File name:

dealply.exe

Full analysis: https://app.any.run/tasks/8c3fc37e-0d05-4bb9-8902-276a5f889d4f
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 26, 2024, 22:15:17
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
stealer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

32B762E59CFFCB88EEEA37E968AC69A8

SHA1:

1D2ECE6327BC4FADF268B14D34546AB27DCF969F

SHA256:

2011A00579024566753901C28B51B7682A9E35ED3548601407674AD3AC34565D

SSDEEP:

12288:OsKax0fWbYXXlCCC5tmfeVp2CQDnJPBV+MuxlS:Os3quYn/C5tmfeVp2CgnJr+MurS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • ns4C67.tmp (PID: 3244)

    • Actions looks like stealing of personal data

      • dealply.exe (PID: 2604)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • dealply.exe (PID: 2604)

    • Modifies existing scheduled task

      • schtasks.exe (PID: 3720)

    • Starts application with an unusual extension

      • dealply.exe (PID: 2604)

    • The process creates files with name similar to system file names

      • dealply.exe (PID: 2604)

    • Reads the Internet Settings

      • dealply.exe (PID: 2604)

    • Executable content was dropped or overwritten

      • dealply.exe (PID: 2604)

    • Drops the executable file immediately after the start

      • dealply.exe (PID: 2604)

    • Creates a software uninstall entry

      • dealply.exe (PID: 2604)

    • Creates/Modifies COM task schedule object

      • dealply.exe (PID: 2604)

  • INFO

    • Checks supported languages

      • dealply.exe (PID: 2604)
      • ns4E2D.tmp (PID: 3296)
      • wmpnscfg.exe (PID: 2980)
      • ns4C67.tmp (PID: 3244)

    • Create files in a temporary directory

      • dealply.exe (PID: 2604)

    • Reads the computer name

      • dealply.exe (PID: 2604)
      • wmpnscfg.exe (PID: 2980)

    • Checks proxy server information

      • dealply.exe (PID: 2604)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2980)
      • firefox.exe (PID: 648)

    • Application launched itself

      • iexplore.exe (PID: 2400)
      • firefox.exe (PID: 3228)
      • firefox.exe (PID: 648)

    • Creates files in the program directory

      • dealply.exe (PID: 2604)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:41+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x30cb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 3.0.0.0
ProductVersionNumber: 3.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: DealPly
FileDescription: http://www.dealply.com/
FileVersion: 3.0.0.0
LegalCopyright: Copyright (C) 2011 DealPly Technologies Ltd.
LegalTrademarks: [p:dealply,c:dpwbst,zg:no] - DealPly is a trademark or registered trademark of DealPly Technologies Ltd in the U.S. and/or other countries.
ProductName: DealPly
ProductVersion: 3.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
21
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dealply.exe firefox.exe no specs firefox.exe no specs firefox.exe ns4c67.tmp no specs schtasks.exe no specs ns4e2d.tmp no specs schtasks.exe no specs iexplore.exe iexplore.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs wmpnscfg.exe no specs dealply.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
648"C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Program Files\DealPly\DealPly.xpi" --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
832"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.7.1969181432\1285375008" -childID 6 -isForBrowser -prefsHandle 3900 -prefMapHandle 3904 -prefsLen 32679 -prefMapSize 244195 -jsInitHandle 896 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b95ab97-134d-4bb8-941f-861aff7bea4e} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 3872 186bd840 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1476"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.2.967908352\1005595125" -childID 1 -isForBrowser -prefsHandle 1632 -prefMapHandle 1628 -prefsLen 29565 -prefMapSize 244195 -jsInitHandle 896 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e6aad4e-0b64-46bf-8912-c0049934f170} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 2120 115fe560 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1840"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.6.870230524\995153462" -childID 5 -isForBrowser -prefsHandle 3940 -prefMapHandle 3808 -prefsLen 29163 -prefMapSize 244195 -jsInitHandle 896 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3481470-0a2c-4114-9f1d-0bf317eb2917} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 3748 186bd560 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2076"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.1.718478751\400793670" -parentBuildID 20230710165010 -prefsHandle 1416 -prefMapHandle 1412 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fffbb45-3c09-4e44-b9f7-6fced538ad75} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 1428 ee1c260 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2280"C:\Users\admin\Desktop\dealply.exe" C:\Users\admin\Desktop\dealply.exeexplorer.exe
User:
admin
Company:
DealPly
Integrity Level:
MEDIUM
Description:
http://www.dealply.com/
Exit code:
3221226540
Version:
3.0.0.0
Modules
Images
c:\users\admin\desktop\dealply.exe
c:\windows\system32\ntdll.dll
2400"C:\Program Files\Internet Explorer\iexplore.exe" http://www.dealply.com/go/postinstall/?partner=dealply&channel=dpwbst&installVersionMachine=3000&existingVer=C:\Program Files\Internet Explorer\iexplore.exe
dealply.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2604"C:\Users\admin\Desktop\dealply.exe" C:\Users\admin\Desktop\dealply.exe
explorer.exe
User:
admin
Company:
DealPly
Integrity Level:
HIGH
Description:
http://www.dealply.com/
Exit code:
0
Version:
3.0.0.0
Modules
Images
c:\users\admin\desktop\dealply.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2664"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.5.19072095\2127997797" -childID 4 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 29163 -prefMapSize 244195 -jsInitHandle 896 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {daad8eda-41b7-48b4-b2c8-18bd3bc62500} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 3836 186bd6d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2980"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
29 563
Read events
29 237
Write events
220
Delete events
106

Modification events

(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:path
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:version
Value:
3.0.7.2
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:path
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:version
Value:
3.0.7.2
(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:path
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:version
Value:
3.0.7.2
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:path
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:version
Value:
3.0.7.2
(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\DealPly
Operation:writeName:ChromeCrxPath
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\DealPly
Operation:writeName:ChromeCrxPath
Value:
C:\Program Files\DealPly\DealPly.crx
Executable files
15
Suspicious files
88
Text files
60
Unknown types
4

Dropped files

PID
Process
Filename
Type
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\ioSpecial.iniini
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\NSISdl.dllexecutable
MD5:A5F8399A743AB7F9C88C645C35B1EBB5
SHA256:DACC88A12D3BA438FDAE3535DC7A5A1D389BCE13ADC993706424874A782E51C9
2604dealply.exeC:\Program Files\DealPly\icon.icoimage
MD5:D6AA5D65F6D4CF289E76C8F36FD2E974
SHA256:E174C37A6546F3561FEA64030A69D3BE67FBDDAF55A1A5F84BE2D1A8E1106D2D
2604dealply.exeC:\Program Files\DealPly\DealPlyIE.dllexecutable
MD5:53905CD4461961F341C0B41D4D0EC02B
SHA256:C28C50700C5560D834B058E0CA816E1CCD003E77FB58777F55CD4B9D015F9013
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
3228firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\InstallOptions.dllexecutable
MD5:325B008AEC81E5AAA57096F05D4212B5
SHA256:C9CD5C9609E70005926AE5171726A4142FFBCCCC771D307EFCD195DAFC1E6B4B
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\nsRandom.dllexecutable
MD5:AB467B8DFAA660A0F0E5B26E28AF5735
SHA256:DB267D9920395B4BADC48DE04DF99DFD21D579480D103CAE0F48E6578197FF73
2604dealply.exeC:\Program Files\DealPly\DealPly.crxcrx
MD5:DFB83332B4B9A5D76FC2AE86B3951E2B
SHA256:65CF1B10835BE80D4FD55A2C7E8D4759B171BE3BD78E2256F57E27B4D1D0BC8D
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\LangDLL.dllexecutable
MD5:9384F4007C492D4FA040924F31C00166
SHA256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
54
DNS requests
81
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3060
iexplore.exe
GET
404
192.185.41.185:80
http://www.dealply.com/go/postinstall/?partner=dealply&channel=dpwbst&installVersionMachine=3000&existingVer=
unknown
malicious
3228
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
3228
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
3228
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
unknown
3228
firefox.exe
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
3228
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
unknown
3228
firefox.exe
POST
200
184.24.77.79:80
http://r10.o.lencr.org/
unknown
unknown
3228
firefox.exe
POST
200
142.250.184.227:80
http://o.pki.goog/wr2
unknown
unknown
3228
firefox.exe
POST
200
184.24.77.79:80
http://r10.o.lencr.org/
unknown
unknown
2400
iexplore.exe
GET
304
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2d087288017acd30
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
whitelisted
1372
svchost.exe
20.44.239.154:443
MICROSOFT-CORP-MSN-AS-BLOCK
SG
unknown
1060
svchost.exe
224.0.0.252:5355
whitelisted
3060
iexplore.exe
192.185.41.185:80
www.dealply.com
UNIFIEDLAYER-AS-1
US
unknown
3228
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3228
firefox.exe
34.117.188.166:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
3228
firefox.exe
142.250.186.138:443
safebrowsing.googleapis.com
GOOGLE
US
whitelisted
3228
firefox.exe
184.24.77.54:80
r11.o.lencr.org
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.74.206
whitelisted
trail.dealply.com
unknown
www.dealply.com
  • 192.185.41.185
unknown
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 93.184.215.14
whitelisted
ipv4only.arpa
  • 192.0.0.171
  • 192.0.0.170
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
spocs.getpocket.com
  • 34.117.188.166
whitelisted
prod.ads.prod.webservices.mozgcp.net
  • 34.117.188.166
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dealply.exe