URL:

https://kiddions-modmenu.com/de.html

Full analysis: https://app.any.run/tasks/c7bc960d-db28-427c-bcdc-af15bb3b512b
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: September 13, 2025, 21:52:01
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
obfuscated-js
websocket
evasion
stealer
opera
tool
anti-evasion
Indicators:
MD5:

C0B8AFF640056B256DC4CF86A0AB5F6F

SHA1:

0A6AECCBEE272EAB72CFA4A0C44D42727A40ADA1

SHA256:

A6B2CCEFE4C12888D00F439D31F00BDF1134E596521B7499CC617BEC15265921

SSDEEP:

3:N8J3XIK/LxLLD0:2ZI4LQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • setup.exe (PID: 8752)
      • opera_crashreporter.exe (PID: 2384)
      • opera_crashreporter.exe (PID: 9032)
      • opera.exe (PID: 6240)
      • opera_crashreporter.exe (PID: 2028)
      • browser_assistant.exe (PID: 2280)
      • opera.exe (PID: 7160)
      • opera.exe (PID: 8276)
      • opera_autoupdate.exe (PID: 9820)
      • opera_autoupdate.exe (PID: 7976)

    • Steals credentials from Web Browsers

      • setup.exe (PID: 8752)
      • setup.exe (PID: 5684)
      • assistant_installer.exe (PID: 3148)
      • assistant_installer.exe (PID: 6388)
      • setup.exe (PID: 7660)
      • setup.exe (PID: 7348)
      • installer.exe (PID: 4476)
      • assistant_installer.exe (PID: 5464)
      • installer.exe (PID: 6260)
      • assistant_installer.exe (PID: 2304)
      • assistant_installer.exe (PID: 8952)
      • assistant_installer.exe (PID: 4448)
      • opera_crashreporter.exe (PID: 9032)
      • opera.exe (PID: 6012)
      • opera_crashreporter.exe (PID: 2384)
      • opera.exe (PID: 6240)
      • opera_crashreporter.exe (PID: 2028)
      • opera.exe (PID: 6936)
      • opera.exe (PID: 7236)
      • opera_crashreporter.exe (PID: 8872)
      • opera_crashreporter.exe (PID: 6676)
      • browser_assistant.exe (PID: 2280)
      • browser_assistant.exe (PID: 8348)
      • opera.exe (PID: 1868)
      • opera_crashreporter.exe (PID: 7000)
      • opera_crashreporter.exe (PID: 7536)
      • opera.exe (PID: 7436)
      • opera.exe (PID: 7160)
      • opera.exe (PID: 8276)
      • installer.exe (PID: 9788)
      • installer.exe (PID: 10084)
      • opera_autoupdate.exe (PID: 10104)
      • opera_autoupdate.exe (PID: 10116)
      • opera_autoupdate.exe (PID: 7976)
      • opera_autoupdate.exe (PID: 9820)

    • Changes the autorun value in the registry

      • assistant_installer.exe (PID: 5464)
      • opera.exe (PID: 6240)
      • opera.exe (PID: 7160)

  • SUSPICIOUS

    • Checks for external IP

      • svchost.exe (PID: 2200)

    • Executable content was dropped or overwritten

      • OperaSetup.exe (PID: 4032)
      • setup.exe (PID: 5684)
      • setup.exe (PID: 8752)
      • setup.exe (PID: 2040)
      • Assistant_122.0.5643.17_Setup.exe_sfx.exe (PID: 7600)
      • setup.exe (PID: 7348)
      • setup.exe (PID: 7660)
      • installer.exe (PID: 4476)
      • installer.exe (PID: 6260)
      • assistant_installer.exe (PID: 5464)
      • installer.exe (PID: 9788)
      • installer.exe (PID: 10084)
      • opera_autoupdate.exe (PID: 10104)
      • installer.exe (PID: 9668)

    • Application launched itself

      • setup.exe (PID: 8752)
      • assistant_installer.exe (PID: 6388)
      • setup.exe (PID: 7348)
      • installer.exe (PID: 6260)
      • assistant_installer.exe (PID: 5464)
      • assistant_installer.exe (PID: 4448)
      • browser_assistant.exe (PID: 2280)
      • opera.exe (PID: 6240)
      • opera.exe (PID: 7160)
      • opera_autoupdate.exe (PID: 10104)
      • installer.exe (PID: 9788)
      • opera_autoupdate.exe (PID: 7976)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 8752)
      • installer.exe (PID: 6260)
      • browser_assistant.exe (PID: 2280)

    • Starts itself from another location

      • setup.exe (PID: 8752)
      • assistant_installer.exe (PID: 5464)

    • Process drops legitimate windows executable

      • Assistant_122.0.5643.17_Setup.exe_sfx.exe (PID: 7600)
      • assistant_installer.exe (PID: 5464)

    • There is functionality for taking screenshot (YARA)

      • setup.exe (PID: 8752)

    • Searches for installed software

      • installer.exe (PID: 6260)
      • browser_assistant.exe (PID: 2280)

    • Creates a software uninstall entry

      • installer.exe (PID: 6260)

    • Reads the date of Windows installation

      • installer.exe (PID: 6260)
      • opera.exe (PID: 7160)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 7160)

    • The process checks if it is being run in the virtual environment

      • opera.exe (PID: 7160)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 10104)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 2680)
      • firefox.exe (PID: 4444)
      • firefox.exe (PID: 8948)
      • firefox.exe (PID: 2996)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 2680)
      • firefox.exe (PID: 2996)

    • Checks proxy server information

      • slui.exe (PID: 8688)
      • setup.exe (PID: 8752)
      • opera.exe (PID: 6240)
      • opera.exe (PID: 7160)
      • browser_assistant.exe (PID: 2280)
      • opera_autoupdate.exe (PID: 7976)
      • opera_autoupdate.exe (PID: 10104)

    • Reads the software policy settings

      • slui.exe (PID: 8688)
      • setup.exe (PID: 8752)
      • installer.exe (PID: 6260)
      • browser_assistant.exe (PID: 2280)

    • Manual execution by a user

      • firefox.exe (PID: 8948)

    • Create files in a temporary directory

      • OperaSetup.exe (PID: 4032)
      • setup.exe (PID: 5684)
      • setup.exe (PID: 2040)
      • setup.exe (PID: 8752)
      • setup.exe (PID: 7348)
      • Assistant_122.0.5643.17_Setup.exe_sfx.exe (PID: 7600)
      • setup.exe (PID: 7660)
      • installer.exe (PID: 6260)
      • installer.exe (PID: 4476)
      • opera.exe (PID: 6240)
      • opera.exe (PID: 7160)
      • installer.exe (PID: 9788)
      • installer.exe (PID: 10084)
      • opera_autoupdate.exe (PID: 10104)
      • installer.exe (PID: 9668)

    • Checks supported languages

      • setup.exe (PID: 8752)
      • OperaSetup.exe (PID: 4032)
      • setup.exe (PID: 5684)
      • setup.exe (PID: 2040)
      • assistant_installer.exe (PID: 6388)
      • assistant_installer.exe (PID: 3148)
      • setup.exe (PID: 7348)
      • Assistant_122.0.5643.17_Setup.exe_sfx.exe (PID: 7600)
      • setup.exe (PID: 7660)
      • installer.exe (PID: 4476)
      • installer.exe (PID: 6260)
      • assistant_installer.exe (PID: 2304)
      • assistant_installer.exe (PID: 5464)
      • assistant_installer.exe (PID: 4448)
      • assistant_installer.exe (PID: 8952)
      • opera.exe (PID: 6240)
      • browser_assistant.exe (PID: 2280)
      • opera.exe (PID: 6012)
      • opera_crashreporter.exe (PID: 9032)
      • opera_crashreporter.exe (PID: 2384)
      • browser_assistant.exe (PID: 8348)
      • opera.exe (PID: 6936)
      • opera.exe (PID: 5564)
      • opera.exe (PID: 6216)
      • opera_crashreporter.exe (PID: 2028)
      • opera.exe (PID: 6068)
      • opera.exe (PID: 7236)
      • opera.exe (PID: 1868)
      • opera_crashreporter.exe (PID: 8872)
      • opera_crashreporter.exe (PID: 6676)
      • opera.exe (PID: 7160)
      • opera_crashreporter.exe (PID: 7000)
      • opera.exe (PID: 7436)
      • opera.exe (PID: 8276)
      • opera.exe (PID: 7928)
      • opera.exe (PID: 8660)
      • opera.exe (PID: 9000)
      • opera.exe (PID: 8284)
      • opera.exe (PID: 8056)
      • opera.exe (PID: 8504)
      • opera.exe (PID: 1052)
      • opera.exe (PID: 8476)
      • opera.exe (PID: 5372)
      • opera.exe (PID: 3148)
      • opera_gx_splash.exe (PID: 7368)
      • opera.exe (PID: 3636)
      • opera.exe (PID: 3872)
      • opera.exe (PID: 7196)
      • opera.exe (PID: 7656)
      • opera.exe (PID: 8524)
      • opera.exe (PID: 7220)
      • opera.exe (PID: 5244)
      • opera.exe (PID: 2964)
      • opera.exe (PID: 6232)
      • opera.exe (PID: 1100)
      • opera.exe (PID: 4680)
      • opera.exe (PID: 3836)
      • opera.exe (PID: 9232)
      • opera.exe (PID: 3872)
      • opera.exe (PID: 9240)
      • opera.exe (PID: 1288)
      • opera.exe (PID: 9020)
      • opera.exe (PID: 2320)
      • opera.exe (PID: 4500)
      • opera.exe (PID: 6384)
      • opera.exe (PID: 8560)
      • opera.exe (PID: 9288)
      • opera.exe (PID: 9296)
      • opera.exe (PID: 7516)
      • opera.exe (PID: 9224)
      • opera.exe (PID: 9308)
      • opera.exe (PID: 10040)
      • opera.exe (PID: 7812)
      • opera.exe (PID: 9728)
      • opera.exe (PID: 9652)
      • opera.exe (PID: 9796)
      • opera.exe (PID: 9940)
      • opera_crashreporter.exe (PID: 7536)
      • opera.exe (PID: 9528)
      • installer.exe (PID: 9788)
      • opera_autoupdate.exe (PID: 10104)
      • opera_autoupdate.exe (PID: 10116)
      • installer.exe (PID: 10084)
      • opera_autoupdate.exe (PID: 9820)
      • opera.exe (PID: 7492)
      • opera.exe (PID: 9696)
      • opera.exe (PID: 10220)
      • opera.exe (PID: 5928)
      • opera.exe (PID: 8476)
      • opera.exe (PID: 9636)
      • opera_autoupdate.exe (PID: 7976)
      • opera.exe (PID: 9480)
      • opera.exe (PID: 9316)
      • opera.exe (PID: 9748)
      • opera.exe (PID: 5020)
      • opera.exe (PID: 9440)
      • opera.exe (PID: 1236)
      • opera.exe (PID: 8616)
      • opera.exe (PID: 7588)
      • opera.exe (PID: 9588)
      • opera.exe (PID: 9824)
      • opera.exe (PID: 8552)
      • installer.exe (PID: 9668)

    • The sample compiled with english language support

      • OperaSetup.exe (PID: 4032)
      • setup.exe (PID: 2040)
      • setup.exe (PID: 5684)
      • setup.exe (PID: 8752)
      • Assistant_122.0.5643.17_Setup.exe_sfx.exe (PID: 7600)
      • setup.exe (PID: 7348)
      • setup.exe (PID: 7660)
      • installer.exe (PID: 6260)
      • installer.exe (PID: 4476)
      • assistant_installer.exe (PID: 5464)
      • installer.exe (PID: 9788)
      • installer.exe (PID: 10084)
      • opera_autoupdate.exe (PID: 10104)
      • installer.exe (PID: 9668)
      • firefox.exe (PID: 2996)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 2996)

    • Reads the computer name

      • setup.exe (PID: 8752)
      • assistant_installer.exe (PID: 6388)
      • setup.exe (PID: 7348)
      • installer.exe (PID: 6260)
      • assistant_installer.exe (PID: 5464)
      • assistant_installer.exe (PID: 4448)
      • opera.exe (PID: 6240)
      • browser_assistant.exe (PID: 2280)
      • opera.exe (PID: 6012)
      • opera.exe (PID: 6936)
      • opera.exe (PID: 5564)
      • opera.exe (PID: 6216)
      • opera.exe (PID: 7160)
      • opera.exe (PID: 1868)
      • opera.exe (PID: 7436)
      • opera.exe (PID: 9000)
      • opera.exe (PID: 8276)
      • opera_gx_splash.exe (PID: 7368)
      • opera.exe (PID: 7236)
      • opera.exe (PID: 10040)
      • installer.exe (PID: 9788)
      • opera_autoupdate.exe (PID: 10104)
      • opera_autoupdate.exe (PID: 7976)

    • Creates files or folders in the user directory

      • setup.exe (PID: 5684)
      • setup.exe (PID: 8752)
      • setup.exe (PID: 7348)
      • installer.exe (PID: 6260)
      • assistant_installer.exe (PID: 5464)
      • opera.exe (PID: 6240)
      • opera.exe (PID: 7160)
      • opera.exe (PID: 8276)
      • opera_autoupdate.exe (PID: 9820)
      • opera_autoupdate.exe (PID: 7976)
      • browser_assistant.exe (PID: 2280)
      • opera_autoupdate.exe (PID: 10104)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 8752)
      • installer.exe (PID: 6260)
      • opera.exe (PID: 6240)
      • opera.exe (PID: 7160)
      • browser_assistant.exe (PID: 2280)
      • opera_autoupdate.exe (PID: 10104)
      • opera_autoupdate.exe (PID: 10116)
      • opera_autoupdate.exe (PID: 9820)
      • opera_autoupdate.exe (PID: 7976)

    • Launching a file from a Registry key

      • assistant_installer.exe (PID: 5464)
      • opera.exe (PID: 6240)
      • opera.exe (PID: 7160)

    • Process checks computer location settings

      • opera.exe (PID: 6240)
      • opera.exe (PID: 7160)
      • opera.exe (PID: 3148)
      • opera.exe (PID: 3872)
      • opera.exe (PID: 3636)
      • opera.exe (PID: 7196)
      • opera.exe (PID: 8524)
      • opera.exe (PID: 7656)
      • opera.exe (PID: 9288)
      • opera.exe (PID: 9296)
      • opera.exe (PID: 7812)
      • opera.exe (PID: 9528)
      • opera.exe (PID: 9940)
      • opera.exe (PID: 9636)
      • opera.exe (PID: 9480)
      • opera.exe (PID: 1236)
      • opera.exe (PID: 9588)
      • opera.exe (PID: 7588)

    • OPERA mutex has been found

      • opera.exe (PID: 6240)
      • opera.exe (PID: 7160)
      • browser_assistant.exe (PID: 2280)
      • opera_autoupdate.exe (PID: 7976)
      • opera_autoupdate.exe (PID: 10104)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
297
Monitored processes
152
Malicious processes
20
Suspicious processes
17

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs operasetup.exe setup.exe setup.exe setup.exe assistant_122.0.5643.17_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe setup.exe setup.exe installer.exe installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe browser_assistant.exe opera.exe opera.exe opera_crashreporter.exe opera_crashreporter.exe browser_assistant.exe opera.exe opera.exe no specs opera.exe no specs opera_crashreporter.exe opera.exe no specs opera.exe opera_crashreporter.exe opera.exe opera.exe opera_crashreporter.exe opera_crashreporter.exe opera.exe opera_crashreporter.exe opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_gx_splash.exe no specs unsecapp.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe opera.exe no specs opera.exe no specs installer.exe opera_autoupdate.exe opera_autoupdate.exe opera_autoupdate.exe opera_autoupdate.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs installer.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
1052"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-travel-intent=on --with-feature:address-bar-travel-intent-with-destination=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:history-redesign=off --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-content=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:suggestion-redirect-handler=on --with-feature:translator=on --with-feature:vpn-pro-v4-support=on --field-trial-handle=2028,i,14394574272287464038,71263441991781253,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Version:
122.0.5643.17
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\122.0.5643.17\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1100"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-travel-intent=on --with-feature:address-bar-travel-intent-with-destination=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:history-redesign=off --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-content=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:suggestion-redirect-handler=on --with-feature:translator=on --with-feature:vpn-pro-v4-support=on --field-trial-handle=2028,i,14394574272287464038,71263441991781253,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7788 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
122.0.5643.17
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\122.0.5643.17\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1236"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-travel-intent=on --with-feature:address-bar-travel-intent-with-destination=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:history-redesign=off --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-content=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:suggestion-redirect-handler=on --with-feature:translator=on --with-feature:vpn-pro-v4-support=on --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=2028,i,14394574272287464038,71263441991781253,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=9952 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
122.0.5643.17
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\122.0.5643.17\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1288"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-travel-intent=on --with-feature:address-bar-travel-intent-with-destination=on --with-feature:ai-tab-management=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:amazon-bookmarks-tags-update=on --with-feature:amp-requests-stats=on --with-feature:aria-in-tab-view=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:hide-navigations-from-extensions=on --with-feature:history-redesign=off --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-content=off --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:suggestion-redirect-handler=on --with-feature:translator=on --with-feature:vpn-pro-v4-support=on --field-trial-handle=2028,i,14394574272287464038,71263441991781253,262144 --enable-features=CertificateTransparencyAskBeforeEnabling --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7740 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Exit code:
0
Version:
122.0.5643.17
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\122.0.5643.17\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1868"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --streamC:\Users\admin\AppData\Local\Programs\Opera\opera.exe
browser_assistant.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Exit code:
0
Version:
122.0.5643.17
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1948"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6676 -prefsLen 39348 -prefMapHandle 6680 -prefMapSize 272997 -jsInitHandle 6684 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5096 -initialChannelId {51b47ba7-bba7-4dbb-b08b-7cf44135bd5b} -parentPid 2680 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2680" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 14 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1976"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3308 -prefsLen 31090 -prefMapHandle 3312 -prefMapSize 272997 -jsInitHandle 3316 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 3324 -initialChannelId {850c9b2f-ce5e-4be8-8c9c-6c7bf1183cc9} -parentPid 2680 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2680" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2028C:\Users\admin\AppData\Local\Programs\Opera\122.0.5643.17\opera_crashreporter.exe --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=122.0.5643.17 --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2a8,0x7ffc25b79aa0,0x7ffc25b79ab0,0x7ffc25b79ac0C:\Users\admin\AppData\Local\Programs\Opera\122.0.5643.17\opera_crashreporter.exe
opera.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera crash-reporter
Exit code:
0
Version:
122.0.5643.17
Modules
Images
c:\users\admin\appdata\local\programs\opera\122.0.5643.17\opera_crashreporter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2040"C:\Users\admin\AppData\Local\Temp\.opera\76026cd6-f5da-4016-9277-9c3b5823ff67 Opera Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\76026cd6-f5da-4016-9277-9c3b5823ff67 Opera Installer Temp\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Installer
Exit code:
0
Version:
122.0.5643.17
Modules
Images
c:\users\admin\appdata\local\temp\.opera\76026cd6-f5da-4016-9277-9c3b5823ff67 opera installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2128"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5256 -prefsLen 39120 -prefMapHandle 5260 -prefMapSize 273089 -jsInitHandle 5264 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5220 -initialChannelId {fbe4c864-2582-4f87-8806-07cc33a69318} -parentPid 2996 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2996" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
Total events
66 670
Read events
65 652
Write events
1 005
Delete events
13

Modification events

(PID) Process:(2680) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(2996) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(2996) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(8752) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(8752) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(8752) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7348) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera\
(PID) Process:(6260) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera\
(PID) Process:(6260) installer.exeKey:HKEY_CLASSES_ROOT\OperaStable
Operation:writeName:FriendlyTypeName
Value:
Opera Web Document
(PID) Process:(6260) installer.exeKey:HKEY_CLASSES_ROOT\OperaStable
Operation:writeName:URL Protocol
Value:
Executable files
41
Suspicious files
1 147
Text files
558
Unknown types
0

Dropped files

PID
Process
Filename
Type
2680firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
2680firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:
SHA256:
2680firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:
SHA256:
2680firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:
SHA256:
2680firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:
SHA256:
2680firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:
SHA256:
2680firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:
SHA256:
2680firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.tmpbinary
MD5:
SHA256:
2680firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\protections.sqlite-journalbinary
MD5:
SHA256:
2680firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
137
TCP/UDP connections
396
DNS requests
595
Threats
48

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2680
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/s/wr3/vbw
unknown
whitelisted
2680
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/we2
unknown
whitelisted
2680
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
2680
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/we2
unknown
whitelisted
2680
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
2680
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/we2
unknown
whitelisted
2680
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/we2
unknown
whitelisted
2680
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/we2
unknown
whitelisted
2680
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/s/wr3/W6c
unknown
whitelisted
2680
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/s/wr3/W6c
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4456
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2680
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted
2680
firefox.exe
104.21.76.203:443
kiddions-modmenu.com
CLOUDFLARENET
unknown
4
System
192.168.100.255:138
whitelisted
2680
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
2680
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
2680
firefox.exe
216.58.206.35:80
o.pki.goog
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.212.174
whitelisted
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted
content-signature-chains.prod.autograph.services.mozaws.net
  • 34.160.144.191
  • 2600:1901:0:92a9::
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
kiddions-modmenu.com
  • 104.21.76.203
  • 172.67.200.181
  • 2606:4700:3033::6815:4ccb
  • 2606:4700:3034::ac43:c8b5
unknown
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted
mc.prod.ads.prod.webservices.mozgcp.net
  • 34.36.137.203
unknown
example.org
  • 23.215.0.132
  • 23.215.0.133
  • 23.220.75.238
  • 23.220.75.235
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
Not Suspicious Traffic
INFO [ANY.RUN] Websocket Upgrade Request
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Process
Message
setup.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
assistant_installer.exe
[0913/215541.875:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:170] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\76026cd6-f5da-4016-9277-9c3b5823ff67 Opera Installer Temp\opera_package_202509132155301\assistant\assistant_installer.exe" --version
setup.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
assistant_installer.exe
[0913/215601.378:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:170] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\76026cd6-f5da-4016-9277-9c3b5823ff67 Opera Installer Temp\opera_package_202509132155301\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
assistant_installer.exe
[0913/215601.447:INFO:opera\desktop\windows\assistant\installer\assistant_installer.cc:303] Setting up the registry
assistant_installer.exe
[0913/215601.463:INFO:opera\desktop\windows\assistant\installer\assistant_installer.cc:354] Creating scheduled task
assistant_installer.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://kiddions-modmenu.com/de.html