URL:

https://google.com

Full analysis: https://app.any.run/tasks/ae4582e1-d38a-49d7-9a90-a28a5db87649
Verdict: Malicious activity
Analysis date: April 23, 2019, 12:02:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

99999EBCFDB78DF077AD2727FD00969F

SHA1:

72FE95C5576EC634E214814A32AB785568EDA76A

SHA256:

05046F26C83E8C88B3DDAB2EAB63D0D16224AC1E564535FC75CDCEEE47A0938D

SSDEEP:

3:N8r3uK:2LuK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 2356)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 2356)

    • Reads CPU info

      • firefox.exe (PID: 2356)

    • Writes to a desktop.ini file (may be used to cloak folders)

      • firefox.exe (PID: 3612)

    • Reads settings of System Certificates

      • firefox.exe (PID: 2356)

    • Dropped object may contain Bitcoin addresses

      • firefox.exe (PID: 2356)

    • Creates files in the user directory

      • firefox.exe (PID: 2356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
2356"C:\Program Files\Mozilla Firefox\firefox.exe" https://google.comC:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2660"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2356.13.1420238395\1266817456" -childID 2 -isForBrowser -prefsHandle 2500 -prefMapHandle 2504 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2356 "\\.\pipe\gecko-crash-server-pipe.2356" 2516 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2844"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2356.20.906670639\674409800" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3432 -prefsLen 5824 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2356 "\\.\pipe\gecko-crash-server-pipe.2356" 3444 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3388"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2356.27.1673895833\1917930058" -childID 4 -isForBrowser -prefsHandle 1704 -prefMapHandle 7648 -prefsLen 6889 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2356 "\\.\pipe\gecko-crash-server-pipe.2356" 7636 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3612"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2356.6.59818464\1972180101" -childID 1 -isForBrowser -prefsHandle 1536 -prefMapHandle 1572 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2356 "\\.\pipe\gecko-crash-server-pipe.2356" 1504 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3936"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2356.0.1602548640\1997554014" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 2356 "\\.\pipe\gecko-crash-server-pipe.2356" 1088 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
Total events
1 194
Read events
1 182
Write events
12
Delete events
0

Modification events

(PID) Process:(2356) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2356) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2356) firefox.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
1
Suspicious files
217
Text files
60
Unknown types
99

Dropped files

PID
Process
Filename
Type
2356firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
2356firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
MD5:
SHA256:
2356firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\trash13105
MD5:
SHA256:
2356firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
MD5:
SHA256:
2356firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
2356firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.binbinary
MD5:
SHA256:
2356firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.binbinary
MD5:
SHA256:
2356firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AB71A0F9239E92AC1E2F2BF2BB2A5E82EA3A457Bder
MD5:
SHA256:
2356firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DC1D9C13F2003899E9E72113E6ECBD39F2821D4Eder
MD5:
SHA256:
2356firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.jstext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
67
DNS requests
172
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2356
firefox.exe
POST
200
172.217.23.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
2.16.106.50:80
http://ocsp.comodoca.com/
unknown
der
471 b
whitelisted
2356
firefox.exe
POST
200
5.45.205.242:80
http://yandex.ocsp-responder.com/
RU
der
1.52 Kb
whitelisted
2356
firefox.exe
POST
200
2.16.106.50:80
http://ocsp.comodoca.com/
unknown
der
471 b
whitelisted
2356
firefox.exe
POST
200
2.16.106.50:80
http://ocsp.comodoca.com/
unknown
der
471 b
whitelisted
2356
firefox.exe
POST
200
5.45.205.242:80
http://yandex.ocsp-responder.com/
RU
der
1.52 Kb
whitelisted
2356
firefox.exe
POST
200
5.45.205.242:80
http://yandex.ocsp-responder.com/
RU
der
1.52 Kb
whitelisted
2356
firefox.exe
POST
200
172.217.23.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
172.217.23.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
2356
firefox.exe
POST
200
172.217.23.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2356
firefox.exe
2.16.106.152:80
detectportal.firefox.com
Akamai International B.V.
whitelisted
2356
firefox.exe
172.217.22.78:443
google.com
Google Inc.
US
whitelisted
172.217.22.78:443
google.com
Google Inc.
US
whitelisted
2356
firefox.exe
172.217.23.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2356
firefox.exe
172.217.18.100:443
www.google.com
Google Inc.
US
whitelisted
2356
firefox.exe
52.35.250.5:443
tiles.services.mozilla.com
Amazon.com, Inc.
US
unknown
2356
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2356
firefox.exe
216.58.205.238:443
consent.google.com
Google Inc.
US
whitelisted
2356
firefox.exe
172.217.22.14:443
apis.google.com
Google Inc.
US
whitelisted
2356
firefox.exe
216.58.206.3:443
ssl.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 2.16.106.152
  • 2.16.106.209
whitelisted
google.com
  • 172.217.22.78
malicious
a1089.dscd.akamai.net
  • 2.16.106.209
  • 2.16.106.152
whitelisted
ocsp.pki.goog
  • 172.217.23.163
whitelisted
search.services.mozilla.com
  • 52.10.42.204
  • 52.27.229.90
  • 54.200.51.65
whitelisted
search.r53-2.services.mozilla.com
  • 54.200.51.65
  • 52.27.229.90
  • 52.10.42.204
whitelisted
pki-goog.l.google.com
  • 172.217.23.163
whitelisted
tiles.services.mozilla.com
  • 52.35.250.5
  • 35.164.130.113
  • 52.42.232.148
  • 52.43.40.243
  • 52.34.132.219
  • 35.165.22.140
  • 52.26.103.165
  • 52.10.122.55
  • 34.208.143.106
  • 35.162.29.26
  • 34.214.69.153
whitelisted
tiles.r53-2.services.mozilla.com
  • 52.10.122.55
  • 52.26.103.165
  • 35.165.22.140
  • 52.34.132.219
  • 52.43.40.243
  • 52.42.232.148
  • 35.164.130.113
  • 52.35.250.5
  • 34.214.69.153
  • 35.162.29.26
  • 34.208.143.106
whitelisted
snippets.cdn.mozilla.net
  • 143.204.205.62
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://google.com