File name:

Vega X Windows_27101645.exe

Full analysis: https://app.any.run/tasks/e8275cba-9030-4662-b6ec-4b9a2aa29767
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 15, 2025, 23:06:25
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ossproxy
premieropinion
adware
relevantknowledge
stealer
opera
tool
pua
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

554ACBE34759FB497953425E55B35DE3

SHA1:

A73B6E2515C430ADAE914E43632EB7E951D6B256

SHA256:

F3576D9B6CCC35445BBD3B785A8B9A5F49E64BC14F2FB137245D76D00A4D8D45

SSDEEP:

98304:cH4eksk0hz+zlyOFlXBuwPc8LIYj9XzWy31Z5xDxE8k4+HrpHkC/vNDjRsHHLI3D:u7Rz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • OSSPROXY mutex has been found

      • ContentI3.exe (PID: 616)
      • ContentI3.exe (PID: 6808)
      • pmropn.exe (PID: 4980)
      • pmropn.exe (PID: 2552)
      • pmropn32.exe (PID: 968)
      • opera.exe (PID: 2340)
      • pmropn64.exe (PID: 7992)

    • PREMIEROPINION mutex has been found

      • ContentI3.exe (PID: 6808)
      • ContentI3.exe (PID: 616)
      • pmropn.exe (PID: 4980)
      • pmropn.exe (PID: 2552)
      • opera.exe (PID: 2340)

    • Application was injected by another process

      • svchost.exe (PID: 1260)

    • RELEVANTKNOWLEDGE mutex has been found

      • rundll32.exe (PID: 5552)
      • pmropn.exe (PID: 4980)
      • pmropn.exe (PID: 2552)
      • pmropn32.exe (PID: 968)
      • Vega X Windows_27101645.exe (PID: 7564)
      • opera.exe (PID: 2340)
      • notepad.exe (PID: 7304)
      • chrome.exe (PID: 7824)
      • opera_crashreporter.exe (PID: 2288)
      • chrome.exe (PID: 7848)

    • Runs injected code in another process

      • rundll32.exe (PID: 5552)

    • Change Internet Settings

      • pmropn.exe (PID: 2552)

    • Actions looks like stealing of personal data

      • pmropn.exe (PID: 2552)

    • OSSPROXY has been detected (SURICATA)

      • pmropn.exe (PID: 2552)

    • ADWARE has been detected (SURICATA)

      • pmropn.exe (PID: 2552)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7868)
      • ContentI3.exe (PID: 6808)
      • ContentI3.exe (PID: 616)
      • pmropn.exe (PID: 4980)
      • pmropn.exe (PID: 2552)
      • installer.exe (PID: 4008)

    • There is functionality for taking screenshot (YARA)

      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7868)
      • setup.exe (PID: 7892)
      • setup.exe (PID: 8020)
      • setup.exe (PID: 8120)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 7892)
      • OperaGX.exe (PID: 7840)
      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7868)
      • setup.exe (PID: 7980)
      • setup.exe (PID: 8020)
      • setup.exe (PID: 8120)
      • ContentI3.exe (PID: 6808)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 4892)
      • ContentI3.exe (PID: 616)
      • pmropn.exe (PID: 4980)
      • installer.exe (PID: 4008)
      • installer.exe (PID: 7800)
      • installer.exe (PID: 9920)
      • opera_autoupdate.exe (PID: 8428)
      • installer.exe (PID: 9240)
      • installer.exe (PID: 7736)
      • opera.exe (PID: 2600)

    • Application launched itself

      • setup.exe (PID: 7868)
      • setup.exe (PID: 8020)
      • assistant_installer.exe (PID: 1660)
      • installer.exe (PID: 4008)
      • opera.exe (PID: 2340)
      • opera_autoupdate.exe (PID: 8752)
      • opera_autoupdate.exe (PID: 8428)
      • installer.exe (PID: 9920)

    • Starts itself from another location

      • setup.exe (PID: 7868)

    • Start notepad (likely ransomware note)

      • Vega X Windows_27101645.exe (PID: 7564)

    • Creates a software uninstall entry

      • pmropn.exe (PID: 4980)
      • pmservice.exe (PID: 3240)
      • ContentI3.exe (PID: 616)
      • ContentI3.exe (PID: 6808)
      • installer.exe (PID: 4008)
      • pmropn.exe (PID: 2552)

    • Adds/modifies Windows certificates

      • pmropn.exe (PID: 4980)
      • pmservice.exe (PID: 3240)

    • Executes as Windows Service

      • pmservice.exe (PID: 3240)

    • Searches for installed software

      • pmservice.exe (PID: 3240)
      • pmropn.exe (PID: 4980)
      • svchost.exe (PID: 1260)
      • rundll32.exe (PID: 5552)
      • reg.exe (PID: 6112)
      • ContentI3.exe (PID: 616)
      • ContentI3.exe (PID: 6808)
      • installer.exe (PID: 4008)
      • pmropn.exe (PID: 2552)
      • pmropn32.exe (PID: 968)
      • pmropn64.exe (PID: 7992)
      • Vega X Windows_27101645.exe (PID: 7564)
      • opera.exe (PID: 2340)
      • notepad.exe (PID: 7304)
      • opera_crashreporter.exe (PID: 2288)
      • unsecapp.exe (PID: 7252)
      • opera.exe (PID: 3364)
      • opera.exe (PID: 6760)
      • opera.exe (PID: 7200)
      • opera.exe (PID: 4728)

    • Uses RUNDLL32.EXE to load library

      • pmservice.exe (PID: 3240)

    • Reads the date of Windows installation

      • installer.exe (PID: 4008)

    • Starts CMD.EXE for commands execution

      • pmservice.exe (PID: 3240)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 8428)

    • Potential Corporate Privacy Violation

      • pmropn.exe (PID: 2552)

    • Connects to unusual port

      • pmropn.exe (PID: 2552)

    • Starts POWERSHELL.EXE for commands execution

      • pmropn.exe (PID: 2552)

  • INFO

    • Checks supported languages

      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7892)
      • OperaGX.exe (PID: 7840)
      • setup.exe (PID: 7868)
      • setup.exe (PID: 7980)
      • setup.exe (PID: 8020)
      • setup.exe (PID: 8120)
      • ContentI3.exe (PID: 616)
      • ContentI3.exe (PID: 6808)
      • pmropn.exe (PID: 4980)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 4892)
      • assistant_installer.exe (PID: 1660)
      • assistant_installer.exe (PID: 1228)
      • pmservice.exe (PID: 3240)
      • pmropn.exe (PID: 2552)
      • installer.exe (PID: 4008)
      • installer.exe (PID: 7800)
      • opera.exe (PID: 4024)
      • opera_crashreporter.exe (PID: 6964)
      • opera_crashreporter.exe (PID: 2288)
      • opera.exe (PID: 2340)
      • opera.exe (PID: 3180)
      • opera.exe (PID: 7052)
      • opera.exe (PID: 5776)
      • opera.exe (PID: 3016)
      • opera.exe (PID: 536)
      • opera.exe (PID: 7100)
      • opera.exe (PID: 3992)
      • pmropn32.exe (PID: 968)
      • opera.exe (PID: 5512)
      • opera.exe (PID: 1116)
      • opera.exe (PID: 5968)
      • opera.exe (PID: 7292)
      • pmropn64.exe (PID: 7992)
      • opera.exe (PID: 3364)
      • opera.exe (PID: 6760)
      • opera.exe (PID: 7960)
      • opera.exe (PID: 7200)
      • opera.exe (PID: 7276)
      • opera.exe (PID: 7932)
      • opera.exe (PID: 4336)
      • opera.exe (PID: 7880)
      • opera.exe (PID: 8088)
      • opera.exe (PID: 4728)
      • opera.exe (PID: 7240)
      • opera.exe (PID: 1244)

    • Reads the computer name

      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7868)
      • setup.exe (PID: 8020)
      • ContentI3.exe (PID: 616)
      • ContentI3.exe (PID: 6808)
      • assistant_installer.exe (PID: 1660)
      • pmropn.exe (PID: 4980)
      • pmservice.exe (PID: 3240)
      • pmropn.exe (PID: 2552)
      • opera.exe (PID: 4024)
      • installer.exe (PID: 4008)
      • opera.exe (PID: 2340)
      • opera.exe (PID: 7052)
      • opera.exe (PID: 3180)

    • The sample compiled with english language support

      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7892)
      • OperaGX.exe (PID: 7840)
      • setup.exe (PID: 7868)
      • setup.exe (PID: 7980)
      • setup.exe (PID: 8020)
      • setup.exe (PID: 8120)
      • ContentI3.exe (PID: 6808)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 4892)
      • ContentI3.exe (PID: 616)
      • pmropn.exe (PID: 4980)
      • installer.exe (PID: 7800)
      • installer.exe (PID: 4008)
      • installer.exe (PID: 9920)
      • installer.exe (PID: 9240)
      • opera_autoupdate.exe (PID: 8428)
      • installer.exe (PID: 7736)

    • Checks proxy server information

      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7868)
      • pmropn.exe (PID: 4980)
      • pmropn.exe (PID: 2552)
      • opera.exe (PID: 2340)

    • Reads the machine GUID from the registry

      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7868)
      • pmropn.exe (PID: 4980)
      • pmservice.exe (PID: 3240)
      • pmropn.exe (PID: 2552)
      • opera.exe (PID: 2340)

    • Creates files or folders in the user directory

      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7868)
      • ContentI3.exe (PID: 6808)
      • ContentI3.exe (PID: 616)
      • setup.exe (PID: 8020)
      • pmropn.exe (PID: 4980)
      • setup.exe (PID: 7892)
      • pmropn.exe (PID: 2552)
      • installer.exe (PID: 4008)
      • opera.exe (PID: 2340)
      • opera.exe (PID: 3180)

    • Create files in a temporary directory

      • OperaGX.exe (PID: 7840)
      • setup.exe (PID: 7868)
      • setup.exe (PID: 7980)
      • setup.exe (PID: 8020)
      • setup.exe (PID: 8120)
      • Vega X Windows_27101645.exe (PID: 7564)
      • ContentI3.exe (PID: 6808)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 4892)
      • ContentI3.exe (PID: 616)
      • setup.exe (PID: 7892)
      • installer.exe (PID: 4008)
      • installer.exe (PID: 7800)
      • opera.exe (PID: 2340)

    • Reads the software policy settings

      • Vega X Windows_27101645.exe (PID: 7564)
      • setup.exe (PID: 7868)
      • pmropn.exe (PID: 4980)
      • pmservice.exe (PID: 3240)
      • pmropn.exe (PID: 2552)

    • Process checks computer location settings

      • Vega X Windows_27101645.exe (PID: 7564)
      • opera.exe (PID: 3992)
      • opera.exe (PID: 2340)
      • opera.exe (PID: 7276)
      • opera.exe (PID: 7960)
      • opera.exe (PID: 7932)
      • opera.exe (PID: 5968)
      • opera.exe (PID: 7292)
      • opera.exe (PID: 8088)

    • Creates files in the program directory

      • ContentI3.exe (PID: 6808)
      • ContentI3.exe (PID: 616)
      • reg.exe (PID: 6112)
      • pmropn.exe (PID: 4980)
      • pmservice.exe (PID: 3240)
      • pmropn.exe (PID: 2552)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 7304)
      • cmd.exe (PID: 4208)
      • cmd.exe (PID: 7192)

    • OSSPROXY has been detected

      • ContentI3.exe (PID: 6808)
      • pmservice.exe (PID: 3240)
      • cmd.exe (PID: 4208)
      • cmd.exe (PID: 7192)

    • Manual execution by a user

      • opera.exe (PID: 2340)
      • chrome.exe (PID: 7848)

    • OPERA mutex has been found

      • opera.exe (PID: 2340)

    • Application launched itself

      • chrome.exe (PID: 7848)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:05 13:46:08+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.22
CodeSize: 4352000
InitializedDataSize: 1675264
UninitializedDataSize: -
EntryPoint: 0x3989ba
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Download Manager
FileVersion: 1
InternalName: Download Manager
LegalCopyright: Download Manager
OriginalFileName: Download Manager
ProductName: Download Manager
ProductVersion: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
435
Monitored processes
291
Malicious processes
21
Suspicious processes
2

Behavior graph

Click at the process to see the details
start #RELEVANTKNOWLEDGE vega x windows_27101645.exe operagx.exe setup.exe setup.exe setup.exe setup.exe setup.exe #PREMIEROPINION contenti3.exe #PREMIEROPINION contenti3.exe #RELEVANTKNOWLEDGE notepad.exe no specs opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe #PREMIEROPINION pmropn.exe assistant_installer.exe no specs assistant_installer.exe no specs slui.exe pmservice.exe #RELEVANTKNOWLEDGE rundll32.exe no specs reg.exe no specs conhost.exe no specs #PREMIEROPINION pmropn.exe installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs opera.exe no specs opera_crashreporter.exe no specs #PREMIEROPINION opera.exe #RELEVANTKNOWLEDGE opera_crashreporter.exe no specs unsecapp.exe no specs cmd.exe no specs cmd.exe no specs pmropn64.exe no specs pmropn32.exe no specs pmropn32.exe no specs pmropn64.exe no specs opera.exe opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs #RELEVANTKNOWLEDGE chrome.exe pmropn64.exe no specs #RELEVANTKNOWLEDGE pmropn32.exe no specs #RELEVANTKNOWLEDGE chrome.exe no specs opera_gx_splash.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs checknetisolation.exe no specs conhost.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs pmropn.exe no specs opera.exe no specs checknetisolation.exe no specs conhost.exe no specs opera_autoupdate.exe opera_autoupdate.exe opera_autoupdate.exe no specs checknetisolation.exe no specs conhost.exe no specs opera.exe no specs opera_autoupdate.exe no specs comppkgsrv.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs opera.exe no specs checknetisolation.exe no specs conhost.exe no specs opera.exe no specs checknetisolation.exe no specs conhost.exe no specs installer.exe checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs opera.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs installer.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs chrome.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs checknetisolation.exe no specs conhost.exe no specs opera.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs installer.exe chrome.exe no specs chrome.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs chrome.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs notepad.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs chrome.exe no specs pmropn.exe chrome.exe no specs opera.exe no specs powershell.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs opera.exe no specs opera.exe no specs chrome.exe no specs chrome.exe no specs sechealthui.exe no specs securityhealthhost.exe no specs securityhealthhost.exe no specs securityhealthhost.exe no specs opera.exe chrome.exe no specs chrome.exe no specs opera.exe no specs svchost.exe svchost.exe vega x windows_27101645.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
536"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:gx-widgets-mission=off --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=on --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:panic-button=on --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-test:DNA-99214_GXCTest50,DNA-112027-gx-mission-widget-off:DNA-112027 --field-trial-handle=3000,i,11114709137043068696,10344815965207741305,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3144 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
118.0.5461.120
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\118.0.5461.120\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
616"C:\Users\admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnionC:\Users\admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
Vega X Windows_27101645.exe
User:
admin
Company:
VoiceFive Networks, Inc.
Integrity Level:
HIGH
Description:
PremierOpinion Installer
Exit code:
0
Version:
1.0.8.1 (Build 1)
Modules
Images
c:\users\admin\appdata\local\temp\premieropinion\contenti3.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
960"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 OPR/118.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:gx-widgets-mission=off --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=on --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:panic-button=on --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-test:DNA-99214_GXCTest50,DNA-112027-gx-mission-widget-off:DNA-112027 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7684,i,11114709137043068696,10344815965207741305,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7696 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
118.0.5461.120
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\118.0.5461.120\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
968"C:\PROGRA~2\PREMIE~1\pmropn32.exe" 2552C:\Program Files (x86)\PremierOpinion\pmropn32.exe
cmd.exe
User:
SYSTEM
Company:
VoiceFive, Inc.
Integrity Level:
HIGH
Description:
PremierOpinion
Version:
1.0.14.10 (Build 14.10)
Modules
Images
c:\program files (x86)\premieropinion\pmropn32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1116"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:gx-widgets-mission=off --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=on --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:panic-button=on --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-test:DNA-99214_GXCTest50,DNA-112027-gx-mission-widget-off:DNA-112027 --field-trial-handle=3044,i,11114709137043068696,10344815965207741305,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=3080 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
118.0.5461.120
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\118.0.5461.120\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1196CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.webpimageextension_8wekyb3d8bbweC:\Windows\SysWOW64\CheckNetIsolation.exepmropn.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
AppContainer Network Isolation Diagnostic Tool
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\checknetisolation.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
1228"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202505152306531\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2ac,0x2b0,0x2b4,0x284,0x2b8,0xba4f48,0xba4f58,0xba4f64C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202505152306531\assistant\assistant_installer.exeassistant_installer.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera GX Browser Assistant Installer
Exit code:
0
Version:
73.0.3856.382
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\opera_package_202505152306531\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1244"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 OPR/118.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:gx-widgets-mission=off --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=on --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:panic-button=on --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest50-test:DNA-99214_GXCTest50,DNA-112027-gx-mission-widget-off:DNA-112027 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6656,i,11114709137043068696,10344815965207741305,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=7008 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
118.0.5461.120
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\118.0.5461.120\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1260C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s ScheduleC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
1276"C:\Users\admin\AppData\Local\Programs\Opera GX\118.0.5461.120\opera_gx_splash.exe" --instance-name=5dd08f40413fd477cb25fa615ff02371C:\Users\admin\AppData\Local\Programs\Opera GX\118.0.5461.120\opera_gx_splash.exeopera.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\118.0.5461.120\opera_gx_splash.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
92 808
Read events
91 362
Write events
1 304
Delete events
142

Modification events

(PID) Process:(7564) Vega X Windows_27101645.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7564) Vega X Windows_27101645.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7564) Vega X Windows_27101645.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1260) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CEC0B91-4AE9-4E8A-ACB2-3B4C811F442C}
Operation:writeName:DynamicInfo
Value:
0300000059EDC123AAB7D8014D3758FDEDC5DB0100000000000000009D263702EEC5DB01
(PID) Process:(1260) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\RUXIM
Operation:writeName:SD
Value:
0100049C5C000000680000000000000014000000020048000300000000001400FF011F0001010000000000051200000000001400A900120001010000000000051300000000001800A900120001020000000000052000000020020000010100000000000512000000010100000000000512000000
(PID) Process:(1260) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler
Operation:writeName:Index
Value:
2
(PID) Process:(1260) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C5B5846-5719-4E9F-A370-765D876DB0EF}
Operation:writeName:Hash
Value:
616EF862EC8F7E8ED858D89898FB22EF900ABC366B1E9928E10AF3530ADF5430
(PID) Process:(1260) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C5B5846-5719-4E9F-A370-765D876DB0EF}
Operation:writeName:Schema
Value:
65540
(PID) Process:(1260) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C5B5846-5719-4E9F-A370-765D876DB0EF}
Operation:writeName:Version
Value:
1.0
(PID) Process:(1260) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C5B5846-5719-4E9F-A370-765D876DB0EF}
Operation:delete valueName:Date
Value:
Executable files
71
Suspicious files
1 335
Text files
739
Unknown types
0

Dropped files

PID
Process
Filename
Type
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:52DDE1FAD935E3573E986FCB36B80D8B
SHA256:14F46FA6811BCC49C6C0310867E9FC365099A4677FD88102D921682F3A613D30
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:49A45D62BE4DBA14980516518D59D181
SHA256:3FA3CB116DDAF943DE0E07D612C9378BE9B445FDB6120A70AFA2DAE82A283FC8
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199binary
MD5:EC1F450492CE0725C76D6FD8FB30ABC8
SHA256:2CE044F423E907487029BA5D23CA15143E72E1F31EB241ABBB049A5193C97CFF
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199binary
MD5:C22301B5245B697AA0D960E7D3A2D560
SHA256:8E63BB9D833DDFF90DB225799A6B20821540B2A10AB3764EE07767259765DA0E
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\service[1].htmtext
MD5:819187846403774DFD18B43B7C57E8E1
SHA256:4AB62FD5FC61771D1D98547E161212C1EF475F62B91E8DD972473DBA0BDEDC2D
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E7A1EFBE05B12DE86593547A5FC0E236_E4D806264EAC942B529552B576410380binary
MD5:F466A4FC1C7A1F685C9E4ED2F1FA2431
SHA256:F3C0BE103BA7F1750F4929B0794E6711C94EC13BFFF1EB4292E596CEB67DF4F5
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\geo[1].htmtext
MD5:A79025095D5E39A1CA6CE4F0A1F21338
SHA256:F7EAFB14C2AC496C1411B9CFD6C484DA18DDDEED119CB6DD9B25498D29E005DB
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E7A1EFBE05B12DE86593547A5FC0E236_E4D806264EAC942B529552B576410380binary
MD5:4657283C9367CFEA7F5A8D9E88FFE211
SHA256:6C181C1A850B376BE852CAD081D323A747CB68E3C092AD2F44C984E31CD668B2
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:2CE64C5345523B5409FF6D065D21920A
SHA256:8D5972AA773CF2D298E709BD5B09AFF18E77E451C4FB930D4CABB213CF092211
7564Vega X Windows_27101645.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:4A90329071AE30B759D279CCA342B0A6
SHA256:4F544379EDA8E2653F71472AB968AEFD6B5D1F4B3CE28A5EDB14196184ED3B60
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
95
TCP/UDP connections
439
DNS requests
209
Threats
36

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7564
Vega X Windows_27101645.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.20:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7564
Vega X Windows_27101645.exe
GET
200
142.250.186.35:80
http://c.pki.goog/r/r1.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7564
Vega X Windows_27101645.exe
GET
200
142.250.186.35:80
http://o.pki.goog/s/wr3/7DM/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQDsM1CuTUMozAlVORf8Ight
unknown
whitelisted
7564
Vega X Windows_27101645.exe
GET
200
142.250.186.35:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
7564
Vega X Windows_27101645.exe
GET
200
142.250.186.35:80
http://o.pki.goog/s/wr3/Llw/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEC5cnWKHoYQVCnAzKuFJaMg%3D
unknown
whitelisted
7564
Vega X Windows_27101645.exe
GET
200
142.250.186.35:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
7564
Vega X Windows_27101645.exe
POST
200
165.193.78.234:80
http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=0
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4244
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.20:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
7564
Vega X Windows_27101645.exe
35.190.60.70:443
www.dlsft.com
GOOGLE
US
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.206
whitelisted
crl.microsoft.com
  • 23.216.77.20
  • 23.216.77.6
  • 23.216.77.42
  • 23.216.77.36
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.160.67
  • 40.126.32.76
  • 20.190.160.64
  • 20.190.160.17
  • 20.190.160.128
  • 20.190.160.65
  • 20.190.160.22
  • 20.190.160.14
  • 20.190.160.4
  • 40.126.32.133
  • 20.190.160.132
  • 20.190.160.20
  • 20.190.160.66
  • 40.126.32.136
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
www.dlsft.com
  • 35.190.60.70
unknown
ocsp.pki.goog
  • 142.250.186.35
whitelisted
c.pki.goog
  • 142.250.186.35
whitelisted

Threats

PID
Process
Class
Message
3180
opera.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3180
opera.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3240
pmservice.exe
Misc activity
ET FILE_SHARING File Sharing Domain Observed in TLS SNI (mega .nz)
2196
svchost.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
2196
svchost.exe
Misc activity
ET FILE_SHARING Observed DNS Query to Filesharing Service (mega .co .nz)
2552
pmropn.exe
Misc activity
ET FILE_SHARING File Sharing Domain Observed in TLS SNI (mega .nz)
2196
svchost.exe
Misc activity
ET FILE_SHARING File Sharing Related Domain in DNS Lookup (mega .nz)
2552
pmropn.exe
Misc activity
ET FILE_SHARING File Sharing Domain Observed in TLS SNI (mega .nz)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Vega X Windows_27101645.exe