URL:

https://urlgoal.com/2y4zpf

Full analysis: https://app.any.run/tasks/aefdecda-c6ae-4687-8c04-058104339cb6
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 15, 2024, 16:10:28
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
downloadassistant
Indicators:
MD5:

40E69621E3E42D918164887E5AEBA34C

SHA1:

16E7D74347576F4F8063753380C106C9B2822766

SHA256:

068EE199578DF5C1703C65CF6DA32EC154F07CFF1CB016B1FBBA45C07B6BFD6F

SSDEEP:

3:N8UJOdap:2UJOdap

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • whois-database-downl_d63mAyKRuj.exe (PID: 5076)
      • whois-database-downl_d63mAyKRuj.exe (PID: 5208)
      • whois-database-downl_d63mAyKRuj.tmp (PID: 5216)

    • DOWNLOADASSISTANT has been detected (SURICATA)

      • studiotwo32.exe (PID: 5240)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • whois-database-downl_d63mAyKRuj.exe (PID: 5076)
      • whois-database-downl_d63mAyKRuj.exe (PID: 5208)
      • whois-database-downl_d63mAyKRuj.tmp (PID: 5216)

    • Reads the Windows owner or organization settings

      • whois-database-downl_d63mAyKRuj.tmp (PID: 5216)

    • Process drops legitimate windows executable

      • whois-database-downl_d63mAyKRuj.tmp (PID: 5216)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 5232)

    • Access to an unwanted program domain was detected

      • studiotwo32.exe (PID: 5240)

      • studiotwo32.exe (PID: 5240)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 3392)
      • firefox.exe (PID: 3344)
      • msedge.exe (PID: 3368)

    • The process uses the downloaded file

      • msedge.exe (PID: 4712)
      • WinRAR.exe (PID: 4908)

    • Manual execution by a user

      • msedge.exe (PID: 3368)
      • WinRAR.exe (PID: 4908)
      • whois-database-downl_d63mAyKRuj.exe (PID: 5076)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4908)
      • firefox.exe (PID: 3392)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 4908)
      • firefox.exe (PID: 3392)

    • Create files in a temporary directory

      • whois-database-downl_d63mAyKRuj.exe (PID: 5076)
      • whois-database-downl_d63mAyKRuj.exe (PID: 5208)
      • whois-database-downl_d63mAyKRuj.tmp (PID: 5216)

    • Checks supported languages

      • whois-database-downl_d63mAyKRuj.exe (PID: 5076)
      • whois-database-downl_d63mAyKRuj.tmp (PID: 5084)
      • whois-database-downl_d63mAyKRuj.exe (PID: 5208)
      • studiotwo32.exe (PID: 5240)
      • whois-database-downl_d63mAyKRuj.tmp (PID: 5216)

    • Reads the computer name

      • whois-database-downl_d63mAyKRuj.tmp (PID: 5084)
      • whois-database-downl_d63mAyKRuj.tmp (PID: 5216)
      • studiotwo32.exe (PID: 5240)

    • Creates a software uninstall entry

      • whois-database-downl_d63mAyKRuj.tmp (PID: 5216)

    • Creates files or folders in the user directory

      • whois-database-downl_d63mAyKRuj.tmp (PID: 5216)

    • Reads the machine GUID from the registry

      • studiotwo32.exe (PID: 5240)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
83
Monitored processes
40
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe whois-database-downl_d63maykruj.exe whois-database-downl_d63maykruj.tmp no specs whois-database-downl_d63maykruj.exe whois-database-downl_d63maykruj.tmp schtasks.exe no specs #DOWNLOADASSISTANT studiotwo32.exe msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
348"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3392.7.1139792401\57092596" -childID 6 -isForBrowser -prefsHandle 3892 -prefMapHandle 3884 -prefsLen 29320 -prefMapSize 244195 -jsInitHandle 884 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d27f03c-71e6-4258-bdb7-1f067b0f5277} 3392 "\\.\pipe\gecko-crash-server-pipe.3392" 4216 19bf86d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
448"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1376,i,13369606693052865793,17352940792051118401,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
748"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3392.6.1605902321\876061771" -childID 5 -isForBrowser -prefsHandle 3692 -prefMapHandle 3892 -prefsLen 32679 -prefMapSize 244195 -jsInitHandle 884 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c61a887b-1963-4b75-8792-f9eec86f0686} 3392 "\\.\pipe\gecko-crash-server-pipe.3392" 3908 18daf3f0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1652"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6919f598,0x6919f5a8,0x6919f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1756"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3392.5.591311507\1405291654" -childID 4 -isForBrowser -prefsHandle 1996 -prefMapHandle 2200 -prefsLen 29163 -prefMapSize 244195 -jsInitHandle 884 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3422f51b-ffe5-4bb9-b274-45097b1fb709} 3392 "\\.\pipe\gecko-crash-server-pipe.3392" 3884 18daf280 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2544"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3392.3.79083752\982015027" -childID 2 -isForBrowser -prefsHandle 2832 -prefMapHandle 2824 -prefsLen 34225 -prefMapSize 244195 -jsInitHandle 884 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc1fd88f-3038-4a7e-a686-e773265e24bd} 3392 "\\.\pipe\gecko-crash-server-pipe.3392" 2852 164f5f70 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2588"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3392.4.1026454666\429889326" -childID 3 -isForBrowser -prefsHandle 3692 -prefMapHandle 3616 -prefsLen 29163 -prefMapSize 244195 -jsInitHandle 884 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {917431f6-9006-454b-816c-b5dfff79b8c0} 3392 "\\.\pipe\gecko-crash-server-pipe.3392" 3656 183f8e00 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2700"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1376,i,13369606693052865793,17352940792051118401,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2956"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3392.1.1865092696\830189928" -parentBuildID 20230710165010 -prefsHandle 1416 -prefMapHandle 1412 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {959ae268-cbd8-43f3-b479-e69cbf3e4769} 3392 "\\.\pipe\gecko-crash-server-pipe.3392" 1432 ed1b070 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
3132"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1004 --field-trial-handle=1376,i,13369606693052865793,17352940792051118401,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
39 930
Read events
39 793
Write events
122
Delete events
15

Modification events

(PID) Process:(3344) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
96DA624400000000
(PID) Process:(3392) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
85E0644400000000
(PID) Process:(3392) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Installer\308046B0AF4A39CB
Operation:delete valueName:installer.taskbarpin.win10.enabled
Value:
(PID) Process:(3392) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(3392) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3392) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Theme
Value:
1
(PID) Process:(3392) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Enabled
Value:
1
(PID) Process:(3392) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
(PID) Process:(3392) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
Value:
0
(PID) Process:(3392) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|SetDefaultBrowserUserChoice
Value:
1
Executable files
53
Suspicious files
243
Text files
77
Unknown types
15

Dropped files

PID
Process
Filename
Type
3392firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
3392firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.binbinary
MD5:04BADC0A17F546BBD91CC2404D2776D9
SHA256:54CD83D3031D15EA1F5B1C5D73416C0B2F9151F93E130DD525DDA488A8EB9110
3392firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3392firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.jstext
MD5:A4C0253717519EB0B07D5D8DD14F5D02
SHA256:115B88AA451EA9D5CD010C60DB4B97759E55ECE806CF6C4EBA737C6290C0D044
3392firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalbinary
MD5:A9D7394DAD554287DBB5BDC647878784
SHA256:1C987BA35A69B9690FC3A13EB23B11A1C2C983DF0134C09353A91C0A110263D8
3392firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3392firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3392firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.jstext
MD5:A4C0253717519EB0B07D5D8DD14F5D02
SHA256:115B88AA451EA9D5CD010C60DB4B97759E55ECE806CF6C4EBA737C6290C0D044
3392firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3392firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\activity-stream.discovery_stream.json.tmpbinary
MD5:0C27D1CC03B8190BB770D6C2785E14D9
SHA256:0F70B8015FFA8A5BA5A7B04C29B658676D55AAE24CCBB9487809D5750E3C8EDB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
132
DNS requests
195
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3392
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
3392
firefox.exe
POST
200
184.24.77.75:80
http://r3.o.lencr.org/
unknown
unknown
3392
firefox.exe
POST
200
184.24.77.80:80
http://r10.o.lencr.org/
unknown
unknown
3392
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
3392
firefox.exe
POST
200
184.24.77.80:80
http://r10.o.lencr.org/
unknown
unknown
3392
firefox.exe
POST
200
184.24.77.80:80
http://r10.o.lencr.org/
unknown
unknown
1372
svchost.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
whitelisted
3392
firefox.exe
POST
200
142.250.181.227:80
http://o.pki.goog/wr2
unknown
unknown
3392
firefox.exe
POST
200
142.250.181.227:80
http://o.pki.goog/wr2
unknown
unknown
3392
firefox.exe
POST
200
184.24.77.75:80
http://r11.o.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1372
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3392
firefox.exe
172.67.142.17:443
urlgoal.com
unknown
3392
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3392
firefox.exe
34.117.188.166:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
3392
firefox.exe
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
unknown
3392
firefox.exe
184.24.77.80:80
r10.o.lencr.org
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
  • 172.217.16.206
whitelisted
urlgoal.com
  • 172.67.142.17
  • 104.21.54.204
  • 2606:4700:3033::ac43:8e11
  • 2606:4700:3036::6815:36cc
malicious
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
spocs.getpocket.com
  • 34.117.188.166
whitelisted
prod.ads.prod.webservices.mozgcp.net
  • 34.117.188.166
unknown
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted
r10.o.lencr.org
  • 184.24.77.80
  • 184.24.77.57
  • 184.24.77.47
  • 184.24.77.56
  • 184.24.77.53
  • 184.24.77.54
  • 184.24.77.52
  • 184.24.77.79
  • 184.24.77.83
whitelisted
r3.o.lencr.org
  • 184.24.77.75
  • 184.24.77.81
  • 184.24.77.57
  • 184.24.77.77
  • 184.24.77.69
  • 184.24.77.73
  • 184.24.77.61
  • 184.24.77.74
  • 184.24.77.83
whitelisted

Threats

PID
Process
Class
Message
1060
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] hCaptcha Enterprise Challenge
1060
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
1060
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
3132
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
5240
studiotwo32.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] DownloadAssistant HTTP POST Request
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://urlgoal.com/2y4zpf