| URL: | blooket-cheats.github.io |
| Full analysis: | https://app.any.run/tasks/2c5395d6-d081-4e80-a1cd-d0cc91fd1130 |
| Verdict: | Malicious activity |
| Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
| Analysis date: | February 22, 2026, 21:24:51 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 636DF9DA4F09D6ACE06B5D26B64DBE9F |
| SHA1: | 703A82E333CC97390EF388B0F958C3DF7C66D012 |
| SHA256: | D1AE71BA61CCC27548F7E24DA55D7C75D4B7849D356515A9BE47D757200B4E05 |
| SSDEEP: | 3:zuzr4L:zugL |
MALICIOUS
Changes the autorun value in the registry
- assistant_installer.exe (PID: 8252)
- opera.exe (PID: 7496)
Actions looks like stealing of personal data
- opera.exe (PID: 7496)
Steals credentials from Web Browsers
- opera.exe (PID: 7496)
SUSPICIOUS
Application launched itself
- setup.exe (PID: 2608)
- assistant_installer.exe (PID: 9016)
- setup.exe (PID: 8696)
- assistant_installer.exe (PID: 8252)
- installer.exe (PID: 5632)
- assistant_installer.exe (PID: 2332)
- browser_assistant.exe (PID: 8272)
- opera.exe (PID: 7496)
- installer.exe (PID: 10620)
- opera_autoupdate.exe (PID: 10980)
- opera_autoupdate.exe (PID: 10948)
Starts itself from another location
- setup.exe (PID: 2608)
- assistant_installer.exe (PID: 8252)
Searches for installed software
- installer.exe (PID: 5632)
- browser_assistant.exe (PID: 8272)
Reads the date of Windows installation
- installer.exe (PID: 5632)
- opera.exe (PID: 7496)
Possible stealing from browsers
- opera_crashreporter.exe (PID: 8964)
- opera_crashreporter.exe (PID: 6300)
- opera.exe (PID: 7496)
- opera_crashreporter.exe (PID: 1092)
- opera_crashreporter.exe (PID: 2680)
- opera_crashreporter.exe (PID: 2712)
- browser_assistant.exe (PID: 8292)
- opera_crashreporter.exe (PID: 8100)
- browser_assistant.exe (PID: 8272)
- opera_autoupdate.exe (PID: 11108)
Reads Mozilla Firefox installation path
- opera.exe (PID: 7496)
The process executes via Task Scheduler
- opera_autoupdate.exe (PID: 10948)
INFO
Checks supported languages
- identity_helper.exe (PID: 7048)
- OperaGXSetup.exe (PID: 7916)
- setup.exe (PID: 7904)
- setup.exe (PID: 2608)
- setup.exe (PID: 5520)
- setup.exe (PID: 6896)
- setup.exe (PID: 8696)
- Opera_GX_assistant_127.0.5778.41_Setup.exe_sfx.exe (PID: 7780)
- assistant_installer.exe (PID: 9016)
- assistant_installer.exe (PID: 6300)
- installer.exe (PID: 5632)
- installer.exe (PID: 6632)
- assistant_installer.exe (PID: 8252)
- assistant_installer.exe (PID: 7312)
- assistant_installer.exe (PID: 2332)
- assistant_installer.exe (PID: 3440)
- browser_assistant.exe (PID: 8272)
- opera.exe (PID: 7496)
- opera.exe (PID: 7624)
- opera_crashreporter.exe (PID: 6300)
- opera_crashreporter.exe (PID: 8964)
- browser_assistant.exe (PID: 8292)
- opera.exe (PID: 5896)
- opera_crashreporter.exe (PID: 1092)
- opera_crashreporter.exe (PID: 2712)
- opera.exe (PID: 2036)
- opera_crashreporter.exe (PID: 8100)
- opera.exe (PID: 8152)
- opera_crashreporter.exe (PID: 2680)
- opera.exe (PID: 9160)
- opera.exe (PID: 4224)
- opera.exe (PID: 7828)
- opera.exe (PID: 2784)
- opera.exe (PID: 7600)
- opera.exe (PID: 6512)
- opera.exe (PID: 7988)
- opera.exe (PID: 5776)
- opera.exe (PID: 7860)
- opera.exe (PID: 4224)
- opera_gx_splash.exe (PID: 9340)
- opera.exe (PID: 9632)
- opera.exe (PID: 9688)
- opera.exe (PID: 9720)
- opera.exe (PID: 9796)
- opera.exe (PID: 9780)
- opera.exe (PID: 9820)
- opera.exe (PID: 9808)
- opera.exe (PID: 9956)
- opera.exe (PID: 9704)
- opera.exe (PID: 9968)
- opera.exe (PID: 10036)
- opera.exe (PID: 7656)
- opera.exe (PID: 1172)
- opera.exe (PID: 7916)
- opera.exe (PID: 9260)
- opera.exe (PID: 1820)
- opera.exe (PID: 7684)
- opera.exe (PID: 6884)
- opera.exe (PID: 224)
- opera.exe (PID: 4664)
- opera.exe (PID: 9416)
- opera.exe (PID: 9452)
- opera.exe (PID: 9460)
- opera.exe (PID: 9488)
- opera.exe (PID: 1960)
- opera.exe (PID: 9436)
- opera.exe (PID: 7392)
- opera.exe (PID: 1492)
- opera.exe (PID: 9220)
- opera.exe (PID: 10632)
- opera.exe (PID: 10588)
- installer.exe (PID: 10768)
- opera.exe (PID: 10644)
- opera.exe (PID: 9984)
- opera.exe (PID: 9976)
- installer.exe (PID: 10620)
- opera.exe (PID: 10956)
- opera.exe (PID: 10612)
- opera_autoupdate.exe (PID: 10980)
- opera_autoupdate.exe (PID: 10948)
- opera_autoupdate.exe (PID: 11032)
- opera_autoupdate.exe (PID: 11108)
- opera.exe (PID: 10712)
- opera.exe (PID: 10836)
- opera.exe (PID: 10880)
- opera.exe (PID: 10808)
- opera.exe (PID: 4776)
- opera.exe (PID: 8780)
- opera.exe (PID: 5108)
- opera.exe (PID: 2600)
- opera.exe (PID: 10640)
- opera.exe (PID: 10828)
- opera.exe (PID: 4296)
- opera.exe (PID: 9444)
- opera.exe (PID: 11156)
- opera.exe (PID: 9852)
- opera.exe (PID: 10020)
- opera.exe (PID: 10140)
- opera.exe (PID: 3244)
- opera.exe (PID: 6880)
- opera.exe (PID: 10632)
- opera.exe (PID: 7916)
- opera.exe (PID: 5152)
- opera.exe (PID: 10808)
- installer.exe (PID: 10620)
Drops script file
- msedge.exe (PID: 5088)
- setup.exe (PID: 8696)
- installer.exe (PID: 5632)
- opera.exe (PID: 7496)
- opera.exe (PID: 10880)
- opera.exe (PID: 8780)
- opera.exe (PID: 4776)
- opera.exe (PID: 9852)
- opera.exe (PID: 4296)
- opera.exe (PID: 3244)
Reads Environment values
- identity_helper.exe (PID: 7048)
Application launched itself
- msedge.exe (PID: 5088)
Reads the computer name
- identity_helper.exe (PID: 7048)
- setup.exe (PID: 2608)
- setup.exe (PID: 8696)
- assistant_installer.exe (PID: 9016)
- installer.exe (PID: 5632)
- assistant_installer.exe (PID: 8252)
- assistant_installer.exe (PID: 2332)
- opera.exe (PID: 7624)
- opera.exe (PID: 7496)
- opera.exe (PID: 5896)
- browser_assistant.exe (PID: 8272)
- opera.exe (PID: 4224)
- opera.exe (PID: 2036)
- opera.exe (PID: 8152)
- opera.exe (PID: 9160)
- opera.exe (PID: 7828)
- opera_gx_splash.exe (PID: 9340)
- opera.exe (PID: 1960)
- installer.exe (PID: 10620)
- opera_autoupdate.exe (PID: 10980)
- opera_autoupdate.exe (PID: 11032)
- opera_autoupdate.exe (PID: 10948)
- opera_autoupdate.exe (PID: 11108)
Launching a file from the Downloads directory
- msedge.exe (PID: 5088)
Create files in a temporary directory
- setup.exe (PID: 7904)
- OperaGXSetup.exe (PID: 7916)
- setup.exe (PID: 2608)
- setup.exe (PID: 5520)
- setup.exe (PID: 8696)
- Opera_GX_assistant_127.0.5778.41_Setup.exe_sfx.exe (PID: 7780)
- setup.exe (PID: 6896)
- installer.exe (PID: 5632)
- installer.exe (PID: 6632)
- opera.exe (PID: 7496)
- installer.exe (PID: 10620)
- installer.exe (PID: 10768)
- opera_autoupdate.exe (PID: 10948)
- installer.exe (PID: 10620)
Creates files or folders in the user directory
- setup.exe (PID: 2608)
- setup.exe (PID: 7904)
- setup.exe (PID: 8696)
- installer.exe (PID: 5632)
- assistant_installer.exe (PID: 8252)
- opera.exe (PID: 7496)
- opera.exe (PID: 9160)
- opera_autoupdate.exe (PID: 11032)
- opera_autoupdate.exe (PID: 10980)
- browser_assistant.exe (PID: 8272)
- opera_autoupdate.exe (PID: 10948)
Checks proxy server information
- setup.exe (PID: 2608)
- browser_assistant.exe (PID: 8272)
- opera.exe (PID: 7496)
- opera_autoupdate.exe (PID: 10980)
- opera_autoupdate.exe (PID: 10948)
- slui.exe (PID: 5040)
Reads security settings of Internet Explorer
- setup.exe (PID: 2608)
- installer.exe (PID: 5632)
- browser_assistant.exe (PID: 8272)
Reads the machine GUID from the registry
- setup.exe (PID: 2608)
- installer.exe (PID: 5632)
- opera.exe (PID: 7496)
- browser_assistant.exe (PID: 8272)
- opera_autoupdate.exe (PID: 10980)
- opera_autoupdate.exe (PID: 11032)
- opera_autoupdate.exe (PID: 10948)
- opera_autoupdate.exe (PID: 11108)
There is functionality for taking screenshot (YARA)
- setup.exe (PID: 2608)
Creates a software uninstall entry
- installer.exe (PID: 5632)
Launching a file from a Registry key
- assistant_installer.exe (PID: 8252)
- opera.exe (PID: 7496)
Process checks computer location settings
- opera.exe (PID: 4224)
- opera.exe (PID: 7496)
- opera.exe (PID: 9632)
- opera.exe (PID: 9688)
- opera.exe (PID: 9704)
- opera.exe (PID: 9720)
- opera.exe (PID: 9956)
- opera.exe (PID: 9968)
- opera.exe (PID: 10036)
- opera.exe (PID: 9416)
- opera.exe (PID: 10956)
- opera.exe (PID: 9984)
- opera.exe (PID: 9976)
- opera.exe (PID: 2600)
- opera.exe (PID: 5108)
- opera.exe (PID: 10828)
- opera.exe (PID: 6880)
- opera.exe (PID: 10808)
- opera.exe (PID: 5152)
OPERA mutex has been found
- browser_assistant.exe (PID: 8272)
- opera.exe (PID: 7496)
- opera_autoupdate.exe (PID: 10980)
- opera_autoupdate.exe (PID: 10948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
293
Monitored processes
142
Malicious processes
5
Suspicious processes
5
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 224 | "C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:address-bar-intent-internal-matching=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-filter=on --with-feature:continue-shopping-structured-partners=on --with-feature:domain-suggestions-with-misspells=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --metrics-shmem-handle=8168,i,9602234746602294624,17590829063241982310,524288 --field-trial-handle=1924,i,11998324960676241153,16165068543788851272,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --trace-process-track-uuid=3190709013486085115 --mojo-platform-channel-handle=8140 /prefetch:8 | C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe | — | opera.exe | |||||||||||
User: admin Company: Opera Software Integrity Level: LOW Description: Opera GX Internet Browser Exit code: 0 Version: 127.0.5778.75 Modules
| |||||||||||||||
| 1044 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3568,i,13454087140787406604,6670372871342503450,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3924 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1092 | "C:\Users\admin\AppData\Local\Programs\Opera GX\127.0.5778.75\opera_crashreporter.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=127.0.5778.75 --initial-client-data=0x204,0x208,0x20c,0x200,0x210,0x7ffd47570330,0x7ffd47570340,0x7ffd47570350 | C:\Users\admin\AppData\Local\Programs\Opera GX\127.0.5778.75\opera_crashreporter.exe | opera.exe | ||||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera GX crash-reporter Exit code: 0 Version: 127.0.5778.75 Modules
| |||||||||||||||
| 1172 | "C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:address-bar-intent-internal-matching=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-filter=on --with-feature:continue-shopping-structured-partners=on --with-feature:domain-suggestions-with-misspells=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --metrics-shmem-handle=7840,i,12865080554309040629,14735414280224659642,524288 --field-trial-handle=1924,i,11998324960676241153,16165068543788851272,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --trace-process-track-uuid=3190709014423126964 --mojo-platform-channel-handle=7960 /prefetch:8 | C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe | — | opera.exe | |||||||||||
User: admin Company: Opera Software Integrity Level: LOW Description: Opera GX Internet Browser Exit code: 0 Version: 127.0.5778.75 Modules
| |||||||||||||||
| 1492 | "C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:address-bar-intent-internal-matching=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-filter=on --with-feature:continue-shopping-structured-partners=on --with-feature:domain-suggestions-with-misspells=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --metrics-shmem-handle=8584,i,7751414917887650582,10522740970839930445,524288 --field-trial-handle=1924,i,11998324960676241153,16165068543788851272,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --trace-process-track-uuid=3190709017234252511 --mojo-platform-channel-handle=8740 /prefetch:8 | C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe | — | opera.exe | |||||||||||
User: admin Company: Opera Software Integrity Level: LOW Description: Opera GX Internet Browser Exit code: 0 Version: 127.0.5778.75 Modules
| |||||||||||||||
| 1584 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5356,i,13454087140787406604,6670372871342503450,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7188 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1676 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6692,i,13454087140787406604,6670372871342503450,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1820 | "C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:address-bar-intent-internal-matching=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-filter=on --with-feature:continue-shopping-structured-partners=on --with-feature:domain-suggestions-with-misspells=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --metrics-shmem-handle=6624,i,6847706033736069339,1136483577144537577,524288 --field-trial-handle=1924,i,11998324960676241153,16165068543788851272,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --trace-process-track-uuid=3190709011612001417 --mojo-platform-channel-handle=7776 /prefetch:8 | C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe | — | opera.exe | |||||||||||
User: admin Company: Opera Software Integrity Level: LOW Description: Opera GX Internet Browser Exit code: 0 Version: 127.0.5778.75 Modules
| |||||||||||||||
| 1960 | "C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --no-pre-read-main-dll --force-high-res-timeticks=disabled --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:address-bar-intent=on --with-feature:address-bar-intent-internal-matching=on --with-feature:ai-writing-mode-in-context-menu=on --with-feature:cashback-assistant=on --with-feature:certificate-transparency-enforcement=on --with-feature:continue-filter=on --with-feature:continue-shopping-structured-partners=on --with-feature:domain-suggestions-with-misspells=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:fun-voice-messages=on --with-feature:gx-post-mortem=on --with-feature:gx-streamlabs-promo-text=on --with-feature:hide-navigations-from-extensions=on --with-feature:image-search-support=on --with-feature:installer-experiment-test=off --with-feature:installer-move-opera-exe=off --with-feature:keywords-from-backend=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:universal-skip-button=on --with-feature:vpn-pro-v4-support=on --metrics-shmem-handle=7824,i,5870587397396044959,2680863887590613461,524288 --field-trial-handle=1924,i,11998324960676241153,16165068543788851272,262144 --enable-features=CertificateTransparencyAskBeforeEnabling,MultiThreadedUiCompositor --disable-features=AutoPictureInPictureForVideoPlayback,AutoPictureInPictureVideoHeuristics,CapitalOneCashbackProtection,MediaSessionEnterPictureInPicture,PlatformSoftwareH264EncoderInGpu,SyncWorkspacesInSessions --variations-seed-version --trace-process-track-uuid=3190709010674959568 --mojo-platform-channel-handle=7988 /prefetch:8 | C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe | — | opera.exe | |||||||||||
User: admin Company: Opera Software Integrity Level: LOW Description: Opera GX Internet Browser Version: 127.0.5778.75 Modules
| |||||||||||||||
| 2036 | "C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --stream | C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe | — | browser_assistant.exe | |||||||||||
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera GX Internet Browser Exit code: 0 Version: 127.0.5778.75 Modules
| |||||||||||||||
Total events
22 718
Read events
22 139
Write events
568
Delete events
11
Modification events
| (PID) Process: | (2608) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (2608) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (2608) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (8696) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Opera Software |
| Operation: | write | Name: | Last Opera GX Stable Install Path |
Value: C:\Users\admin\AppData\Local\Programs\Opera GX\ | |||
| (PID) Process: | (5632) installer.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Opera Software |
| Operation: | write | Name: | Last Opera GX Stable Install Path |
Value: C:\Users\admin\AppData\Local\Programs\Opera GX\ | |||
| (PID) Process: | (5632) installer.exe | Key: | HKEY_CLASSES_ROOT\Opera GXStable |
| Operation: | write | Name: | FriendlyTypeName |
Value: Opera GX Web Document | |||
| (PID) Process: | (5632) installer.exe | Key: | HKEY_CLASSES_ROOT\Opera GXStable |
| Operation: | write | Name: | URL Protocol |
Value: | |||
| (PID) Process: | (5632) installer.exe | Key: | HKEY_CLASSES_ROOT\.gxanimations\OpenWithProgIDs |
| Operation: | write | Name: | Opera GXStable |
Value: | |||
| (PID) Process: | (5632) installer.exe | Key: | HKEY_CLASSES_ROOT\.opdownload\OpenWithProgIDs |
| Operation: | write | Name: | Opera GXStable |
Value: | |||
| (PID) Process: | (5632) installer.exe | Key: | HKEY_CLASSES_ROOT\.htm\OpenWithProgids |
| Operation: | write | Name: | Opera GXStable |
Value: | |||
Executable files
0
Suspicious files
1
Text files
1
Unknown types
1 818
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e50ec.TMP | — | |
MD5:— | SHA256:— | |||
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old | — | |
MD5:— | SHA256:— | |||
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e50fc.TMP | — | |
MD5:— | SHA256:— | |||
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e50fc.TMP | — | |
MD5:— | SHA256:— | |||
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e50fc.TMP | — | |
MD5:— | SHA256:— | |||
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e50fc.TMP | — | |
MD5:— | SHA256:— | |||
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 5088 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
395
TCP/UDP connections
262
DNS requests
272
Threats
20
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5752 | msedge.exe | GET | 200 | 150.171.27.11:443 | https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0 | US | binary | 446 b | whitelisted |
5752 | msedge.exe | GET | 200 | 150.171.27.11:80 | http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:oUuZm3NpIgCedQlriqr0tx4juMbi5k5-1q9o4BhylOU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | US | binary | 99 b | whitelisted |
5752 | msedge.exe | GET | 301 | 185.199.110.153:80 | http://blooket-cheats.github.io/ | US | binary | 162 b | unknown |
5752 | msedge.exe | GET | 200 | 104.18.22.222:443 | https://copilot.microsoft.com/c/api/user/eligibility | US | binary | 25 b | whitelisted |
5752 | msedge.exe | GET | 304 | 150.171.28.11:443 | https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist | US | — | — | whitelisted |
5752 | msedge.exe | GET | 200 | 185.199.110.153:443 | https://blooket-cheats.github.io/ | US | binary | 43.9 Kb | unknown |
5752 | msedge.exe | GET | 200 | 13.107.213.45:443 | https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US | US | binary | 82 b | whitelisted |
5752 | msedge.exe | GET | 404 | 185.199.110.153:443 | https://blooket-cheats.github.io/favicon.ico | US | binary | 9.16 Kb | unknown |
5752 | msedge.exe | GET | 200 | 104.17.24.14:443 | https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css | US | binary | 99.6 Kb | unknown |
5752 | msedge.exe | GET | 200 | 184.86.251.10:443 | https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json | NL | — | 665 Kb | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
3344 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:137 | — | Not routed | — | whitelisted |
5780 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
6768 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5752 | msedge.exe | 150.171.27.11:80 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:138 | — | Not routed | — | whitelisted |
5752 | msedge.exe | 52.123.243.177:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5752 | msedge.exe | 185.199.110.153:80 | blooket-cheats.github.io | FASTLY | US | whitelisted |
5752 | msedge.exe | 150.171.27.11:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5752 | msedge.exe | 13.107.213.45:443 | api.edgeoffer.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
blooket-cheats.github.io |
| unknown |
api.edgeoffer.microsoft.com |
| whitelisted |
copilot.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
5752 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
5752 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
3344 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
5752 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net) |
5752 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
5752 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net) |
5752 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
5752 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
5752 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
5752 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
Process | Message |
|---|---|
setup.exe | RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
|
setup.exe | RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
|
assistant_installer.exe | RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
|
assistant_installer.exe | [0222/162606.174:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:170] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\5e5f526b-181e-4d54-b897-7032316a4773 Opera GX Installer Temp\opera_package_202602221625551\assistant\assistant_installer.exe" --version
|
installer.exe | RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
|
assistant_installer.exe | RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable directory exists )
|
assistant_installer.exe | [0222/162620.091:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:170] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\5e5f526b-181e-4d54-b897-7032316a4773 Opera GX Installer Temp\opera_package_202602221625551\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX\assistant" --copyonly=0 --allusers=0
|
assistant_installer.exe | [0222/162620.125:INFO:opera\desktop\windows\assistant\installer\assistant_installer.cc:308] Setting up the registry
|
assistant_installer.exe | [0222/162620.141:INFO:opera\desktop\windows\assistant\installer\assistant_installer.cc:359] Creating scheduled task
|
assistant_installer.exe | [0222/162620.204:INFO:opera\desktop\windows\assistant\installer\assistant_installer_main.cc:170] Running assistant installer with command line "C:\Users\admin\AppData\Local\Programs\Opera GX\assistant\assistant_installer.exe" --installfolder="C:\Users\admin\AppData\Local\Programs\Opera GX\assistant" --run-assistant --allusers=0
|