URL:

https://filedm.com/Zy2EH

Full analysis: https://app.any.run/tasks/3a592517-2788-4ecf-a6f9-c8eb2846d44b
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 21, 2025, 14:20:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ossproxy
premieropinion
adware
relevantknowledge
arch-exec
Indicators:
MD5:

A9B06D44D1FBAA45B9175B33E772962F

SHA1:

A67CF5EAFC33663B5DAF2455BEACE3787FC13448

SHA256:

FB802E34B3FE0969CE2E655168E8C8E18CC3168BED0E164045E33E1F482C555B

SSDEEP:

3:N8/Kkwt:2/BY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • OSSPROXY mutex has been found

      • ContentI3.exe (PID: 6256)
      • pmropn.exe (PID: 132)

    • PREMIEROPINION mutex has been found

      • ContentI3.exe (PID: 6256)
      • pmropn.exe (PID: 132)

    • RELEVANTKNOWLEDGE mutex has been found

      • rundll32.exe (PID: 4300)
      • pmropn.exe (PID: 132)

    • Runs injected code in another process

      • rundll32.exe (PID: 4300)

    • Application was injected by another process

      • svchost.exe (PID: 1260)

    • ADWARE has been detected (SURICATA)

      • pmropn.exe (PID: 2088)

    • OSSPROXY has been detected (SURICATA)

      • pmropn.exe (PID: 2088)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • Visual Exploit_83725723.exe (PID: 7200)

    • Executable content was dropped or overwritten

      • Visual Exploit_83725723.exe (PID: 7200)
      • setup.exe (PID: 1132)
      • setup.exe (PID: 1272)
      • OperaGX.exe (PID: 1452)
      • setup.exe (PID: 1512)
      • setup.exe (PID: 6148)
      • setup.exe (PID: 7192)
      • ContentI3.exe (PID: 6256)
      • pmropn.exe (PID: 132)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 856)
      • installer.exe (PID: 7964)
      • installer.exe (PID: 7324)
      • installer.exe (PID: 9640)
      • installer.exe (PID: 9372)

    • Executes as Windows Service

      • GameBooster.exe (PID: 7228)
      • pmservice.exe (PID: 4572)

    • Creates a software uninstall entry

      • GameBooster.exe (PID: 7240)
      • pmropn.exe (PID: 132)
      • pmservice.exe (PID: 4572)

    • Reads security settings of Internet Explorer

      • Visual Exploit_83725723.exe (PID: 7200)
      • setup.exe (PID: 1272)
      • ContentI3.exe (PID: 6256)
      • pmropn.exe (PID: 132)

    • Application launched itself

      • setup.exe (PID: 1272)
      • GameBooster.exe (PID: 7228)
      • setup.exe (PID: 6148)
      • assistant_installer.exe (PID: 1660)
      • installer.exe (PID: 7324)
      • opera.exe (PID: 8528)
      • opera_autoupdate.exe (PID: 9812)
      • opera_autoupdate.exe (PID: 9936)
      • installer.exe (PID: 9640)
      • opera_autoupdate.exe (PID: 9568)

    • Starts itself from another location

      • setup.exe (PID: 1272)

    • Start notepad (likely ransomware note)

      • Visual Exploit_83725723.exe (PID: 7200)

    • Searches for installed software

      • pmropn.exe (PID: 132)
      • pmservice.exe (PID: 4572)
      • rundll32.exe (PID: 4300)
      • svchost.exe (PID: 1260)
      • reg.exe (PID: 5044)

    • Uses RUNDLL32.EXE to load library

      • pmservice.exe (PID: 4572)

    • Starts CMD.EXE for commands execution

      • pmservice.exe (PID: 4572)

    • Executes application which crashes

      • setup.exe (PID: 6148)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 9812)

    • Potential Corporate Privacy Violation

      • pmropn.exe (PID: 2088)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 7328)
      • msedge.exe (PID: 4692)

    • Checks supported languages

      • identity_helper.exe (PID: 2392)
      • Visual Exploit_83725723.exe (PID: 7200)
      • GameBooster.exe (PID: 7228)
      • GameBooster.exe (PID: 7240)
      • setup.exe (PID: 1272)
      • setup.exe (PID: 1132)
      • setup.exe (PID: 1512)
      • OperaGX.exe (PID: 1452)
      • GameBooster.exe (PID: 7368)
      • setup.exe (PID: 7192)
      • setup.exe (PID: 6148)
      • ContentI3.exe (PID: 6256)
      • pmservice.exe (PID: 4572)
      • pmropn.exe (PID: 132)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 856)
      • assistant_installer.exe (PID: 1660)
      • assistant_installer.exe (PID: 8152)

    • Reads the computer name

      • identity_helper.exe (PID: 2392)
      • Visual Exploit_83725723.exe (PID: 7200)
      • GameBooster.exe (PID: 7240)
      • GameBooster.exe (PID: 7228)
      • setup.exe (PID: 1272)
      • GameBooster.exe (PID: 7368)
      • setup.exe (PID: 6148)
      • ContentI3.exe (PID: 6256)
      • pmropn.exe (PID: 132)
      • pmservice.exe (PID: 4572)
      • assistant_installer.exe (PID: 1660)

    • The sample compiled with english language support

      • msedge.exe (PID: 7328)
      • Visual Exploit_83725723.exe (PID: 7200)
      • setup.exe (PID: 1132)
      • setup.exe (PID: 1272)
      • OperaGX.exe (PID: 1452)
      • setup.exe (PID: 6148)
      • setup.exe (PID: 7192)
      • setup.exe (PID: 1512)
      • pmropn.exe (PID: 132)
      • ContentI3.exe (PID: 6256)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 856)
      • installer.exe (PID: 7324)
      • installer.exe (PID: 9640)
      • installer.exe (PID: 9372)
      • installer.exe (PID: 7964)

    • Reads Environment values

      • identity_helper.exe (PID: 2392)

    • Creates files or folders in the user directory

      • Visual Exploit_83725723.exe (PID: 7200)
      • setup.exe (PID: 1272)
      • ContentI3.exe (PID: 6256)
      • pmropn.exe (PID: 132)
      • setup.exe (PID: 6148)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7328)
      • WinRAR.exe (PID: 2284)

    • Reads the software policy settings

      • slui.exe (PID: 6388)
      • Visual Exploit_83725723.exe (PID: 7200)
      • GameBooster.exe (PID: 7228)
      • setup.exe (PID: 1272)
      • slui.exe (PID: 3956)
      • pmropn.exe (PID: 132)
      • pmservice.exe (PID: 4572)

    • Creates files in the program directory

      • Visual Exploit_83725723.exe (PID: 7200)
      • ContentI3.exe (PID: 6256)
      • pmropn.exe (PID: 132)
      • reg.exe (PID: 5044)
      • pmservice.exe (PID: 4572)

    • Reads the machine GUID from the registry

      • Visual Exploit_83725723.exe (PID: 7200)
      • setup.exe (PID: 1272)
      • pmropn.exe (PID: 132)
      • pmservice.exe (PID: 4572)

    • Create files in a temporary directory

      • setup.exe (PID: 1132)
      • setup.exe (PID: 1512)
      • setup.exe (PID: 1272)
      • OperaGX.exe (PID: 1452)
      • setup.exe (PID: 6148)
      • setup.exe (PID: 7192)
      • Visual Exploit_83725723.exe (PID: 7200)
      • ContentI3.exe (PID: 6256)
      • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 856)

    • Checks proxy server information

      • setup.exe (PID: 1272)
      • Visual Exploit_83725723.exe (PID: 7200)
      • pmropn.exe (PID: 132)

    • Process checks computer location settings

      • Visual Exploit_83725723.exe (PID: 7200)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 2244)

    • OSSPROXY has been detected

      • ContentI3.exe (PID: 6256)
      • pmservice.exe (PID: 4572)
      • cmd.exe (PID: 1324)
      • cmd.exe (PID: 6456)

    • Manual execution by a user

      • opera.exe (PID: 8528)
      • visual.exe (PID: 7856)
      • visual.exe (PID: 8968)
      • visual.exe (PID: 2320)
      • visual.exe (PID: 6132)
      • visual.exe (PID: 8756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
455
Monitored processes
308
Malicious processes
9
Suspicious processes
3

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs visual exploit_83725723.exe no specs visual exploit_83725723.exe msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs gamebooster.exe no specs gamebooster.exe operagx.exe setup.exe setup.exe setup.exe setup.exe gamebooster.exe no specs setup.exe msedge.exe no specs msedge.exe no specs #PREMIEROPINION contenti3.exe msedge.exe no specs notepad.exe no specs #RELEVANTKNOWLEDGE pmropn.exe pmservice.exe #RELEVANTKNOWLEDGE rundll32.exe no specs reg.exe no specs conhost.exe no specs opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe assistant_installer.exe no specs assistant_installer.exe no specs msedge.exe no specs #OSSPROXY pmropn.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs installer.exe winrar.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs opera.exe no specs unsecapp.exe no specs cmd.exe no specs cmd.exe no specs pmropn64.exe no specs pmropn32.exe no specs pmropn32.exe no specs pmropn64.exe no specs opera_crashreporter.exe no specs pmropn32.exe no specs pmropn64.exe no specs opera.exe no specs opera_crashreporter.exe no specs werfault.exe no specs checknetisolation.exe no specs conhost.exe no specs pmropn.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs opera.exe no specs opera.exe checknetisolation.exe no specs conhost.exe no specs opera.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs opera_gx_splash.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs msedge.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe no specs comppkgsrv.exe no specs installer.exe opera_autoupdate.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs opera_autoupdate.exe no specs opera_autoupdate.exe no specs installer.exe msedge.exe opera_autoupdate.exe no specs opera_autoupdate.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs visual.exe no specs msedge.exe no specs visual.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs visual.exe visual.exe no specs visual.exe pmropn.exe svchost.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
132C:\Program Files (x86)\PremierOpinion\pmropn.exe -install -uninst:PremierOpinion -t:InstallUnion -bid:$7g5hW$P4UDUswPiNhPOPN -o:0C:\Program Files (x86)\PremierOpinion\pmropn.exe
ContentI3.exe
User:
admin
Company:
VoiceFive, Inc.
Integrity Level:
HIGH
Description:
PremierOpinion
Exit code:
0
Version:
1.3.340.310 (Build 340.310)
Modules
Images
c:\program files (x86)\premieropinion\pmropn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\rpcrt4.dll
496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4684 --field-trial-handle=2440,i,13143369737902075377,6069578302830786556,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6208 --field-trial-handle=2440,i,13143369737902075377,6069578302830786556,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
616\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeCheckNetIsolation.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
616CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.capturepicker_cw5n1h2txyewyC:\Windows\SysWOW64\CheckNetIsolation.exepmropn.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
AppContainer Network Isolation Diagnostic Tool
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\checknetisolation.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
668"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6672 --field-trial-handle=2440,i,13143369737902075377,6069578302830786556,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
736"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:keywords-from-backend=off --with-feature:panic-button=on --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest10-test:DNA-99214_GXCTest10,GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=2576,i,13969720923107714770,8227730855456523777,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
118.0.5461.133
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\118.0.5461.133\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
856"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202505211422281\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202505211422281\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Opera installer SFX
Exit code:
0
Version:
73.0.3856.382
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera gx installer temp\opera_package_202505211422281\assistant\opera_gx_assistant_73.0.3856.382_setup.exe_sfx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
920"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 OPR/118.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:keywords-from-backend=off --with-feature:panic-button=on --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest10-test:DNA-99214_GXCTest10,GXCTest50-test:DNA-99214_GXCTest50 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6512,i,13969720923107714770,8227730855456523777,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:2C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
118.0.5461.133
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\118.0.5461.133\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
968"C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 OPR/118.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=off --with-feature:address-bar-dropdown-keyword-ads=on --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:ai-writing-mode-in-context-menu=on --with-feature:aria-in-tab-view=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-april1st=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:hide-navigations-from-extensions=on --with-feature:keywords-from-backend=off --with-feature:panic-button=on --with-feature:play-again=on --with-feature:realtime-impressions-reporting=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --ab_tests=GXCTest10-test:DNA-99214_GXCTest10,GXCTest50-test:DNA-99214_GXCTest50 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4640,i,13969720923107714770,8227730855456523777,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=4616 /prefetch:1C:\Users\admin\AppData\Local\Programs\Opera GX\opera.exeopera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera GX Internet Browser
Exit code:
0
Version:
118.0.5461.133
Modules
Images
c:\users\admin\appdata\local\programs\opera gx\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera gx\118.0.5461.133\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
60 239
Read events
59 536
Write events
470
Delete events
233

Modification events

(PID) Process:(1260) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2AF3602-9179-4BAE-85B3-74A4EF5CF51F}
Operation:writeName:DynamicInfo
Value:
03000000BDCB09F80A59DA014A8F908E5BCADB01000000000000000047B929915BCADB01
(PID) Process:(7328) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7328) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7328) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7328) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(7328) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
59F6505B3C942F00
(PID) Process:(7328) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
4B5C585B3C942F00
(PID) Process:(7328) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393876
Operation:writeName:WindowTabManagerFileMappingId
Value:
{B88BA439-4AC2-4022-8CC3-29D6C8FFC51E}
(PID) Process:(7328) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393876
Operation:writeName:WindowTabManagerFileMappingId
Value:
{3E4947BA-04A8-4F9B-8FA9-1300B810DF0F}
(PID) Process:(7328) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393876
Operation:writeName:WindowTabManagerFileMappingId
Value:
{0FAB3184-C9DB-4178-B319-462181DFD968}
Executable files
69
Suspicious files
588
Text files
347
Unknown types
1

Dropped files

PID
Process
Filename
Type
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10b538.TMP
MD5:
SHA256:
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10b538.TMP
MD5:
SHA256:
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10b548.TMP
MD5:
SHA256:
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10b548.TMP
MD5:
SHA256:
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10b548.TMP
MD5:
SHA256:
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7328msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
73
TCP/UDP connections
235
DNS requests
161
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6872
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6872
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7200
Visual Exploit_83725723.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
whitelisted
7200
Visual Exploit_83725723.exe
GET
200
216.58.212.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
7200
Visual Exploit_83725723.exe
GET
200
216.58.212.163:80
http://o.pki.goog/s/wr3/7DM/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEQDsM1CuTUMozAlVORf8Ight
unknown
whitelisted
7200
Visual Exploit_83725723.exe
GET
200
216.58.212.163:80
http://c.pki.goog/r/r1.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
7328
msedge.exe
239.255.255.250:1900
whitelisted
7596
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7596
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7596
msedge.exe
13.107.253.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
www.microsoft.com
  • 23.35.229.160
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
filedm.com
  • 104.21.64.1
  • 104.21.48.1
  • 104.21.112.1
  • 104.21.96.1
  • 104.21.32.1
  • 104.21.80.1
  • 104.21.16.1
malicious
business.bing.com
  • 13.107.9.158
whitelisted
www.bing.com
  • 92.123.104.49
  • 92.123.104.59
  • 92.123.104.58
  • 92.123.104.63
  • 92.123.104.67
  • 92.123.104.61
  • 92.123.104.66
  • 92.123.104.65
  • 92.123.104.50
  • 92.123.104.41
  • 92.123.104.36
  • 92.123.104.33
  • 92.123.104.34
  • 92.123.104.47
  • 92.123.104.31
  • 92.123.104.62
  • 92.123.104.10
  • 92.123.104.5
  • 92.123.104.18
  • 92.123.104.4
whitelisted
www.googletagmanager.com
  • 142.250.185.200
whitelisted
fonts.googleapis.com
  • 142.250.184.202
  • 216.58.212.170
whitelisted
fonts.gstatic.com
  • 172.217.18.99
  • 142.250.186.35
whitelisted

Threats

PID
Process
Class
Message
7596
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7596
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7596
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7596
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7596
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7596
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7228
GameBooster.exe
Misc activity
ET INFO Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)
7228
GameBooster.exe
Misc activity
ET INFO Cloudflare DNS Over HTTPS Certificate Inbound
2088
pmropn.exe
Potential Corporate Privacy Violation
ET ADWARE_PUP Suspected PUP/PUA User-Agent (OSSProxy)
2088
pmropn.exe
Potential Corporate Privacy Violation
ET ADWARE_PUP Suspected PUP/PUA User-Agent (OSSProxy)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://filedm.com/Zy2EH