any.run
Open in
urlscan Pro
2606:4700:10::6816:304a
Public Scan
URL:
https://any.run/report/bf804da93cf53cc55783cb3aedd3ed489e919273e678fd059bbe5295278a7da3/f0628bd4-0cda-41ff-8a57-...
Submission: On August 05 via manual from US — Scanned from DE
Submission: On August 05 via manual from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
We're sorry but any.run reports doesn't work properly without JavaScript
enabled. Please enable it to continue.
analyze malware
* Huge database of samples and IOCs
* Custom VM setup
* Unlimited submissions
* Interactive approach
Sign up, it’s free
General
Behavior
MalConf
Static information
Video
Screenshots
System events
* Process
* Registry activity
* Files activity
* Debug
Network
GENERAL INFO
Add for printing
URL:
HTTPS://DOWNLOADONELAUNCHNOW.COM
Full analysis: https://app.any.run/tasks/f0628bd4-0cda-41ff-8a57-a68796ae8ed9
Verdict: Malicious activity Analysis date: July 14, 2023 at 18:44:26 OS: Windows
7 Professional Service Pack 1 (build: 7601, 32 bit) Indicators:
MD5:
07A41AB112E5564A8086577B88459AD4
SHA1:
35EE87176B33B3D34D04BEDF3E8C1A3AA4633087
SHA256:
BF804DA93CF53CC55783CB3AEDD3ED489E919273E678FD059BBE5295278A7DA3
SSDEEP:
3:N8SEK0LLAFGT:2SYAS
ANY.RUN is an interactive service which provides full access to the guest
system. Information in this report could be distorted by user actions and is
provided for user acknowledgement as it is. ANY.RUN does not guarantee
maliciousness or safety of the content.
SOFTWARE ENVIRONMENT SET AND ANALYSIS OPTIONS
LAUNCH CONFIGURATION
Task duration: 300 secondsHeavy Evasion option: offNetwork geolocation:
offAdditional time used: 240 secondsMITM proxy: offPrivacy: Public
submissionFakenet option: offRoute via Tor: offAutoconfirmation of UAC:
onNetwork: on
SOFTWARE PRESET
* Internet Explorer 11.0.9600.19596 KB4534251
* Adobe Acrobat Reader DC (20.013.20064)
* Adobe Acrobat Reader DC (20.013.20064)
* Adobe Flash Player 32 ActiveX (32.0.0.453)
* Adobe Flash Player 32 ActiveX (32.0.0.453)
* Adobe Flash Player 32 NPAPI (32.0.0.453)
* Adobe Flash Player 32 NPAPI (32.0.0.453)
* Adobe Flash Player 32 PPAPI (32.0.0.453)
* Adobe Flash Player 32 PPAPI (32.0.0.453)
* Adobe Refresh Manager (1.8.0)
* Adobe Refresh Manager (1.8.0)
* CCleaner (5.74)
* CCleaner (5.74)
* FileZilla Client 3.51.0 (3.51.0)
* FileZilla Client 3.51.0 (3.51.0)
* Google Chrome (86.0.4240.198)
* Google Chrome (86.0.4240.198)
* Google Update Helper (1.3.36.31)
* Google Update Helper (1.3.36.31)
* Java 8 Update 271 (8.0.2710.9)
* Java 8 Update 271 (8.0.2710.9)
* Java Auto Updater (2.8.271.9)
* Java Auto Updater (2.8.271.9)
* Microsoft .NET Framework 4.5.2 (4.5.51209)
* Microsoft .NET Framework 4.5.2 (4.5.51209)
* Microsoft .NET Framework 4.5.2 (4.5.51209)
* Microsoft .NET Framework 4.5.2 (4.5.51209)
* Microsoft Edge (109.0.1518.115)
* Microsoft Edge (109.0.1518.115)
* Microsoft Edge Update (1.3.175.29)
* Microsoft Edge Update (1.3.175.29)
* Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
* Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil)
(14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil)
(14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
* Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
* Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Professional 2010 (14.0.6029.1000)
* Microsoft Office Professional 2010 (14.0.6029.1000)
* Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
* Microsoft Office Proof (English) 2010 (14.0.6029.1000)
* Microsoft Office Proof (English) 2010 (14.0.6029.1000)
* Microsoft Office Proof (French) 2010 (14.0.6029.1000)
* Microsoft Office Proof (French) 2010 (14.0.6029.1000)
* Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
* Microsoft Office Proof (German) 2010 (14.0.4763.1000)
* Microsoft Office Proof (German) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
* Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
* Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
* Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
* Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010
(14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010
(14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Single Image 2010 (14.0.6029.1000)
* Microsoft Office Single Image 2010 (14.0.6029.1000)
* Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(9.0.30729.6161)
* Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(9.0.30729.6161)
* Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
* Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
* Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
* Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
* Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
* Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
* Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
* Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
* Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
(14.36.32532.0)
* Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
(14.36.32532.0)
* Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
* Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
* Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
* Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
* Mozilla Firefox (x86 en-US) (115.0.2)
* Mozilla Firefox (x86 en-US) (115.0.2)
* Mozilla Maintenance Service (115.0.2)
* Mozilla Maintenance Service (115.0.2)
* Notepad++ (32-bit x86) (7.9.1)
* Notepad++ (32-bit x86) (7.9.1)
* Opera 12.15 (12.15.1748)
* Opera 12.15 (12.15.1748)
* PowerShell 7-x86 (7.2.11.0)
* PowerShell 7-x86 (7.2.11.0)
* Skype version 8.29 (8.29)
* Skype version 8.29 (8.29)
* VLC media player (3.0.11)
* VLC media player (3.0.11)
* WinRAR 5.91 (32-bit) (5.91.0)
* WinRAR 5.91 (32-bit) (5.91.0)
HOTFIXES
BEHAVIOR ACTIVITIES
Add for printing
* MALICIOUS
No malicious indicators.
* SUSPICIOUS
No suspicious indicators.
* INFO
* READS THE COMPUTER NAME
* wmpnscfg.exe (PID: 3268)
* CHECKS SUPPORTED LANGUAGES
* wmpnscfg.exe (PID: 3268)
* APPLICATION LAUNCHED ITSELF
* firefox.exe (PID: 3468)
* firefox.exe (PID: 3836)
* MANUAL EXECUTION BY A USER
* wmpnscfg.exe (PID: 3268)
* THE PROCESS CHECKS LSA PROTECTION
* slui.exe (PID: 916)
* wmpnscfg.exe (PID: 3268)
* READS THE MACHINE GUID FROM THE REGISTRY
* wmpnscfg.exe (PID: 3268)
* EXECUTABLE CONTENT WAS DROPPED OR OVERWRITTEN
* firefox.exe (PID: 3836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™
MATRIX at the full report
MALWARE CONFIGURATION
Add for printing
No Malware configuration.
STATIC INFORMATION
Add for printing
No data.
VIDEO AND SCREENSHOTS
Add for printing
All screenshots are available in the full report
All screenshots are available in the full report
PROCESSES
Add for printing
Total processes
48
Monitored processes
13
Malicious processes
0
Suspicious processes
0
BEHAVIOR GRAPH
Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs
firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no
specs firefox.exe no specs firefox.exe no specs firefox.exe no specs
wmpnscfg.exe no specs slui.exe no specs
- +
SPECS DESCRIPTION
* Program did not start
* Low-level access to the HDD
* Process was added to the startup
* Debug information is available
* Probably Tor was used
* Behavior similar to spam
* Task has injected processes
* Executable file was dropped
* Known threat
* RAM overrun
* Network attacks were detected
* Integrity level elevation
* Connects to the network
* CPU overrun
* Process starts the services
* System was rebooted
* Task contains several apps running
* Application downloaded the executable file
* Actions similar to stealing personal data
* Task has apps ended with an error
* File is detected by antivirus software
* Inspected object has suspicious PE structure
* Behavior similar to exploiting the vulnerability
* Task contains an error or was rebooted
* The process has the malware config
PROCESS INFORMATION
PID
CMD
Path
Indicators
Parent process
3468"C:\Program Files\Mozilla Firefox\firefox.exe"
"https://downloadonelaunchnow.com"C:\Program Files\Mozilla
Firefox\firefox.exe—explorer.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
115.0.2
MODULES
Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* Next
*
3836"C:\Program Files\Mozilla Firefox\firefox.exe"
https://downloadonelaunchnow.comC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\msvcp140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* …
* 15
* Next
*
280"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.0.2048005219\1133799334" -parentBuildID 20230710165010
-prefsHandle 1092 -prefMapHandle 1084 -prefsLen 25853 -prefMapSize 243323
-appDir "C:\Program Files\Mozilla Firefox\browser" -
{9b06da53-ae04-4f00-bf42-5b3be9b971c7} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 1176 d47b500 gpuC:\Program Files\Mozilla
Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\msvcp140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
2044"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.1.1233655429\464071188" -parentBuildID 20230710165010
-prefsHandle 1408 -prefMapHandle 1404 -prefsLen 25929 -prefMapSize 243323
-appDir "C:\Program Files\Mozilla Firefox\browser" -
{78aeebb7-6000-419a-80a1-520c6999b295} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 1420 cbbb2c0 socketC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* Next
*
1356"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.2.1422227169\1796908071" -childID 1 -isForBrowser -prefsHandle
2144 -prefMapHandle 1988 -prefsLen 24503 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {cee634e9-13d7-4d8f-803b-3544b995ff46} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 2156 cbf5c90 tabC:\Program Files\Mozilla
Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
3796"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.3.1171630511\339021618" -childID 2 -isForBrowser -prefsHandle
1744 -prefMapHandle 1948 -prefsLen 27510 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {13c09432-53c1-4331-8d93-076434400a80} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 2340 156673f0 tabC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\msvcp140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
2728"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.4.620507296\1378216651" -childID 3 -isForBrowser -prefsHandle
2548 -prefMapHandle 2552 -prefsLen 24645 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {fdcf7522-cb71-40f4-bbf0-8bbd75c2def5} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 2536 15667560 tabC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
3816"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.5.2034636916\848232450" -parentBuildID 20230710165010
-prefsHandle 3116 -prefMapHandle 3112 -prefsLen 27916 -prefMapSize 243323
-appDir "C:\Program Files\Mozilla Firefox\browser" -
{b92242c3-83a7-4d24-a1c4-c689d8967deb} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 3128 1f167120 rddC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\msvcp140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* 9
* Next
*
2836"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.6.1637748223\212242350" -childID 4 -isForBrowser -prefsHandle
3860 -prefMapHandle 3852 -prefsLen 29711 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {db7656fb-f6aa-423c-b5b9-32d2101e8410} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 3884 1f6f53f0 tabC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
3428"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.7.814563364\1482745490" -childID 5 -isForBrowser -prefsHandle
3532 -prefMapHandle 3856 -prefsLen 29711 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {368b7197-991e-4f64-828d-e024dc3410b5} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 3988 21f4eb20 tabC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
* Previous
* 1
* 2
* Next
*
10
* 10
* 20
* 30
* 40
* 60
REGISTRY ACTIVITY
Add for printing
Total events
11 208
Read events
11 158
Write events
45
Delete events
5
MODIFICATION EVENTS
(PID)
Process:(3468) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\LauncherOperation:delete
valueName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
09611C1E1E000000
(PID)
Process:(3468) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\LauncherOperation:delete
valueName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
AD681C1E1E000000
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\LauncherOperation:writeName:C:\Program
Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
1
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperimentOperation:writeName:C:\Program
Files\Mozilla Firefox\firefox.exe
Value:
0
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default
Browser AgentOperation:writeName:C:\Program Files\Mozilla
Firefox|DisableTelemetry
Value:
1
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default
Browser AgentOperation:writeName:C:\Program Files\Mozilla
Firefox|DisableDefaultBrowserAgent
Value:
0
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
SettingsOperation:writeName:ProxyEnable
Value:
0
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ConnectionsOperation:writeName:SavedLegacySettings
Value:
4600000040010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3836) firefox.exeKey:HKEY_CLASSES_ROOT\Local
Settings\MuiCache\178\52C64B7EOperation:writeName:LanguageList
Value:
en-US
(PID)
Process:(3268) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Media Player
NSS\3.0\Events\{2F4BA1A2-05D0-46FF-9ABE-D20F0F52175B}\{4C7C25D3-8317-4B27-A3DF-98D4B76C1BF5}Operation:delete
keyName:(default)
Value:
* Previous
* 1
* 2
* 3
* Next
*
10
* 10
* 20
* 30
* 40
* 60
FILES ACTIVITY
Add for printing
Executable files
5
Suspicious files
184
Text files
82
Unknown types
0
DROPPED FILES
PID
Process
Filename
Type
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite-wal
—
MD5:—
SHA256:—
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.initext
MD5:5A14BC3397EA072906B63D69FC704FEA
SHA256:03F45724EA1FE89E753AA76B40DE9078BFC9160AA1065ED9D4D98DA04B7FB3E7
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journalbinary
MD5:7C0F7ED486449510BD3FB8C0D7D5ADAF
SHA256:94DC9DF298B5637F0E7719DC86BB3E8E77C49CF5444519760D4A18930AB405F6
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.tmptext
MD5:EB39F89D2A6CAF93BF8D86EF1DDA0ADA
SHA256:13F164FC2728092277A92F98A3D7715C39A5A65A092EE9683434F9EC5D2916C6
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.jstext
MD5:31780728EF802E178BEEA21AEDAA1902
SHA256:F4B4361A7B3ADEADCDEF4EF26251D382EC4628C965810F4A4F992D39F987B61B
3836firefox.exeC:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\profile_count_308046B0AF4A39CB.jsonbinary
MD5:58728D2E9D553BB2369BDB4A618ACAE5
SHA256:7EBC652A4B5B43608F61AC1057C51EC2EC1C8E33BBEB130794E15AF72BEB42E8
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\ls-archive-tmp.sqlitebinary
MD5:446FBAA8B14B3C86BFCEF8BE65EE7D80
SHA256:47DBD4AF1EF0E76FD0FC756D4F3A397C251F63CB1B71B1B4405FCA69C1DED6E0
3836firefox.exeC:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.jsonbinary
MD5:E812E56D0B6EDF84B4A0B959F53E239F
SHA256:D55B72651CD0C5B834EAA29BA778BE7EDC357C16163A77AE778DCD61E85C3582
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.jsontext
MD5:EB39F89D2A6CAF93BF8D86EF1DDA0ADA
SHA256:13F164FC2728092277A92F98A3D7715C39A5A65A092EE9683434F9EC5D2916C6
Download PCAP, analyze network streams, HTTP content and a lot more at the full
report
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* …
* 16
* Next
*
10
* 10
* 20
* 30
* 40
* 60
NETWORK ACTIVITY
Add for printing
HTTP(S) requests
15
TCP/UDP connections
80
DNS requests
143
Threats
0
HTTP REQUESTS
PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3836
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
US
text
90 b
whitelisted
3836
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
3836
firefox.exe
POST
200
23.53.40.154:80
http://r3.o.lencr.org/
NL
binary
503 b
shared
3836
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
US
binary
471 b
whitelisted
3836
firefox.exe
POST
—
23.53.40.154:80
http://r3.o.lencr.org/
NL
—
—
shared
3836
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
3836
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
US
text
90 b
whitelisted
3836
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
US
binary
471 b
whitelisted
3836
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
US
binary
471 b
whitelisted
3836
firefox.exe
POST
200
23.53.40.154:80
http://r3.o.lencr.org/
NL
binary
503 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full
report
* Previous
* 1
* 2
* Next
*
10
* 10
* 20
* 30
* 40
* 60
CONNECTIONS
PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
—
—
—
whitelisted
4
System
192.168.100.255:137
—
—
—
whitelisted
2640
svchost.exe
239.255.255.250:1900
—
—
—
whitelisted
1068
svchost.exe
224.0.0.252:5355
—
—
—
unknown
3836
firefox.exe
188.114.97.3:443
downloadonelaunchnow.com
—
—
malicious
3836
firefox.exe
23.53.40.154:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
3836
firefox.exe
13.224.192.222:80
ocsp.r2m02.amazontrust.com
AMAZON-02
US
unknown
3836
firefox.exe
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
suspicious
3836
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3836
firefox.exe
104.17.25.14:443
cdnjs.cloudflare.com
CLOUDFLARENET
—
suspicious
* Previous
* 1
* 2
* 3
* 4
* Next
*
10
* 10
* 20
* 30
* 40
* 60
DNS REQUESTS
Domain
IP
Reputation
downloadonelaunchnow.com
* 188.114.97.3
* 188.114.96.3
* 2a06:98c1:3120::3
* 2a06:98c1:3121::3
malicious
detectportal.firefox.com
* 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
* 34.107.221.82
* 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
* 34.117.237.239
whitelisted
spocs.getpocket.com
* 54.88.103.11
* 3.229.85.40
* 52.55.246.60
* 3.229.237.11
shared
proxyserverecs-1736642167.us-east-1.elb.amazonaws.com
* 3.229.237.11
* 52.55.246.60
* 3.229.85.40
* 54.88.103.11
shared
normandy.cdn.mozilla.net
* 35.201.103.21
whitelisted
normandy-cdn.services.mozilla.com
* 35.201.103.21
whitelisted
r3.o.lencr.org
* 23.53.40.154
* 23.53.40.161
* 2.16.202.121
* 95.101.54.131
shared
a1887.dscq.akamai.net
* 23.53.40.161
* 23.53.40.154
* 2a02:26f0:3500:e::1732:835c
* 2a02:26f0:3500:e::1732:8353
* 95.101.54.131
* 2.16.202.121
* 2a02:26f0:480:e::210:f10f
* 2a02:26f0:480:e::210:f108
whitelisted
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* Next
*
10
* 10
* 20
* 30
* 40
* 60
THREATS
No threats detected
DEBUG OUTPUT STRINGS
Add for printing
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2023 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://downloadonelaunchnow.com
General
Behavior
MalConf
Static information
Video
Screenshots
System events
* Process
* Registry activity
* Files activity
* Debug
Network
GENERAL INFO
Add for printing
URL:
HTTPS://DOWNLOADONELAUNCHNOW.COM
Full analysis: https://app.any.run/tasks/f0628bd4-0cda-41ff-8a57-a68796ae8ed9
Verdict: Malicious activity Analysis date: July 14, 2023, 18:44:26 OS: Windows 7
Professional Service Pack 1 (build: 7601, 32 bit) Indicators:
MD5:
07A41AB112E5564A8086577B88459AD4
SHA1:
35EE87176B33B3D34D04BEDF3E8C1A3AA4633087
SHA256:
BF804DA93CF53CC55783CB3AEDD3ED489E919273E678FD059BBE5295278A7DA3
SSDEEP:
3:N8SEK0LLAFGT:2SYAS
ANY.RUN is an interactive service which provides full access to the guest
system. Information in this report could be distorted by user actions and is
provided for user acknowledgement as it is. ANY.RUN does not guarantee
maliciousness or safety of the content.
SOFTWARE ENVIRONMENT SET AND ANALYSIS OPTIONS
LAUNCH CONFIGURATION
Task duration: 300 secondsHeavy Evasion option: offNetwork geolocation:
offAdditional time used: 240 secondsMITM proxy: offPrivacy: Public
submissionFakenet option: offRoute via Tor: offAutoconfirmation of UAC:
onNetwork: on
SOFTWARE PRESET
* Internet Explorer 11.0.9600.19596 KB4534251
* Adobe Acrobat Reader DC (20.013.20064)
* Adobe Acrobat Reader DC (20.013.20064)
* Adobe Flash Player 32 ActiveX (32.0.0.453)
* Adobe Flash Player 32 ActiveX (32.0.0.453)
* Adobe Flash Player 32 NPAPI (32.0.0.453)
* Adobe Flash Player 32 NPAPI (32.0.0.453)
* Adobe Flash Player 32 PPAPI (32.0.0.453)
* Adobe Flash Player 32 PPAPI (32.0.0.453)
* Adobe Refresh Manager (1.8.0)
* Adobe Refresh Manager (1.8.0)
* CCleaner (5.74)
* CCleaner (5.74)
* FileZilla Client 3.51.0 (3.51.0)
* FileZilla Client 3.51.0 (3.51.0)
* Google Chrome (86.0.4240.198)
* Google Chrome (86.0.4240.198)
* Google Update Helper (1.3.36.31)
* Google Update Helper (1.3.36.31)
* Java 8 Update 271 (8.0.2710.9)
* Java 8 Update 271 (8.0.2710.9)
* Java Auto Updater (2.8.271.9)
* Java Auto Updater (2.8.271.9)
* Microsoft .NET Framework 4.5.2 (4.5.51209)
* Microsoft .NET Framework 4.5.2 (4.5.51209)
* Microsoft .NET Framework 4.5.2 (4.5.51209)
* Microsoft .NET Framework 4.5.2 (4.5.51209)
* Microsoft Edge (109.0.1518.115)
* Microsoft Edge (109.0.1518.115)
* Microsoft Edge Update (1.3.175.29)
* Microsoft Edge Update (1.3.175.29)
* Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
* Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil)
(14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil)
(14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
* Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
* Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
* Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Professional 2010 (14.0.6029.1000)
* Microsoft Office Professional 2010 (14.0.6029.1000)
* Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
* Microsoft Office Proof (English) 2010 (14.0.6029.1000)
* Microsoft Office Proof (English) 2010 (14.0.6029.1000)
* Microsoft Office Proof (French) 2010 (14.0.6029.1000)
* Microsoft Office Proof (French) 2010 (14.0.6029.1000)
* Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
* Microsoft Office Proof (German) 2010 (14.0.4763.1000)
* Microsoft Office Proof (German) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
* Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
* Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
* Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
* Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
* Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010
(14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010
(14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Single Image 2010 (14.0.6029.1000)
* Microsoft Office Single Image 2010 (14.0.6029.1000)
* Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
* Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
* Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
* Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(9.0.30729.6161)
* Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(9.0.30729.6161)
* Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
* Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
* Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
* Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
* Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
* Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
* Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
* Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
* Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
(14.36.32532.0)
* Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
(14.36.32532.0)
* Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
* Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
* Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
* Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
* Mozilla Firefox (x86 en-US) (115.0.2)
* Mozilla Firefox (x86 en-US) (115.0.2)
* Mozilla Maintenance Service (115.0.2)
* Mozilla Maintenance Service (115.0.2)
* Notepad++ (32-bit x86) (7.9.1)
* Notepad++ (32-bit x86) (7.9.1)
* Opera 12.15 (12.15.1748)
* Opera 12.15 (12.15.1748)
* PowerShell 7-x86 (7.2.11.0)
* PowerShell 7-x86 (7.2.11.0)
* Skype version 8.29 (8.29)
* Skype version 8.29 (8.29)
* VLC media player (3.0.11)
* VLC media player (3.0.11)
* WinRAR 5.91 (32-bit) (5.91.0)
* WinRAR 5.91 (32-bit) (5.91.0)
HOTFIXES
BEHAVIOR ACTIVITIES
Add for printing
* MALICIOUS
No malicious indicators.
* SUSPICIOUS
No suspicious indicators.
* INFO
* READS THE COMPUTER NAME
* wmpnscfg.exe (PID: 3268)
* CHECKS SUPPORTED LANGUAGES
* wmpnscfg.exe (PID: 3268)
* APPLICATION LAUNCHED ITSELF
* firefox.exe (PID: 3468)
* firefox.exe (PID: 3836)
* MANUAL EXECUTION BY A USER
* wmpnscfg.exe (PID: 3268)
* THE PROCESS CHECKS LSA PROTECTION
* slui.exe (PID: 916)
* wmpnscfg.exe (PID: 3268)
* READS THE MACHINE GUID FROM THE REGISTRY
* wmpnscfg.exe (PID: 3268)
* EXECUTABLE CONTENT WAS DROPPED OR OVERWRITTEN
* firefox.exe (PID: 3836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™
MATRIX at the full report
MALWARE CONFIGURATION
Add for printing
No Malware configuration.
STATIC INFORMATION
Add for printing
No data.
VIDEO AND SCREENSHOTS
Add for printing
All screenshots are available in the full report
All screenshots are available in the full report
PROCESSES
Add for printing
Total processes
48
Monitored processes
13
Malicious processes
0
Suspicious processes
0
BEHAVIOR GRAPH
Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs
firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no
specs firefox.exe no specs firefox.exe no specs firefox.exe no specs
wmpnscfg.exe no specs slui.exe no specs
- +
SPECS DESCRIPTION
* Program did not start
* Low-level access to the HDD
* Process was added to the startup
* Debug information is available
* Probably Tor was used
* Behavior similar to spam
* Task has injected processes
* Executable file was dropped
* Known threat
* RAM overrun
* Network attacks were detected
* Integrity level elevation
* Connects to the network
* CPU overrun
* Process starts the services
* System was rebooted
* Task contains several apps running
* Application downloaded the executable file
* Actions similar to stealing personal data
* Task has apps ended with an error
* File is detected by antivirus software
* Inspected object has suspicious PE structure
* Behavior similar to exploiting the vulnerability
* Task contains an error or was rebooted
* The process has the malware config
PROCESS INFORMATION
PID
CMD
Path
Indicators
Parent process
3468"C:\Program Files\Mozilla Firefox\firefox.exe"
"https://downloadonelaunchnow.com"C:\Program Files\Mozilla
Firefox\firefox.exe—explorer.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
115.0.2
MODULES
Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* Next
*
3836"C:\Program Files\Mozilla Firefox\firefox.exe"
https://downloadonelaunchnow.comC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\msvcp140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* …
* 15
* Next
*
280"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.0.2048005219\1133799334" -parentBuildID 20230710165010
-prefsHandle 1092 -prefMapHandle 1084 -prefsLen 25853 -prefMapSize 243323
-appDir "C:\Program Files\Mozilla Firefox\browser" -
{9b06da53-ae04-4f00-bf42-5b3be9b971c7} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 1176 d47b500 gpuC:\Program Files\Mozilla
Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\msvcp140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
2044"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.1.1233655429\464071188" -parentBuildID 20230710165010
-prefsHandle 1408 -prefMapHandle 1404 -prefsLen 25929 -prefMapSize 243323
-appDir "C:\Program Files\Mozilla Firefox\browser" -
{78aeebb7-6000-419a-80a1-520c6999b295} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 1420 cbbb2c0 socketC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* Next
*
1356"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.2.1422227169\1796908071" -childID 1 -isForBrowser -prefsHandle
2144 -prefMapHandle 1988 -prefsLen 24503 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {cee634e9-13d7-4d8f-803b-3544b995ff46} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 2156 cbf5c90 tabC:\Program Files\Mozilla
Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
3796"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.3.1171630511\339021618" -childID 2 -isForBrowser -prefsHandle
1744 -prefMapHandle 1948 -prefsLen 27510 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {13c09432-53c1-4331-8d93-076434400a80} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 2340 156673f0 tabC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\msvcp140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
2728"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.4.620507296\1378216651" -childID 3 -isForBrowser -prefsHandle
2548 -prefMapHandle 2552 -prefsLen 24645 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {fdcf7522-cb71-40f4-bbf0-8bbd75c2def5} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 2536 15667560 tabC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
3816"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.5.2034636916\848232450" -parentBuildID 20230710165010
-prefsHandle 3116 -prefMapHandle 3112 -prefsLen 27916 -prefMapSize 243323
-appDir "C:\Program Files\Mozilla Firefox\browser" -
{b92242c3-83a7-4d24-a1c4-c689d8967deb} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 3128 1f167120 rddC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\msvcp140.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* 9
* Next
*
2836"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.6.1637748223\212242350" -childID 4 -isForBrowser -prefsHandle
3860 -prefMapHandle 3852 -prefsLen 29711 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {db7656fb-f6aa-423c-b5b9-32d2101e8410} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 3884 1f6f53f0 tabC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
3428"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc
--channel="3836.7.814563364\1482745490" -childID 5 -isForBrowser -prefsHandle
3532 -prefMapHandle 3856 -prefsLen 29711 -prefMapSize 243323 -jsInitHandle 920
-jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program
Files\Mozilla Firefox\browser" - {368b7197-991e-4f64-828d-e024dc3410b5} 3836
"\\.\pipe\gecko-crash-server-pipe.3836" 3988 21f4eb20 tabC:\Program
Files\Mozilla Firefox\firefox.exe—firefox.exe
INFORMATION
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
MODULES
Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* Next
*
* Previous
* 1
* 2
* Next
*
10
* 10
* 20
* 30
* 40
* 60
REGISTRY ACTIVITY
Add for printing
Total events
11 208
Read events
11 158
Write events
45
Delete events
5
MODIFICATION EVENTS
(PID)
Process:(3468) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\LauncherOperation:delete
valueName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
09611C1E1E000000
(PID)
Process:(3468) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\LauncherOperation:delete
valueName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
AD681C1E1E000000
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\LauncherOperation:writeName:C:\Program
Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
1
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperimentOperation:writeName:C:\Program
Files\Mozilla Firefox\firefox.exe
Value:
0
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default
Browser AgentOperation:writeName:C:\Program Files\Mozilla
Firefox|DisableTelemetry
Value:
1
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default
Browser AgentOperation:writeName:C:\Program Files\Mozilla
Firefox|DisableDefaultBrowserAgent
Value:
0
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
SettingsOperation:writeName:ProxyEnable
Value:
0
(PID)
Process:(3836) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ConnectionsOperation:writeName:SavedLegacySettings
Value:
4600000040010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3836) firefox.exeKey:HKEY_CLASSES_ROOT\Local
Settings\MuiCache\178\52C64B7EOperation:writeName:LanguageList
Value:
en-US
(PID)
Process:(3268) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Media Player
NSS\3.0\Events\{2F4BA1A2-05D0-46FF-9ABE-D20F0F52175B}\{4C7C25D3-8317-4B27-A3DF-98D4B76C1BF5}Operation:delete
keyName:(default)
Value:
* Previous
* 1
* 2
* 3
* Next
*
10
* 10
* 20
* 30
* 40
* 60
FILES ACTIVITY
Add for printing
Executable files
5
Suspicious files
184
Text files
82
Unknown types
0
DROPPED FILES
PID
Process
Filename
Type
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite-wal
—
MD5:—
SHA256:—
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.initext
MD5:5A14BC3397EA072906B63D69FC704FEA
SHA256:03F45724EA1FE89E753AA76B40DE9078BFC9160AA1065ED9D4D98DA04B7FB3E7
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite-journalbinary
MD5:7C0F7ED486449510BD3FB8C0D7D5ADAF
SHA256:94DC9DF298B5637F0E7719DC86BB3E8E77C49CF5444519760D4A18930AB405F6
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.tmptext
MD5:EB39F89D2A6CAF93BF8D86EF1DDA0ADA
SHA256:13F164FC2728092277A92F98A3D7715C39A5A65A092EE9683434F9EC5D2916C6
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.jstext
MD5:31780728EF802E178BEEA21AEDAA1902
SHA256:F4B4361A7B3ADEADCDEF4EF26251D382EC4628C965810F4A4F992D39F987B61B
3836firefox.exeC:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\profile_count_308046B0AF4A39CB.jsonbinary
MD5:58728D2E9D553BB2369BDB4A618ACAE5
SHA256:7EBC652A4B5B43608F61AC1057C51EC2EC1C8E33BBEB130794E15AF72BEB42E8
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\ls-archive-tmp.sqlitebinary
MD5:446FBAA8B14B3C86BFCEF8BE65EE7D80
SHA256:47DBD4AF1EF0E76FD0FC756D4F3A397C251F63CB1B71B1B4405FCA69C1DED6E0
3836firefox.exeC:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.jsonbinary
MD5:E812E56D0B6EDF84B4A0B959F53E239F
SHA256:D55B72651CD0C5B834EAA29BA778BE7EDC357C16163A77AE778DCD61E85C3582
3836firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.jsontext
MD5:EB39F89D2A6CAF93BF8D86EF1DDA0ADA
SHA256:13F164FC2728092277A92F98A3D7715C39A5A65A092EE9683434F9EC5D2916C6
Download PCAP, analyze network streams, HTTP content and a lot more at the full
report
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* …
* 16
* Next
*
10
* 10
* 20
* 30
* 40
* 60
NETWORK ACTIVITY
Add for printing
HTTP(S) requests
15
TCP/UDP connections
80
DNS requests
143
Threats
0
HTTP REQUESTS
PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3836
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
US
text
90 b
whitelisted
3836
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
3836
firefox.exe
POST
200
23.53.40.154:80
http://r3.o.lencr.org/
NL
binary
503 b
shared
3836
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
US
binary
471 b
whitelisted
3836
firefox.exe
POST
—
23.53.40.154:80
http://r3.o.lencr.org/
NL
—
—
shared
3836
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
3836
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
US
text
90 b
whitelisted
3836
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
US
binary
471 b
whitelisted
3836
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
US
binary
471 b
whitelisted
3836
firefox.exe
POST
200
23.53.40.154:80
http://r3.o.lencr.org/
NL
binary
503 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full
report
* Previous
* 1
* 2
* Next
*
10
* 10
* 20
* 30
* 40
* 60
CONNECTIONS
PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
—
—
—
whitelisted
4
System
192.168.100.255:137
—
—
—
whitelisted
2640
svchost.exe
239.255.255.250:1900
—
—
—
whitelisted
1068
svchost.exe
224.0.0.252:5355
—
—
—
unknown
3836
firefox.exe
188.114.97.3:443
downloadonelaunchnow.com
—
—
malicious
3836
firefox.exe
23.53.40.154:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
3836
firefox.exe
13.224.192.222:80
ocsp.r2m02.amazontrust.com
AMAZON-02
US
unknown
3836
firefox.exe
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
suspicious
3836
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3836
firefox.exe
104.17.25.14:443
cdnjs.cloudflare.com
CLOUDFLARENET
—
suspicious
* Previous
* 1
* 2
* 3
* 4
* Next
*
10
* 10
* 20
* 30
* 40
* 60
DNS REQUESTS
Domain
IP
Reputation
downloadonelaunchnow.com
* 188.114.97.3
* 188.114.96.3
* 2a06:98c1:3120::3
* 2a06:98c1:3121::3
malicious
detectportal.firefox.com
* 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
* 34.107.221.82
* 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
* 34.117.237.239
whitelisted
spocs.getpocket.com
* 54.88.103.11
* 3.229.85.40
* 52.55.246.60
* 3.229.237.11
shared
proxyserverecs-1736642167.us-east-1.elb.amazonaws.com
* 3.229.237.11
* 52.55.246.60
* 3.229.85.40
* 54.88.103.11
shared
normandy.cdn.mozilla.net
* 35.201.103.21
whitelisted
normandy-cdn.services.mozilla.com
* 35.201.103.21
whitelisted
r3.o.lencr.org
* 23.53.40.154
* 23.53.40.161
* 2.16.202.121
* 95.101.54.131
shared
a1887.dscq.akamai.net
* 23.53.40.161
* 23.53.40.154
* 2a02:26f0:3500:e::1732:835c
* 2a02:26f0:3500:e::1732:8353
* 95.101.54.131
* 2.16.202.121
* 2a02:26f0:480:e::210:f10f
* 2a02:26f0:480:e::210:f108
whitelisted
* Previous
* 1
* 2
* 3
* 4
* 5
* 6
* Next
*
10
* 10
* 20
* 30
* 40
* 60
THREATS
No threats detected
DEBUG OUTPUT STRINGS
Add for printing
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2023 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://downloadonelaunchnow.com
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*