File name:

free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe

Full analysis: https://app.any.run/tasks/5f4e2de7-602a-4e43-a7fe-ebd9aa559050
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: January 10, 2025, 22:03:51
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

5DC236FEF4D7557E56677FDD15C11CE6

SHA1:

1EE4AE47EBC5B63711F92D85E87A5B518EEE6969

SHA256:

D5A227107114E4246B98FF87DB3C96173B829C7D32A24FEFABC11594913A5765

SSDEEP:

98304:0pyZEg8pfJo1OE5FsI1DxqbsSLhlxIlce/Unba+O+CB3jD9hlm:8v

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • setup.exe (PID: 7024)
      • setup.exe (PID: 6220)
      • assistant_installer.exe (PID: 6408)

    • Steals credentials from Web Browsers

      • setup.exe (PID: 7024)
      • setup.exe (PID: 6220)
      • assistant_installer.exe (PID: 6408)

    • Registers / Runs the DLL via REGSVR32.EXE

      • free-m4a-to-mp3-converter-es-2022.1-installer.tmp (PID: 2420)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • OperaSetup.exe (PID: 6992)
      • setup.exe (PID: 7024)
      • setup.exe (PID: 7132)
      • setup.exe (PID: 6220)
      • setup.exe (PID: 7048)
      • setup.exe (PID: 4912)
      • free-m4a-to-mp3-converter-es-2022.1-installer.exe (PID: 372)
      • free-m4a-to-mp3-converter-es-2022.1-installer.tmp (PID: 2420)
      • Assistant_116.0.5366.21_Setup.exe_sfx.exe (PID: 2216)

    • Reads security settings of Internet Explorer

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • setup.exe (PID: 7024)

    • Application launched itself

      • setup.exe (PID: 7024)
      • setup.exe (PID: 6220)
      • assistant_installer.exe (PID: 6400)

    • Starts itself from another location

      • setup.exe (PID: 7024)

    • Checks Windows Trust Settings

      • setup.exe (PID: 7024)

    • Reads the Windows owner or organization settings

      • free-m4a-to-mp3-converter-es-2022.1-installer.tmp (PID: 2420)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 2676)
      • regsvr32.exe (PID: 5592)

    • Process drops legitimate windows executable

      • Assistant_116.0.5366.21_Setup.exe_sfx.exe (PID: 2216)

  • INFO

    • Checks supported languages

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • OperaSetup.exe (PID: 6992)
      • setup.exe (PID: 7024)
      • setup.exe (PID: 7048)
      • setup.exe (PID: 7132)
      • setup.exe (PID: 6220)
      • setup.exe (PID: 4912)
      • free-m4a-to-mp3-converter-es-2022.1-installer.exe (PID: 372)
      • free-m4a-to-mp3-converter-es-2022.1-installer.tmp (PID: 2420)
      • Assistant_116.0.5366.21_Setup.exe_sfx.exe (PID: 2216)
      • audioconverter.exe (PID: 4764)

    • The sample compiled with english language support

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • OperaSetup.exe (PID: 6992)
      • setup.exe (PID: 7048)
      • setup.exe (PID: 7024)
      • setup.exe (PID: 6220)
      • setup.exe (PID: 7132)
      • setup.exe (PID: 4912)
      • free-m4a-to-mp3-converter-es-2022.1-installer.tmp (PID: 2420)
      • Assistant_116.0.5366.21_Setup.exe_sfx.exe (PID: 2216)

    • Checks proxy server information

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • setup.exe (PID: 7024)

    • Sends debugging messages

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • assistant_installer.exe (PID: 6400)

    • Reads the computer name

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • setup.exe (PID: 6220)
      • free-m4a-to-mp3-converter-es-2022.1-installer.tmp (PID: 2420)
      • audioconverter.exe (PID: 4764)

    • Create files in a temporary directory

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • setup.exe (PID: 7048)
      • setup.exe (PID: 7024)
      • setup.exe (PID: 7132)
      • setup.exe (PID: 6220)
      • free-m4a-to-mp3-converter-es-2022.1-installer.tmp (PID: 2420)
      • Assistant_116.0.5366.21_Setup.exe_sfx.exe (PID: 2216)

    • Reads the software policy settings

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • setup.exe (PID: 7024)

    • Reads CPU info

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)

    • Reads the machine GUID from the registry

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)
      • setup.exe (PID: 7024)

    • The process uses the downloaded file

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)

    • Process checks computer location settings

      • free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe (PID: 6240)

    • Creates files or folders in the user directory

      • setup.exe (PID: 7024)

    • Creates a software uninstall entry

      • free-m4a-to-mp3-converter-es-2022.1-installer.tmp (PID: 2420)

    • Creates files in the program directory

      • free-m4a-to-mp3-converter-es-2022.1-installer.tmp (PID: 2420)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (18)
.exe | Win32 Executable (generic) (2.9)
.exe | Generic Win/DOS Executable (1.3)
.exe | DOS Executable Generic (1.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:11:10 18:22:24+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 2192384
InitializedDataSize: 2328576
UninitializedDataSize: -
EntryPoint: 0x1cbfbc
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.1.0.11108
ProductVersionNumber: 3.1.0.11108
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Softonic
FileDescription: Softonic
FileVersion: 3.1.0.11108
LegalCopyright: (c) Softonic
ProductName: Softonic
ProductVersion: 3.1.0.11108
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
16
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start free-m4a-to-mp3-converter-es-2022.1-installer_zv-70a1.exe operasetup.exe setup.exe setup.exe setup.exe setup.exe setup.exe free-m4a-to-mp3-converter-es-2022.1-installer.exe free-m4a-to-mp3-converter-es-2022.1-installer.tmp regsvr32.exe no specs regsvr32.exe no specs audioconverter.exe no specs assistant_116.0.5366.21_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe free-m4a-to-mp3-converter-es-2022.1-installer_zv-70a1.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
372"C:\Users\admin\Downloads\free-m4a-to-mp3-converter-es-2022.1-installer.exe" C:\Users\admin\Downloads\free-m4a-to-mp3-converter-es-2022.1-installer.exe
free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe
User:
admin
Company:
dvdvideomedia, Inc.
Integrity Level:
HIGH
Description:
Free Audio Converter Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\downloads\free-m4a-to-mp3-converter-es-2022.1-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2216"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501102204201\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501102204201\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe
setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Opera installer SFX
Exit code:
0
Version:
116.0.5366.21
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\opera_package_202501102204201\assistant\assistant_116.0.5366.21_setup.exe_sfx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2420"C:\Users\admin\AppData\Local\Temp\is-6D65R.tmp\free-m4a-to-mp3-converter-es-2022.1-installer.tmp" /SL5="$60308,5149579,121344,C:\Users\admin\Downloads\free-m4a-to-mp3-converter-es-2022.1-installer.exe" C:\Users\admin\AppData\Local\Temp\is-6D65R.tmp\free-m4a-to-mp3-converter-es-2022.1-installer.tmp
free-m4a-to-mp3-converter-es-2022.1-installer.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-6d65r.tmp\free-m4a-to-mp3-converter-es-2022.1-installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2676"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\DVDVideoMedia\Free Audio Converter\trackswitch.ax"C:\Windows\SysWOW64\regsvr32.exefree-m4a-to-mp3-converter-es-2022.1-installer.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4764"C:\Program Files\DVDVideoMedia\Free Audio Converter\audioconverter.exe"C:\Program Files\DVDVideoMedia\Free Audio Converter\audioconverter.exefree-m4a-to-mp3-converter-es-2022.1-installer.tmp
User:
admin
Company:
yyzsoft
Integrity Level:
HIGH
Description:
Free Audio Converter
Modules
Images
c:\program files\dvdvideomedia\free audio converter\audioconverter.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4912C:\Users\admin\AppData\Local\Temp\7zS05B91DD3\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x33c,0x340,0x344,0x308,0x348,0x72529d44,0x72529d50,0x72529d5cC:\Users\admin\AppData\Local\Temp\7zS05B91DD3\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Version:
115.0.5322.119
Modules
Images
c:\users\admin\appdata\local\temp\7zs05b91dd3\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
5592"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\DVDVideoMedia\Free Audio Converter\DCBassSource.ax"C:\Windows\SysWOW64\regsvr32.exefree-m4a-to-mp3-converter-es-2022.1-installer.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5628"C:\Users\admin\AppData\Local\Temp\free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe" C:\Users\admin\AppData\Local\Temp\free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exeexplorer.exe
User:
admin
Company:
Softonic
Integrity Level:
MEDIUM
Description:
Softonic
Exit code:
3221226540
Version:
3.1.0.11108
Modules
Images
c:\users\admin\appdata\local\temp\free-m4a-to-mp3-converter-es-2022.1-installer_zv-70a1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6220"C:\Users\admin\AppData\Local\Temp\7zS05B91DD3\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=7024 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20250110220420" --session-guid=bb63636f-57b9-4f52-8dc2-98664d614ca9 --server-tracking-blob=NmUzYTQxMDMwNTg1MjYxOWQ1ZjA4ZGU2MjNiYWJlNDE2MTc1ZmRhNjcyZTc4NmJlNWNiZGIzZDM1MjA0NTY4Njp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczNTAzODAxMi43NzQ1IiwidXNlcmFnZW50IjoicHl0aG9uLXJlcXVlc3RzLzIuMzIuMyIsInV0bSI6eyJjYW1wYWlnbiI6Im9wZXJhX3JlZW5nYWdlZCIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiYWlzIn0sInV1aWQiOiJhYWY2NmY0NC01YzJjLTRmYmYtODRiZC03ZjY5MTQwZjQwZGIifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=3806000000000000C:\Users\admin\AppData\Local\Temp\7zS05B91DD3\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Version:
115.0.5322.119
Modules
Images
c:\users\admin\appdata\local\temp\7zs05b91dd3\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6240"C:\Users\admin\AppData\Local\Temp\free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe" C:\Users\admin\AppData\Local\Temp\free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe
explorer.exe
User:
admin
Company:
Softonic
Integrity Level:
HIGH
Description:
Softonic
Exit code:
0
Version:
3.1.0.11108
Modules
Images
c:\users\admin\appdata\local\temp\free-m4a-to-mp3-converter-es-2022.1-installer_zv-70a1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
5 467
Read events
5 420
Write events
47
Delete events
0

Modification events

(PID) Process:(6240) free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:writeName:Implementing
Value:
1C00000001000000E907010005000A001600040012001603010000001E768127E028094199FEB9D127C57AFE
(PID) Process:(6240) free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Operation:writeName:Implementing
Value:
1C00000001000000E907010005000A001600040012001903010000001E768127E028094199FEB9D127C57AFE
(PID) Process:(6240) free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
0100000000000000140A9498AB63DB01
(PID) Process:(7024) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7024) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7024) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6220) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera\
(PID) Process:(2676) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A4B11047-79C1-44C5-B6F2-8A868755ABE5}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(2676) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{A4B11047-79C1-44C5-B6F2-8A868755ABE5}
Operation:writeName:FriendlyName
Value:
TrackSwitch
(PID) Process:(2676) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{A4B11047-79C1-44C5-B6F2-8A868755ABE5}
Operation:writeName:CLSID
Value:
{A4B11047-79C1-44C5-B6F2-8A868755ABE5}
Executable files
55
Suspicious files
30
Text files
10
Unknown types
1

Dropped files

PID
Process
Filename
Type
6220setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2501102204203416220.dllexecutable
MD5:41DAEDCDA16A5341463070DBAC45624A
SHA256:733701D47B47B544D0B96343B521266702BD8E43EDCB7C799C9CBAF07C7E3838
7024setup.exeC:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.datbinary
MD5:9D493CF71C19FECC8532896FACEF94F5
SHA256:EF042E3C076B082E66C50DFE2A3C8454768B591AAFB1E1D578713CEC5B1D6FDC
7024setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:1ED7F7F95A9D4744FCD73E637FBC992A
SHA256:5F9035BD8932EFA7131449873CC4A17CC0F1273488FDB2A0A89669E9FCCCFF3A
6240free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exeC:\Users\admin\Downloads\free-m4a-to-mp3-converter-es-2022.1-installer.exeexecutable
MD5:AF922ED8A82746D3075C445FEA4EC641
SHA256:620890DEE4647E0729979440A7EFAC1F5FC974332B0EC921CDE3A27B516022BF
6992OperaSetup.exeC:\Users\admin\AppData\Local\Temp\7zS05B91DD3\setup.exeexecutable
MD5:71AD4FFF7C190194C8A544776B54DCC5
SHA256:37490D7B909307CF474A081D16D87320BFC05CD0D382B4CE0D2AEC4459CEA9D9
7024setup.exeC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exeexecutable
MD5:71AD4FFF7C190194C8A544776B54DCC5
SHA256:37490D7B909307CF474A081D16D87320BFC05CD0D382B4CE0D2AEC4459CEA9D9
7132setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2501102204200907132.dllexecutable
MD5:41DAEDCDA16A5341463070DBAC45624A
SHA256:733701D47B47B544D0B96343B521266702BD8E43EDCB7C799C9CBAF07C7E3838
4912setup.exeC:\Users\admin\AppData\Local\Temp\Opera_installer_2501102204206374912.dllexecutable
MD5:41DAEDCDA16A5341463070DBAC45624A
SHA256:733701D47B47B544D0B96343B521266702BD8E43EDCB7C799C9CBAF07C7E3838
7024setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:45BF2ABFD1A60226D1329F9BB2C5BDB0
SHA256:59C76126EC916C0E191F2DE03327C83531CC50D60EABD997F1FD7F1ED84E4357
7024setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\features[1].jsonbinary
MD5:D32C9616AD3FBCC151596FD0F4E4F8CD
SHA256:BDF567FF5F5CB7B980C41C754BCAE29209EC25C19426D897DA44AAB2EBDB2714
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
48
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
304
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7024
setup.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
7024
setup.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnxLiz3Fu1WB6n1%2FE6xWn1b0jXiQQUdIWAwGbH3zfez70pN6oDHb7tzRcCEA17ZgsSl63KHstWnAbUez0%3D
unknown
whitelisted
4624
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.144:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5780
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 23.48.23.147
  • 23.48.23.158
  • 23.48.23.176
  • 23.48.23.167
  • 23.48.23.162
  • 23.48.23.169
  • 23.48.23.166
  • 23.48.23.145
  • 23.48.23.141
whitelisted
www.bing.com
  • 104.126.37.144
  • 104.126.37.147
  • 104.126.37.153
  • 104.126.37.185
  • 104.126.37.179
  • 104.126.37.130
  • 104.126.37.145
  • 104.126.37.123
  • 104.126.37.155
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
di7e1j5f1plfo.cloudfront.net
  • 18.245.78.188
  • 18.245.78.145
  • 18.245.78.212
  • 18.245.78.185
whitelisted
images.sftcdn.net
  • 146.75.121.91
whitelisted
login.live.com
  • 20.190.159.75
  • 40.126.31.67
  • 20.190.159.2
  • 20.190.159.0
  • 20.190.159.73
  • 20.190.159.68
  • 40.126.31.69
  • 20.190.159.71
whitelisted
gsf-fl.softonic.com
  • 146.75.121.91
whitelisted

Threats

No threats detected
Process
Message
free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe
LoadingPage
free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe
WelcomePage
free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe
ProductPage
free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe
DownloadPageDLM
free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe
FinishPageDLM
assistant_installer.exe
[0110/220450.611:INFO:assistant_installer_main.cc(168)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501102204201\assistant\assistant_installer.exe" --version
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
free-m4a-to-mp3-converter-es-2022.1-installer_Zv-70A1.exe