URL:

https://www.atube.me/

Full analysis: https://app.any.run/tasks/4afd3c31-547b-453d-a1b9-7cdb105e4204
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 09, 2025, 22:45:34
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
netreactor
arch-exec
arch-scr
evasion
loader
Indicators:
MD5:

A9310F30A2929A60D1D7C90843C6520B

SHA1:

9CAE8124EF436F45F628492AE1FB6E4CE57826B1

SHA256:

12E7C213EEED2819434DA6A7E7584ABC29F9EC1D6466A9A4A906F13F3B9896C8

SSDEEP:

3:N8DSLdv:2OL5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Antivirus name has been found in the command line (generic signature)

      • AVGUI.exe (PID: 668)
      • AVGUI.exe (PID: 8760)
      • AVGUI.exe (PID: 4736)
      • AVGUI.exe (PID: 7932)
      • AVGUI.exe (PID: 3080)
      • AVGUI.exe (PID: 5164)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • avg_antivirus_free_setup.exe (PID: 5720)
      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 7968)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 7428)
      • icarus.exe (PID: 6964)
      • installer.exe (PID: 8028)
      • aTube_Catcher.tmp (PID: 8148)
      • installer.exe (PID: 4188)
      • engsup.exe (PID: 5952)
      • icarus.exe (PID: 7324)
      • AVGSvc.exe (PID: 7084)
      • aswOfferTool.exe (PID: 7848)

    • Adds/modifies Windows certificates

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 7968)

    • Reads security settings of Internet Explorer

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 7968)
      • saBSI.exe (PID: 2096)
      • installer.exe (PID: 4188)

    • The process verifies whether the antivirus software is installed

      • saBSI.exe (PID: 2096)
      • installer.exe (PID: 8028)
      • installer.exe (PID: 4188)
      • icarus.exe (PID: 7428)

    • Starts itself from another location

      • icarus.exe (PID: 6964)

    • The process creates files with name similar to system file names

      • icarus.exe (PID: 7428)
      • installer.exe (PID: 4188)

    • Process drops legitimate windows executable

      • icarus.exe (PID: 7428)
      • installer.exe (PID: 4188)
      • engsup.exe (PID: 5952)
      • aTube_Catcher.tmp (PID: 8148)

    • There is functionality for taking screenshot (YARA)

      • avg_antivirus_free_setup.exe (PID: 5720)

    • Creates/Modifies COM task schedule object

      • installer.exe (PID: 4188)

    • The process drops C-runtime libraries

      • icarus.exe (PID: 7428)
      • engsup.exe (PID: 5952)
      • aTube_Catcher.tmp (PID: 8148)

    • Drops a system driver (possible attempt to evade defenses)

      • icarus.exe (PID: 7428)
      • engsup.exe (PID: 5952)

    • Starts CMD.EXE for commands execution

      • updater.exe (PID: 540)

    • Executes as Windows Service

      • servicehost.exe (PID: 976)
      • aswidsagent.exe (PID: 8316)
      • afwServ.exe (PID: 2960)
      • wsc_proxy.exe (PID: 7372)
      • avgToolsSvc.exe (PID: 6736)
      • AVGSvc.exe (PID: 7084)

    • Process drops python dynamic module

      • aTube_Catcher.tmp (PID: 8148)

    • Connects to unusual port

      • AVGSvc.exe (PID: 7084)

    • Checks for external IP

      • AvEmUpdate.exe (PID: 6244)
      • avgToolsSvc.exe (PID: 6736)
      • AVGSvc.exe (PID: 7084)

    • Process requests binary or script from the Internet

      • AVGSvc.exe (PID: 7084)

    • Application launched itself

      • AVGUI.exe (PID: 668)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 6044)
      • firefox.exe (PID: 4108)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 6044)

    • Reads the computer name

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 7968)
      • avg_antivirus_free_setup.exe (PID: 5720)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • icarus.exe (PID: 6964)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 7428)
      • icarus.exe (PID: 7324)
      • installer.exe (PID: 4188)

    • Checks supported languages

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • avg_antivirus_free_setup.exe (PID: 5720)
      • saBSI.exe (PID: 7968)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • icarus.exe (PID: 6964)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 7428)
      • icarus.exe (PID: 7324)
      • installer.exe (PID: 8028)
      • installer.exe (PID: 4188)

    • Reads Environment values

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • icarus.exe (PID: 7428)

    • Reads the machine GUID from the registry

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • saBSI.exe (PID: 7968)
      • avg_antivirus_free_setup.exe (PID: 5720)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • icarus.exe (PID: 6964)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 7324)
      • icarus.exe (PID: 7428)
      • installer.exe (PID: 4188)

    • Disables trace logs

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)

    • Checks proxy server information

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 7968)
      • saBSI.exe (PID: 2096)

    • Creates files or folders in the user directory

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)

    • The sample compiled with english language support

      • avg_antivirus_free_setup.exe (PID: 5720)
      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 7968)
      • icarus.exe (PID: 7428)
      • icarus.exe (PID: 6964)
      • installer.exe (PID: 8028)
      • installer.exe (PID: 4188)
      • engsup.exe (PID: 5952)
      • icarus.exe (PID: 7324)
      • aTube_Catcher.tmp (PID: 8148)
      • AVGSvc.exe (PID: 7084)
      • aswOfferTool.exe (PID: 7848)

    • Reads the software policy settings

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • avg_antivirus_free_setup.exe (PID: 5720)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 7968)
      • saBSI.exe (PID: 2096)
      • slui.exe (PID: 1228)
      • installer.exe (PID: 4188)

    • Create files in a temporary directory

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 2096)
      • installer.exe (PID: 4188)

    • .NET Reactor protector has been detected

      • aTube_Catcher_v1.74.03.20.09.5.exe (PID: 2108)

    • Creates files in the program directory

      • saBSI.exe (PID: 7968)
      • avg_antivirus_free_online_setup.exe (PID: 6516)
      • saBSI.exe (PID: 2096)
      • icarus.exe (PID: 6964)
      • icarus.exe (PID: 7428)
      • installer.exe (PID: 8028)
      • installer.exe (PID: 4188)

    • Reads CPU info

      • icarus.exe (PID: 6964)
      • icarus.exe (PID: 7324)
      • icarus.exe (PID: 7428)

    • The sample compiled with czech language support

      • icarus.exe (PID: 7428)

    • Manual execution by a user

      • AVGUI.exe (PID: 668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
70
Malicious processes
12
Suspicious processes
2

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs sppextcomobj.exe no specs slui.exe firefox.exe no specs firefox.exe no specs atube_catcher_v1.74.03.20.09.5.exe no specs atube_catcher_v1.74.03.20.09.5.exe avg_antivirus_free_setup.exe no specs sabsi.exe avg_antivirus_free_online_setup.exe sabsi.exe icarus.exe icarus.exe icarus.exe slui.exe installer.exe installer.exe servicehost.exe uihost.exe no specs updater.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs atube_catcher.tmp no specs engsup.exe setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe regsvr.exe no specs regsvr.exe no specs setupinf.exe no specs wsc_proxy.exe no specs wsc_proxy.exe no specs afwserv.exe no specs avgsvc.exe avgtoolssvc.exe aswengsrv.exe no specs aswidsagent.exe no specs overseer.exe wpr.exe no specs conhost.exe no specs icarus.exe unsecapp.exe no specs avgui.exe icarus.exe engsup.exe no specs aswoffertool.exe icarus.exe aswoffertool.exe no specs avgui.exe no specs avgui.exe no specs avgui.exe avgui.exe no specs avgui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files\Common Files\AVG\Icarus\avg-av\aswOfferTool.exe" -checkChromeReactivation -bc=AWFCC:\Program Files\Common Files\AVG\Icarus\avg-av\aswOfferTool.exeAVGSvc.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Offer Installation Tool
Exit code:
0
Version:
25.4.9091.0
Modules
Images
c:\program files\common files\avg\icarus\avg-av\aswoffertool.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\program files\avg\antivirus\x86\aswhook.dll
c:\windows\syswow64\advapi32.dll
540"C:\Program Files\McAfee\WebAdvisor\updater.exe" C:\Program Files\McAfee\WebAdvisor\updater.exe
servicehost.exe
User:
SYSTEM
Company:
McAfee, LLC
Integrity Level:
SYSTEM
Description:
McAfee WebAdvisor(updater)
Exit code:
0
Version:
4,1,1,1025
Modules
Images
c:\program files\mcafee\webadvisor\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
668"C:\Program Files\AVG\Antivirus\AVGUI.exe" /silent_welcomeC:\Program Files\AVG\Antivirus\AVGUI.exe
explorer.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
AVG Antivirus
Version:
25.4.10068.0
Modules
Images
c:\program files\avg\antivirus\avgui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\avg\antivirus\aswhook.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
680"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -parentBuildID 20240213221259 -sandboxingKind 1 -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 38191 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {493929bb-8165-4ac5-a7fb-0afccd221051} 6044 "\\.\pipe\gecko-crash-server-pipe.6044" 2826927b310 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
976"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"C:\Program Files\McAfee\WebAdvisor\servicehost.exe
services.exe
User:
SYSTEM
Company:
McAfee, LLC
Integrity Level:
SYSTEM
Description:
McAfee WebAdvisor(service)
Version:
4,1,1,1025
Modules
Images
c:\program files\mcafee\webadvisor\servicehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1096"C:\Program Files\AVG\Antivirus\SetupInf.exe" /uninstall /catalog:avgRdr2.catC:\Program Files\AVG\Antivirus\SetupInf.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
25.4.10068.0
Modules
Images
c:\program files\avg\antivirus\setupinf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1228"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1228"C:\Program Files\AVG\Antivirus\RegSvr.exe" "C:\Program Files\AVG\Antivirus\aswAMSI.dll"C:\Program Files\AVG\Antivirus\RegSvr.exeicarus.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
AVG Antivirus Installer
Exit code:
0
Version:
25.4.10068.0
Modules
Images
c:\program files\avg\antivirus\regsvr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
1324"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5020 -parentBuildID 20240213221259 -prefsHandle 5152 -prefMapHandle 5188 -prefsLen 38191 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19cdeebe-14fb-4c41-960e-55811cf9f8f4} 6044 "\\.\pipe\gecko-crash-server-pipe.6044" 2825fc92e10 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
1388"C:\Program Files\McAfee\WebAdvisor\UIHost.exe" C:\Program Files\McAfee\WebAdvisor\uihost.exeservicehost.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
MEDIUM
Description:
McAfee WebAdvisor(user level process)
Version:
4,1,1,1025
Modules
Images
c:\program files\mcafee\webadvisor\uihost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
100 186
Read events
98 620
Write events
1 440
Delete events
126

Modification events

(PID) Process:(6044) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(6044) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(2108) aTube_Catcher_v1.74.03.20.09.5.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\aTube_Catcher_v1_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
Executable files
1 638
Suspicious files
2 374
Text files
1 826
Unknown types
1

Dropped files

PID
Process
Filename
Type
6044firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
6044firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:2C99A16AED3906D92FFE3EF1808E2753
SHA256:08412578CC3BB4922388F8FF8C23962F616B69A1588DA720ADE429129C73C452
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:2C99A16AED3906D92FFE3EF1808E2753
SHA256:08412578CC3BB4922388F8FF8C23962F616B69A1588DA720ADE429129C73C452
6044firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
68
TCP/UDP connections
289
DNS requests
335
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.48.23.141:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6044
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
6044
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
6044
firefox.exe
POST
200
184.24.77.82:80
http://r11.o.lencr.org/
unknown
whitelisted
6044
firefox.exe
POST
200
142.250.186.67:80
http://o.pki.goog/we2
unknown
whitelisted
6044
firefox.exe
POST
200
184.24.77.65:80
http://r10.o.lencr.org/
unknown
whitelisted
6044
firefox.exe
POST
200
184.24.77.82:80
http://r11.o.lencr.org/
unknown
whitelisted
6044
firefox.exe
POST
200
142.250.186.67:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
6044
firefox.exe
POST
200
142.250.186.67:80
http://o.pki.goog/we2
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.48.23.141:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6044
firefox.exe
15.235.64.10:443
www.atube.me
OVH SAS
CA
whitelisted
6044
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
whitelisted
6044
firefox.exe
142.250.185.170:443
safebrowsing.googleapis.com
whitelisted
6044
firefox.exe
184.24.77.67:80
r10.o.lencr.org
Akamai International B.V.
DE
whitelisted
6044
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.206
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 23.48.23.141
  • 23.48.23.162
  • 23.48.23.145
  • 23.48.23.159
  • 23.48.23.156
  • 23.48.23.138
  • 23.48.23.161
  • 23.48.23.143
  • 23.48.23.140
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
www.atube.me
  • 15.235.64.10
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 23.215.0.133
  • 96.7.128.186
  • 23.215.0.132
  • 96.7.128.192
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
6244
AvEmUpdate.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
6736
avgToolsSvc.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
7084
AVGSvc.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
7084
AVGSvc.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
7084
AVGSvc.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
7084
AVGSvc.exe
Misc activity
INFO [ANY.RUN] Possible short link service (bit .ly)
7084
AVGSvc.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Process
Message
AVGSvc.exe
[2025-05-09 22:49:40.388] [error ] [dnsdoh ] [ 7084: 8196] [7BDCB8: 73] failed to restore usage statistics Exception: corrupted file
AVGSvc.exe
[2025-05-09 22:49:41.904] [info ] [nsf_urlinfo] [ 7084: 8196] [5DC55C: 46] Starting UrlInfo
AVGSvc.exe
[2025-05-09 22:49:41.904] [info ] [nsf_urlinfo] [ 7084: 8196] [79B5BC: 39] Initialize UrlInfoMgr
AVGSvc.exe
[2025-05-09 22:49:41.919] [info ] [nsf_urlinfo] [ 7084: 8196] [79B5BC: 72] UrlInfoMgr initialized
avgToolsSvc.exe
[2025-05-09 22:49:53.907] [error ] [morph_pi ] [ 6736: 7404] [6D1438: 248] Failed to re-generate policy Exception: No Product instance available Code: 0x00000490 (1168)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.atube.me/