URL:

http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl

Full analysis: https://app.any.run/tasks/af71af32-ef55-4b42-bb9d-d29dde20a328
Verdict: Malicious activity
Analysis date: July 18, 2019, 11:39:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

93BBB2CF0A57F5B5E857DEDF99FFA97C

SHA1:

58A7930E4E687F5137F01E599FFCC5FC3875D08D

SHA256:

EA06ECAEFE4CD8092502D059D690A7355F6C0252DB356EC1AD776BB453683ACA

SSDEEP:

3:N1KfxMRX6GTKIjs2QDWHWIdMB5UQ070ukcrUIEoJD/n:C5MRX6KKIBWWHJOBmQyIIEa/n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Creates files in the user directory

      • opera.exe (PID: 3876)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
3876"C:\Program Files\Opera\opera.exe" "http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl"C:\Program Files\Opera\opera.exe
explorer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Exit code:
0
Version:
1748
Modules
Images
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
Total events
246
Read events
186
Write events
60
Delete events
0

Modification events

(PID) Process:(3876) opera.exeKey:HKEY_CURRENT_USER\Software\Opera Software
Operation:writeName:Last CommandLine v2
Value:
C:\Program Files\Opera\opera.exe "http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl"
(PID) Process:(3876) opera.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
72
Text files
29
Unknown types
42

Dropped files

PID
Process
Filename
Type
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprFBE5.tmp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprFBF5.tmp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprFC35.tmp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BT4UBNXJBYYC3TMIAHRP.temp
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fagilitrix.com%2Fwp-content%2Fuploads%2F2018%2F04%2FAgilitrix-Favicon-150x150.png
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RFe076e.TMPbinary
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-msbinary
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fagilitrix.com%2Fwp-content%2Fuploads%2F2018%2F04%2FAgilitrix-Favicon.pngimage
MD5:
SHA256:
3876opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.datbinary
MD5:1AA8644C9261DC10F7247F6A145C1DD2
SHA256:58A8933F65361633C6AB194000D312DC9D566F717B1A16814A0DBEE24A60EBE3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
152
TCP/UDP connections
114
DNS requests
56
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-includes/css/media-views.min.css?ver=5.1.1
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-includes/css/dist/block-library/style.min.css?ver=5.1.1
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-includes/css/buttons.min.css?ver=5.1.1
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/uploads/2018/04/Agilitrix-Logo-Horz-Slogan-Colour.png
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/plugins/download-manager/assets/fontawesome/css/all.css?ver=5.1.1
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/plugins/download-manager/assets/bootstrap/css/bootstrap.css?ver=5.1.1
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/plugins/ap-custom-testimonial-pro/css/frontend.css?ver=1.2.7
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-includes/js/imgareaselect/imgareaselect.css?ver=0.9.8
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/plugins/ap-custom-testimonial-pro/css/jquery.bxslider.css?ver=1.2.7
US
unknown
3876
opera.exe
GET
104.197.149.35:80
http://agilitrix.com/wp-content/plugins/ap-custom-testimonial-pro/css/prettyPhoto.css?ver=5.1.1
US
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3876
opera.exe
185.26.182.94:443
certs.opera.com
Opera Software AS
whitelisted
3876
opera.exe
104.197.149.35:80
agilitrix.com
Google Inc.
US
unknown
3876
opera.exe
185.26.182.93:80
certs.opera.com
Opera Software AS
whitelisted
54.244.183.249:80
adpxl.co
Amazon.com, Inc.
US
unknown
216.58.206.8:443
www.googletagmanager.com
Google Inc.
US
whitelisted
216.58.206.3:80
crl.pki.goog
Google Inc.
US
whitelisted
3876
opera.exe
216.58.205.227:80
ocsp.pki.goog
Google Inc.
US
whitelisted
216.58.210.10:80
fonts.googleapis.com
Google Inc.
US
whitelisted
3876
opera.exe
172.217.16.174:443
www.google-analytics.com
Google Inc.
US
whitelisted
104.17.211.204:80
js.hs-scripts.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
agilitrix.com
  • 104.197.149.35
unknown
certs.opera.com
  • 185.26.182.94
  • 185.26.182.93
whitelisted
crl4.digicert.com
  • 93.184.220.29
whitelisted
sitecheck2.opera.com
  • 185.26.182.93
  • 185.26.182.94
  • 185.26.182.111
  • 185.26.182.112
whitelisted
www.googletagmanager.com
  • 216.58.206.8
whitelisted
platform-api.sharethis.com
  • 2.19.43.118
whitelisted
adpxl.co
  • 54.244.183.249
malicious
fonts.googleapis.com
  • 216.58.210.10
whitelisted
cj369.infusionsoft.com
  • 104.16.159.106
  • 104.16.158.106
unknown
crl.pki.goog
  • 216.58.206.3
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://agilitrix.com/mwg-internal/de5fs23hu73ds/progress?id=1g2-HSamp8nQFZ6Cpof9a-XCY30IX80m89NPM8Nf1aM,&dl