Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

33865addf2...63.exe

windows7-x64

7

33865addf2...63.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 23:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe

  • Size

    2.0MB

  • MD5

    5d1996a8f9b5d1ca4e0677a41f3871af

  • SHA1

    0b94f2dafedab762e17ad38ea8fa8498b46390e1

  • SHA256

    33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763

  • SHA512

    3a554727d43c44680259b13946c726ea19e00e01bc2dd1da364d04ffdad9ca4cd7fafb2c1f7f9f231ac1e952b254e33aa89431c1199e64fdfa5dd8eda30268c5

  • SSDEEP

    49152:DVAbwuGwKOco09gsJcxlV8fTguPOAItUIrhO5Ov:pApQx5+Mc27g9tfoMv

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe
    "C:\Users\Admin\AppData\Local\Temp\33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe
        C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.53 --initial-client-data=0x32c,0x330,0x334,0x300,0x338,0x74d5a174,0x74d5a180,0x74d5a18c
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2696
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2676
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1560
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe" --version
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1348
        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe
          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.30 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x918f40,0x918f4c,0x918f58
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:868
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4400,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
    1⤵
      PID:456

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      81.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.144.22.2.in-addr.arpa
      IN PTR
      Response
      81.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-81deploystaticakamaitechnologiescom
    • flag-us
      DNS
      desktop-netinstaller-sub.osp.opera.software
      setup.exe
      Remote address:
      8.8.8.8:53
      Request
      desktop-netinstaller-sub.osp.opera.software
      IN A
      Response
      desktop-netinstaller-sub.osp.opera.software
      IN CNAME
      submit-target.osp.opera.software
      submit-target.osp.opera.software
      IN CNAME
      submit.geo.opera.com
      submit.geo.opera.com
      IN CNAME
      submit-am4.osp.opera.software
      submit-am4.osp.opera.software
      IN A
      82.145.217.121
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 461
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:31:40 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 205
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:31:40 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 199
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:31:41 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 193
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:31:41 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 296
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:31:41 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-us
      DNS
      121.217.145.82.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      121.217.145.82.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      autoupdate.geo.opera.com
      setup.exe
      Remote address:
      8.8.8.8:53
      Request
      autoupdate.geo.opera.com
      IN A
      Response
      autoupdate.geo.opera.com
      IN CNAME
      eu-autoupdate.opera.com
      eu-autoupdate.opera.com
      IN A
      185.26.182.124
      eu-autoupdate.opera.com
      IN A
      185.26.182.123
    • flag-nl
      GET
      https://autoupdate.geo.opera.com/geolocation/
      setup.exe
      Remote address:
      185.26.182.124:443
      Request
      GET /geolocation/ HTTP/1.1
      User-Agent: Opera NetInstaller/112.0.5197.53
      Host: autoupdate.geo.opera.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Mon, 19 Aug 2024 23:31:41 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Allow: HEAD, GET
      Cache-Control: no-cache, no-store, must-revalidate, max-age=0
      Pragma: no-cache
      Expires: Thu, 1 Jan 1970 00:00:01 GMT
      X-Content-Type-Options: nosniff
      Referrer-Policy: same-origin
      Cross-Origin-Opener-Policy: same-origin
      Strict-Transport-Security: max-age=31536000; includeSubDomains
    • flag-nl
      POST
      https://autoupdate.geo.opera.com/v5/netinstaller/opera/Stable/windows/x64
      setup.exe
      Remote address:
      185.26.182.124:443
      Request
      POST /v5/netinstaller/opera/Stable/windows/x64 HTTP/1.1
      User-Agent: Opera NetInstaller/112.0.5197.53
      Host: autoupdate.geo.opera.com
      Content-Length: 256
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Mon, 19 Aug 2024 23:31:41 GMT
      Content-Type: application/json; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Allow: GET, HEAD, POST
      Cache-Control: no-cache, no-store, must-revalidate, max-age=0
      Pragma: no-cache
      Expires: Thu, 1 Jan 1970 00:00:01 GMT
      X-Content-Type-Options: nosniff
      Referrer-Policy: same-origin
      Cross-Origin-Opener-Policy: same-origin
      Strict-Transport-Security: max-age=31536000; includeSubDomains
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0795A58371856459073CB163706565AF; domain=.bing.com; expires=Sat, 13-Sep-2025 23:31:41 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 8A29018946F74071A89B514D6121F0F2 Ref B: LON04EDGE1209 Ref C: 2024-08-19T23:31:41Z
      date: Mon, 19 Aug 2024 23:31:41 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0795A58371856459073CB163706565AF
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=rEcm8OpENXBXtWaIT5xXp0qIw8OHRjCJdWyjPPzDjZw; domain=.bing.com; expires=Sat, 13-Sep-2025 23:31:41 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D04DA41910BD48BCA3EEFFEA7477D0B4 Ref B: LON04EDGE1209 Ref C: 2024-08-19T23:31:41Z
      date: Mon, 19 Aug 2024 23:31:41 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0795A58371856459073CB163706565AF; MSPTC=rEcm8OpENXBXtWaIT5xXp0qIw8OHRjCJdWyjPPzDjZw
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 28DA6740AEDC4C8D851984FDAF378410 Ref B: LON04EDGE1209 Ref C: 2024-08-19T23:31:41Z
      date: Mon, 19 Aug 2024 23:31:41 GMT
    • flag-us
      DNS
      features.opera-api2.com
      setup.exe
      Remote address:
      8.8.8.8:53
      Request
      features.opera-api2.com
      IN A
      Response
      features.opera-api2.com
      IN CNAME
      features-2.geo.opera.com
      features-2.geo.opera.com
      IN CNAME
      ams-features.opera-api2.com
      ams-features.opera-api2.com
      IN CNAME
      ams.lb.opera.technology
      ams.lb.opera.technology
      IN A
      185.26.182.93
      ams.lb.opera.technology
      IN A
      185.26.182.106
      ams.lb.opera.technology
      IN A
      185.26.182.94
      ams.lb.opera.technology
      IN A
      185.26.182.112
      ams.lb.opera.technology
      IN A
      185.26.182.118
      ams.lb.opera.technology
      IN A
      185.26.182.111
    • flag-us
      DNS
      download.opera.com
      setup.exe
      Remote address:
      8.8.8.8:53
      Request
      download.opera.com
      IN A
      Response
      download.opera.com
      IN CNAME
      download.geo.opera.com
      download.geo.opera.com
      IN CNAME
      eu-download.opera.com
      eu-download.opera.com
      IN A
      185.26.182.122
      eu-download.opera.com
      IN A
      185.26.182.117
    • flag-nl
      GET
      https://features.opera-api2.com/api/v2/features?country=GB&language=en&uuid=7211b76f-fb15-4f37-ba59-14d0a13a1078&product=&channel=Stable&version=112.0.5197.53
      setup.exe
      Remote address:
      185.26.182.93:443
      Request
      GET /api/v2/features?country=GB&language=en&uuid=7211b76f-fb15-4f37-ba59-14d0a13a1078&product=&channel=Stable&version=112.0.5197.53 HTTP/1.1
      User-Agent: Opera NetInstaller/112.0.5197.53
      Host: features.opera-api2.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Mon, 19 Aug 2024 23:31:41 GMT
      Content-Type: application/json
      Content-Length: 1521
      Connection: keep-alive
      Cache-Control: max-age=3672
      Strict-Transport-Security: max-age=31536000; includeSubDomains
    • flag-nl
      GET
      https://download.opera.com/download/get/?id=67158&autoupdate=1&ni=1&stream=stable
      setup.exe
      Remote address:
      185.26.182.122:443
      Request
      GET /download/get/?id=67158&autoupdate=1&ni=1&stream=stable HTTP/1.1
      User-Agent: Opera NetInstaller/112.0.5197.53
      Host: download.opera.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 302 Found
      Server: nginx
      Date: Mon, 19 Aug 2024 23:31:41 GMT
      Content-Type: text/html; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Location: https://download5.operacdn.com/ftp/pub/opera/desktop/112.0.5197.53/win/Opera_112.0.5197.53_Autoupdate_x64.exe
      Strict-Transport-Security: max-age=31536000; includeSubDomains
    • flag-nl
      GET
      https://download.opera.com/download/get/?id=66940&autoupdate=1&ni=1
      setup.exe
      Remote address:
      185.26.182.122:443
      Request
      GET /download/get/?id=66940&autoupdate=1&ni=1 HTTP/1.1
      User-Agent: Opera NetInstaller/112.0.5197.53
      Host: download.opera.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 302 Found
      Server: nginx
      Date: Mon, 19 Aug 2024 23:32:08 GMT
      Content-Type: text/html; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Location: https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe
      Strict-Transport-Security: max-age=31536000; includeSubDomains
    • flag-nl
      GET
      https://download.opera.com/download/get/?id=66940&autoupdate=1&ni=1
      setup.exe
      Remote address:
      185.26.182.122:443
      Request
      GET /download/get/?id=66940&autoupdate=1&ni=1 HTTP/1.1
      Range: bytes=2565227-
      User-Agent: Opera NetInstaller/112.0.5197.53
      Host: download.opera.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 302 Found
      Server: nginx
      Date: Mon, 19 Aug 2024 23:32:55 GMT
      Content-Type: text/html; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Location: https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe
      Strict-Transport-Security: max-age=31536000; includeSubDomains
    • flag-nl
      GET
      https://download.opera.com/download/get/?id=66940&autoupdate=1&ni=1
      setup.exe
      Remote address:
      185.26.182.122:443
      Request
      GET /download/get/?id=66940&autoupdate=1&ni=1 HTTP/1.1
      User-Agent: Opera NetInstaller/112.0.5197.53
      Host: download.opera.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 302 Found
      Server: nginx
      Date: Mon, 19 Aug 2024 23:32:56 GMT
      Content-Type: text/html; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Location: https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe
      Strict-Transport-Security: max-age=31536000; includeSubDomains
    • flag-us
      DNS
      73.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      124.182.26.185.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      124.182.26.185.in-addr.arpa
      IN PTR
      Response
      124.182.26.185.in-addr.arpa
      IN PTR
      eu-autoupdateoperacom
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      download5.operacdn.com
      setup.exe
      Remote address:
      8.8.8.8:53
      Request
      download5.operacdn.com
      IN A
      Response
      download5.operacdn.com
      IN A
      104.18.10.89
      download5.operacdn.com
      IN A
      104.18.11.89
    • flag-us
      GET
      https://download5.operacdn.com/ftp/pub/opera/desktop/112.0.5197.53/win/Opera_112.0.5197.53_Autoupdate_x64.exe
      setup.exe
      Remote address:
      104.18.10.89:443
      Request
      GET /ftp/pub/opera/desktop/112.0.5197.53/win/Opera_112.0.5197.53_Autoupdate_x64.exe HTTP/1.1
      User-Agent: Opera NetInstaller/112.0.5197.53
      Cache-Control: no-cache
      Host: download5.operacdn.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 19 Aug 2024 23:31:42 GMT
      Content-Type: application/octet-stream
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Tue, 06 Aug 2024 13:47:42 GMT
      ETag: W/"66b2297e-6814968"
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      CF-Cache-Status: HIT
      Age: 553121
      Server: cloudflare
      CF-RAY: 8b5df04bcc65405e-LHR
    • flag-us
      GET
      https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe
      setup.exe
      Remote address:
      104.18.10.89:443
      Request
      GET /ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe HTTP/1.1
      User-Agent: Opera NetInstaller/112.0.5197.53
      Cache-Control: no-cache
      Host: download5.operacdn.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 19 Aug 2024 23:32:08 GMT
      Content-Type: application/octet-stream
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Fri, 19 Jul 2024 08:22:55 GMT
      ETag: W/"669a225f-29fff8"
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      CF-Cache-Status: HIT
      Age: 313463
      Server: cloudflare
      CF-RAY: 8b5df0f1dbc8405e-LHR
    • flag-us
      DNS
      93.182.26.185.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      93.182.26.185.in-addr.arpa
      IN PTR
      Response
      93.182.26.185.in-addr.arpa
      IN PTR
      vip01amslbopera technology
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      122.182.26.185.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      122.182.26.185.in-addr.arpa
      IN PTR
      Response
      122.182.26.185.in-addr.arpa
      IN PTR
      eu-downloadoperacom
    • flag-us
      DNS
      89.10.18.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      89.10.18.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 442
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:32:05 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 193
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:32:05 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 193
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:32:07 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 214
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:32:07 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 262
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:32:08 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
      Response
      73.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-73deploystaticakamaitechnologiescom
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe
      setup.exe
      Remote address:
      104.18.10.89:443
      Request
      GET /ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe HTTP/1.1
      Range: bytes=2565227-
      User-Agent: Opera NetInstaller/112.0.5197.53
      Cache-Control: no-cache
      Host: download5.operacdn.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 19 Aug 2024 23:32:56 GMT
      Content-Type: application/octet-stream
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Fri, 19 Jul 2024 08:22:55 GMT
      ETag: W/"669a225f-29fff8"
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      CF-Cache-Status: HIT
      Age: 313511
      Server: cloudflare
      CF-RAY: 8b5df21ad82e94eb-LHR
    • flag-us
      GET
      https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe
      setup.exe
      Remote address:
      104.18.10.89:443
      Request
      GET /ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe HTTP/1.1
      User-Agent: Opera NetInstaller/112.0.5197.53
      Cache-Control: no-cache
      Host: download5.operacdn.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 19 Aug 2024 23:32:56 GMT
      Content-Type: application/octet-stream
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Fri, 19 Jul 2024 08:22:55 GMT
      ETag: W/"669a225f-29fff8"
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      CF-Cache-Status: HIT
      Age: 313511
      Server: cloudflare
      CF-RAY: 8b5df21efb7494eb-LHR
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 213
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:32:57 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-nl
      POST
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      setup.exe
      Remote address:
      82.145.217.121:443
      Request
      POST /v1/binary HTTP/1.1
      Authorization: Basic dmFBZUV4c1JXQmViWm9McmNpVGlFSFpmWUdXeUlXMFo6
      User-Agent: Opera installer
      Host: desktop-netinstaller-sub.osp.opera.software
      Content-Length: 193
      Cache-Control: no-cache
      Response
      HTTP/1.1 201 CREATED
      Server: nginx/1.18.0
      Date: Mon, 19 Aug 2024 23:32:57 GMT
      Content-Type: text/html; charset=utf-8
      Content-Length: 36
      Connection: keep-alive
    • flag-us
      DNS
      58.99.105.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.99.105.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418555_1KV8ALUFBH6DDF1AN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239340418555_1KV8ALUFBH6DDF1AN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 875278
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 19F16D7972BE4E76814A6BC83B5A79B8 Ref B: LON04EDGE0706 Ref C: 2024-08-19T23:33:22Z
      date: Mon, 19 Aug 2024 23:33:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 550329
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 06F2E2E9C6854E748601C9C66C5CFC19 Ref B: LON04EDGE0706 Ref C: 2024-08-19T23:33:22Z
      date: Mon, 19 Aug 2024 23:33:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 712275
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 7DC6EFBA07CB4573982DAF5B465D8457 Ref B: LON04EDGE0706 Ref C: 2024-08-19T23:33:22Z
      date: Mon, 19 Aug 2024 23:33:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388125_1VMOONLDU1IFR4WEP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239339388125_1VMOONLDU1IFR4WEP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 586035
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: AC834E59B1244BCBB60C262C7720EF2F Ref B: LON04EDGE0706 Ref C: 2024-08-19T23:33:22Z
      date: Mon, 19 Aug 2024 23:33:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388126_1L4W1T5VFYTHU9QO3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239339388126_1L4W1T5VFYTHU9QO3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 753155
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: DFE6245BF6514A94B2EEB33E0E800F13 Ref B: LON04EDGE0706 Ref C: 2024-08-19T23:33:22Z
      date: Mon, 19 Aug 2024 23:33:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418556_19ZNSNV8II35KT0LW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239340418556_19ZNSNV8II35KT0LW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 589124
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 81E28A0691BE42438D12D5F09B5A20DE Ref B: LON04EDGE0706 Ref C: 2024-08-19T23:33:24Z
      date: Mon, 19 Aug 2024 23:33:23 GMT
    • flag-us
      DNS
      10.28.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.28.171.150.in-addr.arpa
      IN PTR
      Response
    • 82.145.217.121:443
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      tls, http
      setup.exe
      3.9kB
       5.1kB
       23
      14

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201
    • 185.26.182.124:443
      https://autoupdate.geo.opera.com/geolocation/
      tls, http
      setup.exe
      1.1kB
       4.7kB
       14
      10

      HTTP Request

      GET https://autoupdate.geo.opera.com/geolocation/

      HTTP Response

      200
    • 185.26.182.124:443
      https://autoupdate.geo.opera.com/v5/netinstaller/opera/Stable/windows/x64
      tls, http
      setup.exe
      1.4kB
       5.4kB
       14
      10

      HTTP Request

      POST https://autoupdate.geo.opera.com/v5/netinstaller/opera/Stable/windows/x64

      HTTP Response

      200
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      tls, http2
      2.0kB
       9.3kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f94c4e08594545c882e13ad899e8dbb2&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204
    • 185.26.182.93:443
      https://features.opera-api2.com/api/v2/features?country=GB&language=en&uuid=7211b76f-fb15-4f37-ba59-14d0a13a1078&product=&channel=Stable&version=112.0.5197.53
      tls, http
      setup.exe
      1.2kB
       5.8kB
       15
      11

      HTTP Request

      GET https://features.opera-api2.com/api/v2/features?country=GB&language=en&uuid=7211b76f-fb15-4f37-ba59-14d0a13a1078&product=&channel=Stable&version=112.0.5197.53

      HTTP Response

      200
    • 185.26.182.122:443
      https://download.opera.com/download/get/?id=66940&autoupdate=1&ni=1
      tls, http
      setup.exe
      2.1kB
       5.5kB
       20
      15

      HTTP Request

      GET https://download.opera.com/download/get/?id=67158&autoupdate=1&ni=1&stream=stable

      HTTP Response

      302

      HTTP Request

      GET https://download.opera.com/download/get/?id=66940&autoupdate=1&ni=1

      HTTP Response

      302

      HTTP Request

      GET https://download.opera.com/download/get/?id=66940&autoupdate=1&ni=1

      HTTP Response

      302

      HTTP Request

      GET https://download.opera.com/download/get/?id=66940&autoupdate=1&ni=1

      HTTP Response

      302
    • 104.18.10.89:443
      https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe
      tls, http
      setup.exe
      5.9MB
       127.6MB
       91505
      91356

      HTTP Request

      GET https://download5.operacdn.com/ftp/pub/opera/desktop/112.0.5197.53/win/Opera_112.0.5197.53_Autoupdate_x64.exe

      HTTP Response

      200

      HTTP Request

      GET https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe

      HTTP Response

      200
    • 82.145.217.121:443
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      tls, http
      setup.exe
      7.9kB
       6.0kB
       33
      19

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201
    • 104.18.10.89:443
      https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe
      tls, http
      setup.exe
      195.6kB
       5.7MB
       4093
      4087

      HTTP Request

      GET https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe

      HTTP Response

      200

      HTTP Request

      GET https://download5.operacdn.com/ftp/pub/.assistant/112.0.5197.30/Assistant_112.0.5197.30_Setup.exe

      HTTP Response

      200
    • 82.145.217.121:443
      https://desktop-netinstaller-sub.osp.opera.software/v1/binary
      tls, http
      setup.exe
      2.0kB
       976 B
       14
      9

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201

      HTTP Request

      POST https://desktop-netinstaller-sub.osp.opera.software/v1/binary

      HTTP Response

      201
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340418556_19ZNSNV8II35KT0LW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      145.3kB
       4.2MB
       3081
      3073

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418555_1KV8ALUFBH6DDF1AN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388125_1VMOONLDU1IFR4WEP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388126_1L4W1T5VFYTHU9QO3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418556_19ZNSNV8II35KT0LW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      132 B
       90 B
       2
      1

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      28.118.140.52.in-addr.arpa

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      81.144.22.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      81.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      desktop-netinstaller-sub.osp.opera.software
      dns
      setup.exe
      89 B
       192 B
       1
      1

      DNS Request

      desktop-netinstaller-sub.osp.opera.software

      DNS Response

      82.145.217.121

    • 8.8.8.8:53
      121.217.145.82.in-addr.arpa
      dns
      73 B
       134 B
       1
      1

      DNS Request

      121.217.145.82.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      autoupdate.geo.opera.com
      dns
      setup.exe
      70 B
       130 B
       1
      1

      DNS Request

      autoupdate.geo.opera.com

      DNS Response

      185.26.182.124
      185.26.182.123

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      features.opera-api2.com
      dns
      setup.exe
      69 B
       264 B
       1
      1

      DNS Request

      features.opera-api2.com

      DNS Response

      185.26.182.93
      185.26.182.106
      185.26.182.94
      185.26.182.112
      185.26.182.118
      185.26.182.111

    • 8.8.8.8:53
      download.opera.com
      dns
      setup.exe
      64 B
       149 B
       1
      1

      DNS Request

      download.opera.com

      DNS Response

      185.26.182.122
      185.26.182.117

    • 8.8.8.8:53
      73.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      73.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      124.182.26.185.in-addr.arpa
      dns
      73 B
       110 B
       1
      1

      DNS Request

      124.182.26.185.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      download5.operacdn.com
      dns
      setup.exe
      68 B
       100 B
       1
      1

      DNS Request

      download5.operacdn.com

      DNS Response

      104.18.10.89
      104.18.11.89

    • 8.8.8.8:53
      93.182.26.185.in-addr.arpa
      dns
      72 B
       115 B
       1
      1

      DNS Request

      93.182.26.185.in-addr.arpa

    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      122.182.26.185.in-addr.arpa
      dns
      73 B
       108 B
       1
      1

      DNS Request

      122.182.26.185.in-addr.arpa

    • 8.8.8.8:53
      89.10.18.104.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      89.10.18.104.in-addr.arpa

    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      73.144.22.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      73.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      216 B
       146 B
       3
      1

      DNS Request

      157.123.68.40.in-addr.arpa

      DNS Request

      157.123.68.40.in-addr.arpa

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      142 B
       145 B
       2
      1

      DNS Request

      206.23.85.13.in-addr.arpa

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      58.99.105.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      58.99.105.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       170 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      10.28.171.150.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.28.171.150.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BKKBWXOR\Assistant_112.0.5197.30_Setup[1].exe
      Filesize

      2.6MB

      MD5

      1bf64fd766bd850bcf8e0ffa9093484b

      SHA1

      01524bb2c88b7066391da291ee474004a4904891

      SHA256

      58794b1bf4d84bd7566ee89fd8a8a4157dc70c598d229ec5101959f30b6f3491

      SHA512

      cdf2830edc5d4f30beae41591f3a1bcff820f75444d70338a4c6d36e10df43475f383a9f291b619a008452c53e0dddf65547f217386389000535d6d264854e7f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe
      Filesize

      1.9MB

      MD5

      9afe96db501220cf42b262fdac954dc8

      SHA1

      d3471998f674b267256e72a30977a79abcd8fca9

      SHA256

      fc5608bf95bb02e889aa9be15abc5c066acd62ba07f886b323383e75909a2566

      SHA512

      ecff52ca7467e3948faa244c1fc7c3d4d1f1dbe74077d071b78147729a078cc6a676212e0606111edcf542d554045c4f5a4d502545b2f0a285cda6c5d0b69b27

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\dbgcore.dll
      Filesize

      166KB

      MD5

      e0274730d20eb9571d59f2da20d165a2

      SHA1

      b746aeca5f7cbee0de163309c9d207c94f9b8d64

      SHA256

      c5c4c6430bcfe6118a4f499c94afa460401e369dc548a24688532c95fd202ec5

      SHA512

      d95998b69e6c3d25037e12e038f2773960de2d18df1af0342fd805c7c349bd630a21d0e0fe7490baaf274e90781ebf6a2667e64593f9d91174d040bfe640bddf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\dbghelp.dll
      Filesize

      1.7MB

      MD5

      6e9976cc7b2def7a37106703e47626a5

      SHA1

      edcb4758f8ee56e9c6515f912d5024aeca9ead50

      SHA256

      fd8840fab4b61db4e9e09168e5b1b4f0e9bfea0a64482fd475ab63c712b92b9c

      SHA512

      27091e6ad001dac22897a295806925e02f693096d79667e587de74ca955ffb9b2773b22c83e306e7164862524e02ad028e68684c2ca7d9e4da1ff03787dd40ca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe
      Filesize

      5.2MB

      MD5

      44908c157516d82119d84a3b1c4a31f7

      SHA1

      dea19891d14b4e3598844f624c919b0dc5ce236f

      SHA256

      be21539218a31ff278f218a172b9972f4d8978a281387acdadf9a25b86e30b1a

      SHA512

      5a83d45533202ba573941d041619bd7f17e997f352f73528029d1f07da9a26c4f50f1cf77c822f972b596fa75bd2eeb0bca8170d89343d8b590ba869be058106

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408192331373012908.dll
      Filesize

      4.7MB

      MD5

      d7b7e0f7865a3cc624e95cefe2bc205c

      SHA1

      1352733bfaa54292d1457d3f7a87069c00a1f56f

      SHA256

      94028494f0c28a14f21179ef4096e0c52f1d022a5ad65b070f0d8584b500b597

      SHA512

      e5bced68446f702de4236a6f11ec005bc5233915ff689693a1894afe7ea924ca6d6d8ae722b12daa0ee0b4e35223606a55f13b34db648bfb24e96a76e834ff08

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
      Filesize

      40B

      MD5

      a8bbc0840cbab8fffc8171aa248b9067

      SHA1

      adcd260ead3af163409357699ce7f5a4e2f46fdd

      SHA256

      d6289e9a90f986740a76822603a4c49f1e237b20946cf16050dfe719b6d167f6

      SHA512

      90d88d555d66ba5ee129bc749777b7851892cf60df796e95b2ed12c9c113cba91f2000e85a47c90741c2c1494b16281b5251b11fc4a3b81e0d389bce24708c4c

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.