URL:

https://www.atube.me/

Full analysis: https://app.any.run/tasks/4afd3c31-547b-453d-a1b9-7cdb105e4204
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 09, 2025, 22:45:34
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
netreactor
arch-exec
arch-scr
evasion
loader
Indicators:
MD5:

A9310F30A2929A60D1D7C90843C6520B

SHA1:

9CAE8124EF436F45F628492AE1FB6E4CE57826B1

SHA256:

12E7C213EEED2819434DA6A7E7584ABC29F9EC1D6466A9A4A906F13F3B9896C8

SSDEEP:

3:N8DSLdv:2OL5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Antivirus name has been found in the command line (generic signature)

      • AVGUI.exe (PID: 668)
      • AVGUI.exe (PID: 8760)
      • AVGUI.exe (PID: 4736)
      • AVGUI.exe (PID: 7932)
      • AVGUI.exe (PID: 3080)
      • AVGUI.exe (PID: 5164)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • avg_antivirus_free_setup.exe (PID: 5720)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 6964)
      • saBSI.exe (PID: 7968)
      • icarus.exe (PID: 7428)
      • installer.exe (PID: 8028)
      • aTube_Catcher.tmp (PID: 8148)
      • icarus.exe (PID: 7324)
      • engsup.exe (PID: 5952)
      • AVGSvc.exe (PID: 7084)
      • aswOfferTool.exe (PID: 7848)
      • installer.exe (PID: 4188)

    • Reads security settings of Internet Explorer

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 7968)
      • saBSI.exe (PID: 2096)
      • installer.exe (PID: 4188)

    • Adds/modifies Windows certificates

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 7968)

    • The process verifies whether the antivirus software is installed

      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 7428)
      • installer.exe (PID: 8028)
      • installer.exe (PID: 4188)

    • Starts itself from another location

      • icarus.exe (PID: 6964)

    • Process drops legitimate windows executable

      • icarus.exe (PID: 7428)
      • installer.exe (PID: 4188)
      • aTube_Catcher.tmp (PID: 8148)
      • engsup.exe (PID: 5952)

    • The process creates files with name similar to system file names

      • icarus.exe (PID: 7428)
      • installer.exe (PID: 4188)

    • There is functionality for taking screenshot (YARA)

      • avg_antivirus_free_setup.exe (PID: 5720)

    • Creates/Modifies COM task schedule object

      • installer.exe (PID: 4188)

    • Starts CMD.EXE for commands execution

      • updater.exe (PID: 540)

    • Drops a system driver (possible attempt to evade defenses)

      • icarus.exe (PID: 7428)
      • engsup.exe (PID: 5952)

    • Process drops python dynamic module

      • aTube_Catcher.tmp (PID: 8148)

    • The process drops C-runtime libraries

      • aTube_Catcher.tmp (PID: 8148)
      • engsup.exe (PID: 5952)
      • icarus.exe (PID: 7428)

    • Checks for external IP

      • AvEmUpdate.exe (PID: 6244)
      • AVGSvc.exe (PID: 7084)
      • avgToolsSvc.exe (PID: 6736)

    • Executes as Windows Service

      • wsc_proxy.exe (PID: 7372)
      • afwServ.exe (PID: 2960)
      • AVGSvc.exe (PID: 7084)
      • avgToolsSvc.exe (PID: 6736)
      • aswidsagent.exe (PID: 8316)
      • servicehost.exe (PID: 976)

    • Process requests binary or script from the Internet

      • AVGSvc.exe (PID: 7084)

    • Connects to unusual port

      • AVGSvc.exe (PID: 7084)

    • Application launched itself

      • AVGUI.exe (PID: 668)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 6044)
      • firefox.exe (PID: 4108)

    • Reads Environment values

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • icarus.exe (PID: 7428)

    • Reads the machine GUID from the registry

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 7968)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • avg_antivirus_free_setup.exe (PID: 5720)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 6964)
      • icarus.exe (PID: 7324)
      • icarus.exe (PID: 7428)
      • installer.exe (PID: 4188)

    • Reads the software policy settings

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • avg_antivirus_free_setup.exe (PID: 5720)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 7968)
      • saBSI.exe (PID: 2096)
      • installer.exe (PID: 4188)
      • slui.exe (PID: 1228)

    • Checks proxy server information

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 7968)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 2096)

    • Reads the computer name

      • saBSI.exe (PID: 7968)
      • avg_antivirus_free_setup.exe (PID: 5720)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 6964)
      • icarus.exe (PID: 7324)
      • icarus.exe (PID: 7428)
      • installer.exe (PID: 4188)

    • Disables trace logs

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)

    • Checks supported languages

      • avg_antivirus_free_setup.exe (PID: 5720)
      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 7968)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 6964)
      • icarus.exe (PID: 7428)
      • icarus.exe (PID: 7324)
      • installer.exe (PID: 8028)
      • installer.exe (PID: 4188)

    • The sample compiled with english language support

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • avg_antivirus_free_setup.exe (PID: 5720)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 7968)
      • icarus.exe (PID: 6964)
      • icarus.exe (PID: 7428)
      • installer.exe (PID: 8028)
      • installer.exe (PID: 4188)
      • aTube_Catcher.tmp (PID: 8148)
      • icarus.exe (PID: 7324)
      • engsup.exe (PID: 5952)
      • AVGSvc.exe (PID: 7084)
      • aswOfferTool.exe (PID: 7848)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 6044)

    • Creates files in the program directory

      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 7968)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 6964)
      • icarus.exe (PID: 7428)
      • installer.exe (PID: 8028)
      • installer.exe (PID: 4188)

    • Create files in a temporary directory

      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 2096)
      • installer.exe (PID: 4188)

    • .NET Reactor protector has been detected

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)

    • Creates files or folders in the user directory

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)

    • Reads CPU info

      • icarus.exe (PID: 6964)
      • icarus.exe (PID: 7324)
      • icarus.exe (PID: 7428)

    • The sample compiled with czech language support

      • icarus.exe (PID: 7428)

    • Manual execution by a user

      • AVGUI.exe (PID: 668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
70
Malicious processes
12
Suspicious processes
2

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs sppextcomobj.exe no specs slui.exe firefox.exe no specs firefox.exe no specs atube_catcher_v1.74.03.20.09.5.exe no specs atube_catcher_v1.74.03.20.09.5.exe avg_antivirus_free_setup.exe no specs sabsi.exe avg_antivirus_free_online_setup.exe sabsi.exe icarus.exe icarus.exe icarus.exe slui.exe installer.exe installer.exe servicehost.exe uihost.exe no specs updater.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs atube_catcher.tmp no specs engsup.exe setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe regsvr.exe no specs regsvr.exe no specs setupinf.exe no specs wsc_proxy.exe no specs wsc_proxy.exe no specs afwserv.exe no specs avgsvc.exe avgtoolssvc.exe aswengsrv.exe no specs aswidsagent.exe no specs overseer.exe wpr.exe no specs conhost.exe no specs icarus.exe unsecapp.exe no specs avgui.exe icarus.exe engsup.exe no specs aswoffertool.exe icarus.exe aswoffertool.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe avgui.exe no specs avgui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files\Common Files\AVG\Icarus\avg-av\aswOfferTool.exe" -checkChromeReactivation -bc=AWFCC:\Program Files\Common Files\AVG\Icarus\avg-av\aswOfferTool.exeAVGSvc.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Offer Installation Tool
Exit code:
0
Version:
25.4.9091.0
Modules
Images
c:\program files\common files\avg\icarus\avg-av\aswoffertool.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\program files\avg\antivirus\x86\aswhook.dll
c:\windows\syswow64\advapi32.dll
540"C:\Program Files\McAfee\WebAdvisor\updater.exe" C:\Program Files\McAfee\WebAdvisor\updater.exe
servicehost.exe
User:
SYSTEM
Company:
McAfee, LLC
Integrity Level:
SYSTEM
Description:
McAfee WebAdvisor(updater)
Exit code:
0
Version:
4,1,1,1025
Modules
Images
c:\program files\mcafee\webadvisor\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
668"C:\Program Files\AVG\Antivirus\AVGUI.exe" /silent_welcomeC:\Program Files\AVG\Antivirus\AVGUI.exe
explorer.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Antivirus
Version:
25.4.10068.0
Modules
Images
c:\program files\avg\antivirus\avgui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\avg\antivirus\aswhook.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
680"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -parentBuildID 20240213221259 -sandboxingKind 1 -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 38191 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {493929bb-8165-4ac5-a7fb-0afccd221051} 6044 "\\.\pipe\gecko-crash-server-pipe.6044" 2826927b310 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
976"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"C:\Program Files\McAfee\WebAdvisor\servicehost.exe
services.exe
User:
SYSTEM
Company:
McAfee, LLC
Integrity Level:
SYSTEM
Description:
McAfee WebAdvisor(service)
Version:
4,1,1,1025
Modules
Images
c:\program files\mcafee\webadvisor\servicehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1096"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRdr2.catC:\Program Files\AVG\Antivirus\SetupInf.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
25.4.10068.0
Modules
Images
c:\program files\avg\antivirus\setupinf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1228"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1228"C:\Program Files\AVG\Antivirus\RegSvr.exe" "C:\Program Files\AVG\Antivirus\aswAMSI.dll"C:\Program Files\AVG\Antivirus\RegSvr.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
25.4.10068.0
Modules
Images
c:\program files\avg\antivirus\regsvr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
1324"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5020 -parentBuildID 20240213221259 -prefsHandle 5152 -prefMapHandle 5188 -prefsLen 38191 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19cdeebe-14fb-4c41-960e-55811cf9f8f4} 6044 "\\.\pipe\gecko-crash-server-pipe.6044" 2825fc92e10 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
1388"C:\Program Files\McAfee\WebAdvisor\UIHost.exe" C:\Program Files\McAfee\WebAdvisor\uihost.exeservicehost.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
MEDIUM
Description:
McAfee WebAdvisor(user level process)
Version:
4,1,1,1025
Modules
Images
c:\program files\mcafee\webadvisor\uihost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
100 186
Read events
98 620
Write events
1 440
Delete events
126

Modification events

(PID) Process:(6044) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(6044) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
Executable files
1 638
Suspicious files
2 374
Text files
1 826
Unknown types
1

Dropped files

PID
Process
Filename
Type
6044firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6044firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-child-current.binbinary
MD5:C95DDC2B1A525D1A243E4C294DA2F326
SHA256:3A5919E086BFB31E36110CF636D2D5109EB51F2C410B107F126126AB25D67363
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.binbinary
MD5:F759EB25271E6A6F0A3500520813E5FE
SHA256:015E515D432DD64FDC9502ABE9C723EEF544E7AF11C36BDFE8B38412597CA1EC
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:2C99A16AED3906D92FFE3EF1808E2753
SHA256:08412578CC3BB4922388F8FF8C23962F616B69A1588DA720ADE429129C73C452
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.db-journalbinary
MD5:F73E15BBAED2C7CB04F59DCE3CE0CEF3
SHA256:D98CA9EB71EF2BC3A8C6F8012B2B137F00C97F58F16F8114D7B8EFAC66E9DE22
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\AlternateServices.binbinary
MD5:C3EBB7090B1445BDDECEDC3C7E77B90F
SHA256:52489EBBA6EC5DB7F2EAE041B9BAABCA95D2148404E7ECFAA81E340C03C8D8B4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
68
TCP/UDP connections
289
DNS requests
335
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.141:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6044
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
6044
firefox.exe
POST
200
184.24.77.65:80
http://r10.o.lencr.org/
unknown
whitelisted
6044
firefox.exe
POST
200
184.24.77.82:80
http://r11.o.lencr.org/
unknown
whitelisted
6044
firefox.exe
POST
200
142.250.186.67:80
http://o.pki.goog/we2
unknown
whitelisted
6044
firefox.exe
POST
200
142.250.186.67:80
http://o.pki.goog/we2
unknown
whitelisted
6044
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
6044
firefox.exe
POST
200
184.24.77.82:80
http://r11.o.lencr.org/
unknown
whitelisted
6044
firefox.exe
POST
200
142.250.186.67:80
http://o.pki.goog/we2
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.48.23.141:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6044
firefox.exe
15.235.64.10:443
www.atube.me
OVH SAS
CA
whitelisted
6044
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
whitelisted
6044
firefox.exe
142.250.185.170:443
safebrowsing.googleapis.com
whitelisted
6044
firefox.exe
184.24.77.67:80
r10.o.lencr.org
Akamai International B.V.
DE
whitelisted
6044
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.206
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 23.48.23.141
  • 23.48.23.162
  • 23.48.23.145
  • 23.48.23.159
  • 23.48.23.156
  • 23.48.23.138
  • 23.48.23.161
  • 23.48.23.143
  • 23.48.23.140
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
www.atube.me
  • 15.235.64.10
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 23.215.0.133
  • 96.7.128.186
  • 23.215.0.132
  • 96.7.128.192
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
6244
AvEmUpdate.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
6736
avgToolsSvc.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
7084
AVGSvc.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
7084
AVGSvc.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
7084
AVGSvc.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
7084
AVGSvc.exe
Misc activity
INFO [ANY.RUN] Possible short link service (bit .ly)
7084
AVGSvc.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Process
Message
AVGSvc.exe
[2025-05-09 22:49:40.388] [error ] [dnsdoh ] [ 7084: 8196] [7BDCB8: 73] failed to restore usage statistics Exception: corrupted file
AVGSvc.exe
[2025-05-09 22:49:41.904] [info ] [nsf_urlinfo] [ 7084: 8196] [79B5BC: 39] Initialize UrlInfoMgr
AVGSvc.exe
[2025-05-09 22:49:41.904] [info ] [nsf_urlinfo] [ 7084: 8196] [5DC55C: 46] Starting UrlInfo
AVGSvc.exe
[2025-05-09 22:49:41.919] [info ] [nsf_urlinfo] [ 7084: 8196] [79B5BC: 72] UrlInfoMgr initialized
avgToolsSvc.exe
[2025-05-09 22:49:53.907] [error ] [morph_pi ] [ 6736: 7404] [6D1438: 248] Failed to re-generate policy Exception: No Product instance available Code: 0x00000490 (1168)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.atube.me/