Malware analysis https://d2punpeg7vtjci.cloudfront.net/public/dynamo/lockerClick.php?offer=53283670&offer_position=1&it=3549396&m=0&visitor_id=Vdb0d0edbe9dd3&cpguid=dcmobrn6p&hash=fc14e13a40fe9b52e06b8834aa22d1f6 Malicious activity

Add for printing

URL:	https://d2punpeg7vtjci.cloudfront.net/public/dynamo/lockerClick.php?offer=53283670&offer_position=1&it=3549396&m=0&visitor_id=Vdb0d0edbe9dd3&cpguid=dcmobrn6p&hash=fc14e13a40fe9b52e06b8834aa22d1f6
Full analysis:	https://app.any.run/tasks/3c07b18a-65b7-438b-94dc-a80333ec6165
Verdict:	Malicious activity
Analysis date:	April 12, 2023, 09:28:34
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:	8BC738F16586C32E633F2248A350ED14
SHA1:	D2F903DFD9B2BBD396020DE5450069FD7C90D06B
SHA256:	BF36FF86E2AC1DA508AB18BD9DE736375D97538F5D5DEC473DF2BFE982C998D0
SSDEEP:	3:N8PVe5U+MVl/0/HJ7rvXzFNUvDGxWEc3UY9MlKX6AeuAcAQAnVDCDm2t5HfWlGn:2tfzM/HRXGqriUY9vBu/VrAWlG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (5.74)
CCleaner (5.74)
FileZilla Client 3.51.0 (3.51.0)
FileZilla Client 3.51.0 (3.51.0)
Google Chrome (86.0.4240.198)
Google Chrome (86.0.4240.198)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 83.0 (x86 en-US) (83.0)
Mozilla Firefox 83.0 (x86 en-US) (83.0)
Mozilla Maintenance Service (83.0.0.7621)
Mozilla Maintenance Service (83.0.0.7621)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
Opera 12.15 (12.15.1748)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Skype version 8.29 (8.29)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Application was dropped or rewritten from another process
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 1188)
  - OperaSetup.exe (PID: 1908)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 3556)
  - OperaSetup.exe (PID: 1804)
  - OperaSetup.exe (PID: 2960)
  - Assistant_96.0.4693.50_Setup.exe_sfx.exe (PID: 3344)
  - assistant_installer.exe (PID: 3596)
  - assistant_installer.exe (PID: 3204)
  - opera.exe (PID: 2784)
  - opera.exe (PID: 4060)
  - launcher.exe (PID: 2520)
- Actions looks like stealing of personal data
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 1188)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 3556)
  - OperaSetup.exe (PID: 1804)
  - OperaSetup.exe (PID: 2960)
  - assistant_installer.exe (PID: 3596)
  - assistant_installer.exe (PID: 3204)
  - installer.exe (PID: 2580)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 3500)
  - installer.exe (PID: 3292)
- Drops the executable file immediately after the start
  - OperaSetup.exe (PID: 1188)
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 1908)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 3556)
  - OperaSetup.exe (PID: 1804)
  - Assistant_96.0.4693.50_Setup.exe_sfx.exe (PID: 3344)
  - installer.exe (PID: 2580)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 3500)
  - installer.exe (PID: 3292)
  - OperaSetup.exe (PID: 2960)
- Loads dropped or rewritten executable
  - OperaSetup.exe (PID: 1188)
  - OperaSetup.exe (PID: 1908)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 3556)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 2580)
SUSPICIOUS
- Application launched itself
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 1804)
  - assistant_installer.exe (PID: 3596)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 3500)
- Executable content was dropped or overwritten
  - OperaSetup.exe (PID: 1188)
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 1908)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 3556)
  - OperaSetup.exe (PID: 1804)
  - OperaSetup.exe (PID: 2960)
  - Assistant_96.0.4693.50_Setup.exe_sfx.exe (PID: 3344)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 2580)
  - installer.exe (PID: 3500)
  - installer.exe (PID: 3292)
- Searches for installed software
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 1804)
  - installer.exe (PID: 2072)
- Starts itself from another location
  - OperaSetup.exe (PID: 3740)
- Reads the Internet Settings
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 3156)
- Reads security settings of Internet Explorer
  - OperaSetup.exe (PID: 3740)
- Reads settings of System Certificates
  - OperaSetup.exe (PID: 3740)
- Checks Windows Trust Settings
  - OperaSetup.exe (PID: 3740)
INFO
- Application launched itself
  - iexplore.exe (PID: 908)
- The process uses the downloaded file
  - iexplore.exe (PID: 908)
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 3156)
- Executable content was dropped or overwritten
  - iexplore.exe (PID: 908)
  - iexplore.exe (PID: 3284)
- Drops the executable file immediately after the start
  - iexplore.exe (PID: 3284)
  - iexplore.exe (PID: 908)
- Checks supported languages
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 1188)
  - OperaSetup.exe (PID: 1908)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 3556)
  - OperaSetup.exe (PID: 1804)
  - OperaSetup.exe (PID: 2960)
  - Assistant_96.0.4693.50_Setup.exe_sfx.exe (PID: 3344)
  - assistant_installer.exe (PID: 3596)
  - assistant_installer.exe (PID: 3204)
  - installer.exe (PID: 2580)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 3500)
  - installer.exe (PID: 3292)
  - launcher.exe (PID: 2520)
- Create files in a temporary directory
  - iexplore.exe (PID: 908)
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 1188)
  - OperaSetup.exe (PID: 1908)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 3556)
  - OperaSetup.exe (PID: 1804)
  - OperaSetup.exe (PID: 2960)
  - Assistant_96.0.4693.50_Setup.exe_sfx.exe (PID: 3344)
  - installer.exe (PID: 2580)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 3500)
  - installer.exe (PID: 3292)
  - opera.exe (PID: 2784)
- Reads the computer name
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 1804)
  - assistant_installer.exe (PID: 3596)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 3500)
  - launcher.exe (PID: 2520)
- Drops a file that was compiled in debug mode
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 1188)
  - OperaSetup.exe (PID: 1908)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 3556)
  - OperaSetup.exe (PID: 1804)
  - OperaSetup.exe (PID: 2960)
  - Assistant_96.0.4693.50_Setup.exe_sfx.exe (PID: 3344)
  - installer.exe (PID: 2580)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 3500)
  - installer.exe (PID: 3292)
- The process checks LSA protection
  - OperaSetup.exe (PID: 3740)
  - OperaSetup.exe (PID: 3156)
  - OperaSetup.exe (PID: 1804)
  - assistant_installer.exe (PID: 3596)
  - installer.exe (PID: 2072)
  - launcher.exe (PID: 2520)
  - installer.exe (PID: 3500)
- Creates files or folders in the user directory
  - OperaSetup.exe (PID: 1188)
  - OperaSetup.exe (PID: 3740)
  - installer.exe (PID: 2072)
- Checks proxy server information
  - OperaSetup.exe (PID: 3740)
- Loads dropped or rewritten executable
  - OperaSetup.exe (PID: 3740)
- Reads the machine GUID from the registry
  - OperaSetup.exe (PID: 3740)
  - installer.exe (PID: 2072)
  - installer.exe (PID: 3500)
- Manual execution by a user
  - opera.exe (PID: 2784)
- Creates files in the program directory
  - OperaSetup.exe (PID: 1804)
  - installer.exe (PID: 2072)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

908

"C:\Program Files\Internet Explorer\iexplore.exe" "https://d2punpeg7vtjci.cloudfront.net/public/dynamo/lockerClick.php?offer=53283670&offer_position=1&it=3549396&m=0&visitor_id=Vdb0d0edbe9dd3&cpguid=dcmobrn6p&hash=fc14e13a40fe9b52e06b8834aa22d1f6"

C:\Program Files\Internet Explorer\iexplore.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Internet Explorer

Exit code:

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

1188

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\OperaSetup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=97.0.4719.63 --initial-client-data=0x16c,0x170,0x174,0x140,0x178,0x6a5933e0,0x6a5933f0,0x6a5933fc

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\OperaSetup.exe

OperaSetup.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Installer

Exit code:

Version:

97.0.4719.63

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\operasetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

1804

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\OperaSetup.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\OperaSetup.exe" --backend --initial-pid=3740 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=0 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230412103012" --session-guid=86d23dbc-4629-4cb5-ad90-1f24d3137c6b --server-tracking-blob=NTFjYzQ2Njc2ODhlNzIwMzI0Mjg3NzY2MzlkZDFmMzIyMmM4OTA3NjFjNTlhZGIyNzkzYThmZWY3MzYxZDdjNjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vbGVnYWN5LXRoYW5rcz9uaT1zdGFibGUmb3M9d2luZG93cyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fdHJ5YWdhaW49eWVzIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODYiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiNyIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE2ODEyOTE4MDkuMTM2MiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgVHJpZGVudC83LjA7IHJ2OjExLjApIGxpa2UgR2Vja28iLCJ1dG0iOnsidHJ5YWdhaW4iOiJ5ZXMifSwidXVpZCI6IjFkY2NjMGYwLWM0ZTgtNDc4OC05Nzg1LTg3NzAyMmM3YzkzMSJ9 --desktopshortcut=1 --parent-pid=3156 --wait-for-package --run-elevated

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\OperaSetup.exe

OperaSetup.exe

User:

admin

Company:

Opera Software

Integrity Level:

HIGH

Description:

Opera Installer

Exit code:

Version:

97.0.4719.63

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\operasetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

1908

"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version

C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe

OperaSetup.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Installer

Exit code:

Version:

97.0.4719.63

Modules

Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\operasetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll

2072

"C:\Program Files\Opera\95.0.4635.80\installer.exe" --backend --initial-pid=3740 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=0 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304121030121" --session-guid=86d23dbc-4629-4cb5-ad90-1f24d3137c6b --server-tracking-blob=NTFjYzQ2Njc2ODhlNzIwMzI0Mjg3NzY2MzlkZDFmMzIyMmM4OTA3NjFjNTlhZGIyNzkzYThmZWY3MzYxZDdjNjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vbGVnYWN5LXRoYW5rcz9uaT1zdGFibGUmb3M9d2luZG93cyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fdHJ5YWdhaW49eWVzIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODYiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiNyIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE2ODEyOTE4MDkuMTM2MiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgVHJpZGVudC83LjA7IHJ2OjExLjApIGxpa2UgR2Vja28iLCJ1dG0iOnsidHJ5YWdhaW4iOiJ5ZXMifSwidXVpZCI6IjFkY2NjMGYwLWM0ZTgtNDc4OC05Nzg1LTg3NzAyMmM3YzkzMSJ9 --desktopshortcut=1 --install-subfolder=95.0.4635.80 --parent-pid=3156

C:\Program Files\Opera\95.0.4635.80\installer.exe

OperaSetup.exe

User:

admin

Company:

Opera Software

Integrity Level:

HIGH

Description:

Opera Installer

Exit code:

Version:

95.0.4635.80

Modules

Images
c:\program files\opera\95.0.4635.80\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll

2520

"C:\Program Files\Opera\launcher.exe" --new-tab

C:\Program Files\Opera\launcher.exe

—

installer.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.80

Modules

Images
c:\program files\opera\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

2580

"C:\Program Files\Opera\95.0.4635.80\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.80 --initial-client-data=0x16c,0x170,0x174,0x140,0x178,0x679fe428,0x679fe438,0x679fe444

C:\Program Files\Opera\95.0.4635.80\installer.exe

installer.exe

User:

admin

Company:

Opera Software

Integrity Level:

HIGH

Description:

Opera Installer

Exit code:

Version:

95.0.4635.80

Modules

Images
c:\program files\opera\95.0.4635.80\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll

2784

"C:\Program Files\Opera\opera.exe"

C:\Program Files\Opera\opera.exe

explorer.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Internet Browser

Exit code:

Version:

1748

Modules

Images
c:\program files\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gdi32.dll

2960

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\OperaSetup.exe

OperaSetup.exe

User:

admin

Company:

Opera Software

Integrity Level:

HIGH

Description:

Opera Installer

Exit code:

Version:

97.0.4719.63

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\operasetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

3156

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3740 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230412103012" --session-guid=86d23dbc-4629-4cb5-ad90-1f24d3137c6b --server-tracking-blob=NTFjYzQ2Njc2ODhlNzIwMzI0Mjg3NzY2MzlkZDFmMzIyMmM4OTA3NjFjNTlhZGIyNzkzYThmZWY3MzYxZDdjNjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vbGVnYWN5LXRoYW5rcz9uaT1zdGFibGUmb3M9d2luZG93cyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fdHJ5YWdhaW49eWVzIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODYiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiNyIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE2ODEyOTE4MDkuMTM2MiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgVHJpZGVudC83LjA7IHJ2OjExLjApIGxpa2UgR2Vja28iLCJ1dG0iOnsidHJ5YWdhaW4iOiJ5ZXMifSwidXVpZCI6IjFkY2NjMGYwLWM0ZTgtNDc4OC05Nzg1LTg3NzAyMmM3YzkzMSJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=5406000000000000

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\OperaSetup.exe

OperaSetup.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Installer

Exit code:

Version:

97.0.4719.63

Modules

Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\operasetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

Add for printing

Total events

61 092

Read events

60 468

Write events

598

Delete events

Modification events


(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPDaysSinceLastAutoMigration
Value: 0
(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:	write	Name:	NTPLastLaunchHighDateTime
Value: 30847387
(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:	write	Name:	NextCheckForUpdateHighDateTime
Value: 30847437
(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(908) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

Suspicious files

168

Text files

794

Unknown types

108

Dropped files

PID	Process	Filename		Type
3284	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:—	SHA256:—
3284	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62		binary
		MD5:—	SHA256:—
3284	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\lockerClick[1].htm		html
		MD5:—	SHA256:—
3284	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\IL7IQBWQ.txt		text
		MD5:—	SHA256:—
3284	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894		binary
		MD5:—	SHA256:—
3284	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8		binary
		MD5:—	SHA256:—
3284	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\30D802E0E248FEE17AAF4A62594CC75A		binary
		MD5:—	SHA256:—
3284	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D		binary
		MD5:—	SHA256:—
3284	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894		der
		MD5:7CECA430A42A7B562296E777850D9A59	SHA256:69136A40F067B783DE49C6E27E1C30C12CA37A5F28D23495812934884605723A
3284	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8		der
		MD5:D5125FF59BB40D49F4DEC8F736ECE33D	SHA256:B87741F7C1B28BB0225727D1E5E3FEC012BA22D4F659F6127E8A12CCA67A5963

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

280

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3284	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEA0WcKqJz0qvV5nHApP7qas%3D	US	der	314 b	whitelisted
3284	iexplore.exe	GET	200	172.64.155.188:80	http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEA9uAUFDljLnD1CR8PbHMzc%3D	US	der	471 b	whitelisted
3284	iexplore.exe	GET	200	13.32.47.54:80	http://crl.r2m01.amazontrust.com/r2m01.crl	US	binary	154 Kb	suspicious
3284	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D	US	der	471 b	whitelisted
3284	iexplore.exe	GET	200	104.18.32.68:80	http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D	US	der	2.18 Kb	whitelisted
3284	iexplore.exe	GET	200	108.138.2.173:80	http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D	US	der	1.70 Kb	whitelisted
3284	iexplore.exe	GET	200	52.222.250.42:80	http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D	US	der	1.51 Kb	whitelisted
3284	iexplore.exe	GET	200	8.248.131.254:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8cb10c1ba2d5906b	US	compressed	4.70 Kb	whitelisted
908	iexplore.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D	US	der	1.47 Kb	whitelisted
3284	iexplore.exe	GET	200	91.199.212.52:80	http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt	GB	der	1.52 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
908	iexplore.exe	108.138.24.197:443	d2punpeg7vtjci.cloudfront.net	AMAZON-02	US	unknown
3284	iexplore.exe	34.91.234.242:443	blue.redredirector.com	GOOGLE-CLOUD-PLATFORM	NL	unknown
3284	iexplore.exe	91.199.212.52:80	crt.sectigo.com	Sectigo Limited	GB	suspicious
3284	iexplore.exe	104.18.32.68:80	ocsp.usertrust.com	CLOUDFLARENET	—	suspicious
3284	iexplore.exe	172.64.155.188:80	ocsp.usertrust.com	CLOUDFLARENET	US	suspicious
3284	iexplore.exe	52.70.250.63:443	www.getgx.net	AMAZON-AES	US	unknown
908	iexplore.exe	34.91.234.242:443	blue.redredirector.com	GOOGLE-CLOUD-PLATFORM	NL	unknown
3284	iexplore.exe	52.222.226.205:80	ocsp.r2m01.amazontrust.com	AMAZON-02	US	unknown
908	iexplore.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
908	iexplore.exe	2.23.209.185:443	www.bing.com	Akamai International B.V.	GB	whitelisted

DNS requests

Domain	IP	Reputation
api.bing.com	13.107.5.80	whitelisted
www.bing.com	2.23.209.135 2.23.209.185 2.23.209.133 2.23.209.130 2.23.209.189 2.23.209.176 2.23.209.179 2.23.209.182 2.23.209.193 2.23.209.149 2.23.209.187 2.23.209.140 2.16.187.147 2.16.187.27 2.16.187.138 2.16.187.146 2.16.187.9 2.16.187.154 2.16.187.137 2.16.187.160 2.16.187.19 2.16.187.67 2.16.187.42 2.16.187.113 2.16.187.48 2.16.187.106 2.16.187.115 2.16.187.98 2.16.187.122 2.16.187.97 2.16.187.136 2.16.187.10 2.16.187.26 2.16.187.66 2.16.187.91 2.16.187.64 2.16.187.59 2.16.187.43 2.16.187.50	whitelisted
ctldl.windowsupdate.com	8.248.131.254 8.248.119.254 8.248.137.254 8.238.30.254 8.238.190.126	whitelisted
o.ss2.us	108.138.2.173 108.138.2.195 108.138.2.10 108.138.2.107	whitelisted
ocsp.rootg2.amazontrust.com	52.222.250.42 52.222.250.185 52.222.250.112 52.222.250.174	whitelisted
ocsp.rootca1.amazontrust.com	18.66.200.23 18.66.200.204 18.66.200.39 18.66.200.130	shared
blue.redredirector.com	34.91.234.242 34.141.179.97	unknown
crt.sectigo.com	91.199.212.52	whitelisted
ocsp.usertrust.com	104.18.32.68 172.64.155.188	whitelisted
ocsp.sectigo.com	172.64.155.188 104.18.32.68	whitelisted

Threats

PID	Process	Class	Message
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure
2784	opera.exe	Potentially Bad Traffic	ET INFO TLS Handshake Failure

Add for printing

Process	Message
assistant_installer.exe	[0412/103204.217:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304121030121\assistant\assistant_installer.exe" --version
assistant_installer.exe	[0412/103204.217:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304121030121\assistant\assistant_installer.exe" --version

General Info

https://d2punpeg7vtjci.cloudfront.net/public/dynamo/lockerClick.php?offer=53283670&offer_position=1&it=3549396&m=0&visitor_id=Vdb0d0edbe9dd3&cpguid=dcmobrn6p&hash=fc14e13a40fe9b52e06b8834aa22d1f6

8BC738F16586C32E633F2248A350ED14

D2F903DFD9B2BBD396020DE5450069FD7C90D06B

BF36FF86E2AC1DA508AB18BD9DE736375D97538F5D5DEC473DF2BFE982C998D0

3:N8PVe5U+MVl/0/HJ7rvXzFNUvDGxWEc3UY9MlKX6AeuAcAQAnVDCDm2t5HfWlGn:2tfzM/HRXGqriUY9vBu/VrAWlG

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Application was dropped or rewritten from another process

Actions looks like stealing of personal data

Drops the executable file immediately after the start

Loads dropped or rewritten executable

SUSPICIOUS

Application launched itself

Executable content was dropped or overwritten

Searches for installed software

Starts itself from another location

Reads the Internet Settings

Reads security settings of Internet Explorer

Reads settings of System Certificates

Checks Windows Trust Settings

INFO

Application launched itself

The process uses the downloaded file

Executable content was dropped or overwritten

Drops the executable file immediately after the start

Checks supported languages

Create files in a temporary directory

Reads the computer name

Drops a file that was compiled in debug mode

The process checks LSA protection

Creates files or folders in the user directory

Checks proxy server information

Loads dropped or rewritten executable

Reads the machine GUID from the registry

Manual execution by a user

Creates files in the program directory

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings