6dd6ff4ed18 RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/media/jui/js/bootstrap.min.js?7adfc5451d3bf8e24c7fb6dd6ff4ed18 RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/thumbnails/images/NEWS/adm_zdanie-fill-342x227.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/modules/mod_news_pro_gk5/tmpl/portal_modes/bikestore_slider/style.css RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/modules/mod_sj_flat_menu/assets/css/styles.css RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/media/system/js/caption.js?7adfc5451d3bf8e24c7fb6dd6ff4ed18 RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/modules/mod_news_pro_gk5/tmpl/portal_modes/bikestore_slider/script.jquery.js RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/plugins/content/jllike/js/buttons.css?2 RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/icon/es_icon18.png RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/modules/mod_zt_visitor_counter/assets/digit/-1.css RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/media/jui/js/jquery-noconflict.js?7adfc5451d3bf8e24c7fb6dd6ff4ed18 RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/media/plg_content_mavikthumbnails/magnific/jquery.magnific-popup.min.js RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/thumbnails/images/NEWS/zaglushki/1-fill-342x227.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/icon/6f60d5b776bbf0f43cb78d5172479232.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/media/jui/js/jquery.min.js?7adfc5451d3bf8e24c7fb6dd6ff4ed18 RU
––
––
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/media/plg_content_mavikthumbnails/js/hover.js RU
text
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/icon/es-icon03.png RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/banners/rab_grup.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/banners/zak.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/icon/es-icon02.png RU
––
––
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/banners/RR.png RU
image
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/icon/mfc_logo.png RU
image
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/icon/es-icon04.png RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/banners/el_priem.png RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/banners/mosh.jpg RU
––
––
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/icon/es-icon01.png RU
––
––
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/icon/geo_logo.png RU
image
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/icon/657ff96cd6_banner.jpg RU
image
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/images/icon/es_icon19.png RU
––
––
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/icon/eecf7d70e497e08bfb44f3b55eba5101.jpg RU
image
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/icon/es_icon16.png RU
image
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/icon/geo_logo.png RU
image
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/icon/es-icon06.png RU
image
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/icon/es-icon04.png RU
image
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/media/jui/fonts/IcoMoon.woff RU
woff
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/images/banners/kad_inj.jpg RU
image
unknown
2996 opera.exe GET 200 172.217.23.142:80 http://www.google-analytics.com/analytics.js US
text
whitelisted
2996 opera.exe GET 200 172.217.23.142:80 http://www.google-analytics.com/r/collect?v=1&_v=j73&a=1565207364&t=pageview&_s=1&dl=http%3A%2F%2Fstavreg.ru%2F&ul=en&de=utf-8&dt=%D0%A3%D0%BF%D1%80%D0%B0%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%A0%D0%BE%D1%81%D1%80%D0%B5%D0%B5%D1%81%D1%82%D1%80%D0%B0%20%D0%BF%D0%BE%20%D0%A1%D1%82%D0%B0%D0%B2%D1%80%D0%BE%D0%BF%D0%BE%D0%BB%D1%8C%D1%81%D0%BA%D0%BE%D0%BC%D1%83%20%D0%BA%D1%80%D0%B0%D1%8E%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20%D1%81%D1%82%D1%80%D0%B0%D0%BD%D0%B8%D1%86%D0%B0&sd=32-bit&sr=1280x720&vp=1264x591&je=1&fl=26.0%20r0&_u=IEBAAEQ~&jid=2069235037&gjid=1208453625&cid=1094013135.1549875226&tid=UA-68213879-1&_gid=857810374.1549875226&_r=1&z=1108026711 US
image
whitelisted
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/modules/mod_zt_visitor_counter/assets/style/default.png RU
––
––
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/modules/mod_news_pro_gk5/interface/images/bikestore_slider_interface.png RU
image
unknown
2996 opera.exe GET –– 77.39.8.33:80 http://stavreg.ru/nullhttp%3A%2F%2Fstavreg.ru%2Findex.php%2Fpress-sluzhba%2Fnovosti%2F1043-rabota-komissii-po-rassmotreniyu-sporov-o-rezultatah-opredeleniya-kadastrovoy-stoimosti-19?callback=jQuery11240492500529921707_1549875221755&_=1549875221756 RU
––
––
unknown
2996 opera.exe GET 403 77.39.8.33:80 http://stavreg.ru/nullhttp%3A%2F%2Fstavreg.ru%2Findex.php%2Fpress-sluzhba%2Fnovosti%2F1040-o-neobhodimosti-vneseniya-v-egrn-svedeniy-o-granicah-naselennyh-punktov-5?callback=jQuery11240492500529921707_1549875221785&_=1549875221786 RU
xml
unknown
2996 opera.exe GET 200 77.39.8.33:80 http://stavreg.ru/nullhttp%3A%2F%2Fstavreg.ru%2Findex.php%2Fpress-sluzhba%2Fnovosti%2F1041-rezultaty-osuschestvleniya-gosudarstvennogo-zemelnogo-nadzora-v-2018-godu?callback=jQuery11240492500529921707_1549875221775&_=1549875221776 RU
image
unknown
2996 opera.exe POST 200 77.39.8.33:80 http://stavreg.ru/plugins/content/jllike/models/ajax.php RU
text
binary
unknown
2996 opera.exe GET 403 77.39.8.33:80 http://stavreg.ru/nullhttp%3A%2F%2Fstavreg.ru%2Findex.php%2Fpress-sluzhba%2Fnovosti%2F1042-ob-izmeneniyah-v-zakone-o-sadovodstve-i-ogorodnichestve?callback=jQuery11240492500529921707_1549875221765&_=1549875221766 RU
xml
unknown
2996 opera.exe POST 200 77.39.8.33:80 http://stavreg.ru/plugins/content/jllike/models/ajax.php RU
text
binary
unknown
2996 opera.exe POST 200 77.39.8.33:80 http://stavreg.ru/plugins/content/jllike/models/ajax.php RU
text
binary
unknown
2996 opera.exe POST 200 77.39.8.33:80 http://stavreg.ru/plugins/content/jllike/models/ajax.php RU
text
binary
unknown
2996 opera.exe GET 200 104.18.20.226:80 http://crl.globalsign.net/root.crl US
der
whitelisted
2996 opera.exe GET 200 93.184.220.29:80 http://crl3.digicert.com/DigiCertGlobalRootCA.crl US
der
whitelisted
2996 opera.exe GET 200 104.18.20.226:80 http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDDyctXofSIyNofdpTg%3D%3D US
der
whitelisted
2996 opera.exe GET 200 93.184.220.29:80 http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEA9Fw%2BeisXO35WtYpu%2BqoDw%3D US
der
whitelisted
2996 opera.exe GET 200 93.184.220.29:80 http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAoNiMJEWdlALdH24voK6OQ%3D US
der
whitelisted
2996 opera.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAgKV2C1I4lhigT5Rmn1HnM%3D US
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2996 opera.exe 162.255.119.170:80 Namecheap, Inc. US unknown
2996 opera.exe 82.145.215.40:443 Opera Software AS –– whitelisted
2996 opera.exe 185.26.182.93:80 Opera Software AS –– unknown
2996 opera.exe 66.225.197.197:80 CacheNetworks, Inc. US whitelisted
2996 opera.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2996 opera.exe 198.54.117.211:80 Namecheap, Inc. US malicious
2996 opera.exe 13.32.223.230:80 Amazon.com, Inc. US unknown
2996 opera.exe 185.53.179.29:80 Team Internet AG DE malicious
2996 opera.exe 172.217.18.100:80 Google Inc. US whitelisted
2996 opera.exe 185.53.178.30:80 Team Internet AG DE suspicious
2996 opera.exe 216.58.207.67:80 Google Inc. US whitelisted
2996 opera.exe 172.217.18.113:80 Google Inc. US unknown
2996 opera.exe 216.58.207.66:443 Google Inc. US whitelisted
2996 opera.exe 172.217.18.100:443 Google Inc. US whitelisted
2996 opera.exe 172.217.16.161:80 Google Inc. US whitelisted
2996 opera.exe 172.217.16.131:80 Google Inc. US whitelisted
2996 opera.exe 185.26.182.110:80 Opera Software AS –– unknown
2996 opera.exe 13.32.217.242:80 Amazon.com, Inc. US unknown
2996 opera.exe 13.32.217.242:443 Amazon.com, Inc. US unknown
2996 opera.exe 143.204.6.192:443 US unknown
2996 opera.exe 52.31.0.178:443 Amazon.com, Inc. IE unknown
2996 opera.exe 13.32.222.176:80 Amazon.com, Inc. US whitelisted
2996 opera.exe 13.32.222.193:80 Amazon.com, Inc. US unknown
2996 opera.exe 13.32.222.46:80 Amazon.com, Inc. US whitelisted
2996 opera.exe 13.32.222.162:80 Amazon.com, Inc. US whitelisted
2996 opera.exe 77.39.8.33:80 PJSC Rostelecom RU unknown
2996 opera.exe 52.94.218.7:443 Amazon.com, Inc. IE whitelisted
2996 opera.exe 216.58.208.42:443 Google Inc. US whitelisted
2996 opera.exe 54.239.36.249:443 Amazon.com, Inc. IE unknown
2996 opera.exe 172.217.23.142:80 Google Inc. US whitelisted
2996 opera.exe 31.13.90.2:443 Facebook, Inc. IE whitelisted
2996 opera.exe 87.240.131.132:443 VKontakte Ltd RU unknown
2996 opera.exe 94.100.180.55:443 Limited liability company Mail.Ru RU unknown
2996 opera.exe 217.20.147.3:443 Limited liability company Mail.Ru RU unknown
2996 opera.exe 87.240.190.67:443 VKontakte Ltd RU unknown
2996 opera.exe 217.20.155.208:443 Limited liability company Mail.Ru RU unknown
2996 opera.exe 104.18.20.226:80 Cloudflare Inc US shared
2996 opera.exe 104.18.21.226:80 Cloudflare Inc US shared
–– –– 54.229.26.125:443 Amazon.com, Inc. IE unknown
–– –– 52.95.117.163:443 Amazon.com, Inc. IE unknown

DNS requests

Domain IP Reputation
wintercold.info 162.255.119.170
unknown
sitecheck2.opera.com 185.26.182.93
185.26.182.94
185.26.182.111
185.26.182.112
whitelisted
certs.opera.com 82.145.215.40
whitelisted
crl4.digicert.com 66.225.197.197
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
www.wintercold.info 198.54.117.211
198.54.117.217
198.54.117.212
198.54.117.218
198.54.117.216
198.54.117.215
198.54.117.210
unknown
parkingcrew.net 185.53.179.29
malicious
i.cdnpark.com 13.32.223.230
13.32.223.242
13.32.223.103
13.32.223.57
whitelisted
dns.msftncsi.com 131.107.255.255
whitelisted
www.google.com 172.217.18.100
whitelisted
js.parkingcrew.net 185.53.178.30
suspicious
www.gstatic.com 216.58.207.67
whitelisted
survey.g.doubleclick.net 172.217.18.113
whitelisted
adservice.google.com 216.58.207.66
whitelisted
adservice.google.co.uk 216.58.207.66
whitelisted
afs.googleusercontent.com 172.217.16.161
shared
ocsp.pki.goog 172.217.16.131
whitelisted
crl.pki.goog 172.217.16.131
whitelisted
redir.opera.com 185.26.182.110
185.26.182.109
whitelisted
www.amazon.co.uk 13.32.217.242
whitelisted
s.symcb.com 93.184.220.29
whitelisted
images-eu.ssl-images-amazon.com 143.204.6.192
unknown
m.media-amazon.com 143.204.6.192
unknown
fls-eu.amazon.co.uk 52.31.0.178
54.229.26.125
34.242.8.199
34.241.83.133
52.211.85.75
52.209.42.106
34.242.237.183
54.246.129.158
whitelisted
s.ss2.us 13.32.222.193
13.32.222.55
13.32.222.60
13.32.222.126
whitelisted
crl.rootg2.amazontrust.com 13.32.222.176
13.32.222.46
13.32.222.70
13.32.222.111
whitelisted
crl.rootca1.amazontrust.com 13.32.222.46
13.32.222.111
13.32.222.176
13.32.222.70
whitelisted
ocsp.sca1b.amazontrust.com 13.32.222.162
13.32.222.146
13.32.222.181
13.32.222.139
whitelisted
aax-eu.amazon-adsystem.com 52.94.218.7
whitelisted
stavreg.ru 77.39.8.33
unknown
fonts.googleapis.com 216.58.208.42
whitelisted
unagi-eu.amazon.com 54.239.36.249
whitelisted
www.google-analytics.com 172.217.23.142
whitelisted
graph.facebook.com 31.13.90.2
whitelisted
vk.com 87.240.131.132
87.240.190.67
87.240.129.71
87.240.180.136
87.240.129.133
whitelisted
connect.ok.ru 217.20.147.3
217.20.155.208
217.20.152.207
whitelisted
connect.mail.ru 94.100.180.55
whitelisted
ocsp2.globalsign.com 104.18.20.226
104.18.21.226
whitelisted
crl.globalsign.net 104.18.20.226
104.18.21.226
whitelisted
crl3.digicert.com 93.184.220.29
whitelisted
status.geotrust.com 93.184.220.29
whitelisted
coin-eu.amazonpay.com 52.95.117.163
unknown

Threats

No threats detected.

Debug output strings

No debug info.