Malware analysis eikjz.khabar24nepal.com/4HrGxn4301CpGK460cgcojlsamf321UVYJSMFYSJXECUP30669FCVJ15866q13 Malicious activity

Add for printing

URL:	eikjz.khabar24nepal.com/4HrGxn4301CpGK460cgcojlsamf321UVYJSMFYSJXECUP30669FCVJ15866q13
Full analysis:	https://app.any.run/tasks/bd3f444a-2114-475e-9dc9-78502f0982bb
Verdict:	Malicious activity
Analysis date:	February 12, 2025, 14:25:20
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	evil-redirect phishing foxwhoops
Indicators:
MD5:	98CBB17403092292203328EAFC06BEB4
SHA1:	9376C8F71BABFC4E75177C7D6F9D283C62CEE9B1
SHA256:	37983C2FD65D2668ABEA1B2A51B52E19952FF3DB5CC67619C5D6E09668E23A9D
SSDEEP:	3:pOPyA+BLx8KIwid0dTmVk8h50aDg:bj8TuQS8h50aE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
- Executable content was dropped or overwritten
  - firefox.exe (PID: 1356)
- Application launched itself
  - firefox.exe (PID: 848)
  - firefox.exe (PID: 1356)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

135

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

848

"C:\Program Files\Mozilla Firefox\firefox.exe" "eikjz.khabar24nepal.com/4HrGxn4301CpGK460cgcojlsamf321UVYJSMFYSJXECUP30669FCVJ15866q13"

C:\Program Files\Mozilla Firefox\firefox.exe

—

explorer.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Exit code:

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\msvcp140.dll

1356

"C:\Program Files\Mozilla Firefox\firefox.exe" eikjz.khabar24nepal.com/4HrGxn4301CpGK460cgcojlsamf321UVYJSMFYSJXECUP30669FCVJ15866q13

C:\Program Files\Mozilla Firefox\firefox.exe

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll

5880

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 8 -isForBrowser -prefsHandle 2600 -prefMapHandle 2820 -prefsLen 31324 -prefMapSize 244583 -jsInitHandle 948 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf2ae42a-e3d1-44d0-92a6-3605ace7c697} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 1c92d24d690 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll

6256

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1808 -parentBuildID 20240213221259 -prefsHandle 1756 -prefMapHandle 1744 -prefsLen 31031 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c8cdee3-dbf6-4a68-9be4-28da4f129515} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 1c9235c8b10 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\crypt32.dll

6316

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2080 -parentBuildID 20240213221259 -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 31031 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab284960-b917-4cce-b05a-28171102d8ba} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 1c917583110 socket

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

6576

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2692 -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2660 -prefsLen 26911 -prefMapSize 244583 -jsInitHandle 948 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a95f23c-ec36-40f7-8c5d-fee041feea17} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 1c928bc4f50 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

6884

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4124 -childID 2 -isForBrowser -prefsHandle 4140 -prefMapHandle 4136 -prefsLen 36588 -prefMapSize 244583 -jsInitHandle 948 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a77b96a1-7ab6-4069-a98c-b9cdf9f3552a} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 1c9298f4690 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

7072

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 4668 -prefMapHandle 2168 -prefsLen 36588 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49e9c690-ae31-4c70-9b83-2396927988e8} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 1c92d8ac910 utility

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

7164

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4568 -childID 3 -isForBrowser -prefsHandle 4716 -prefMapHandle 4704 -prefsLen 36588 -prefMapSize 244583 -jsInitHandle 948 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c66910c-b6e1-4e91-8cb7-6752784b5fee} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 1c92dbf94d0 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

7184

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5124 -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4704 -prefsLen 31243 -prefMapSize 244583 -jsInitHandle 948 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fec0fd73-23a1-4247-84fc-02c3b692b1d3} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 1c92d24da10 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Add for printing

Total events

4 844

Read events

4 843

Write events

Delete events

Modification events


(PID) Process:	(1356) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe
Value: 0

Add for printing

Executable files

Suspicious files

146

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1356	firefox.exe	C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin		—
		MD5:—	SHA256:—
1356	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json		binary
		MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A	SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
1356	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.tmp		binary
		MD5:3B156E12141F8CBCE9D60CDCE2077617	SHA256:E6287E44B44ABEA20E1B2E3F415D22B9E5E5FBBC155AD9DADBABA63951B2AF6F
1356	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite		—
		MD5:—	SHA256:—
1356	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1356	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1356	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.bin		binary
		MD5:3B156E12141F8CBCE9D60CDCE2077617	SHA256:E6287E44B44ABEA20E1B2E3F415D22B9E5E5FBBC155AD9DADBABA63951B2AF6F
1356	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1356	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.js		text
		MD5:2C99A16AED3906D92FFE3EF1808E2753	SHA256:08412578CC3BB4922388F8FF8C23962F616B69A1588DA720ADE429129C73C452
1356	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

113

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	POST	200	184.24.77.57:80	http://r10.o.lencr.org/	unknown	—	—	whitelisted
—	—	POST	200	184.24.77.57:80	http://r10.o.lencr.org/	unknown	—	—	whitelisted
—	—	GET	200	34.107.221.82:80	http://detectportal.firefox.com/canonical.html	unknown	—	—	whitelisted
—	—	GET	—	185.246.85.141:80	http://eikjz.khabar24nepal.com/4HrGxn4301CpGK460cgcojlsamf321UVYJSMFYSJXECUP30669FCVJ15866q13	unknown	—	—	unknown
—	—	GET	404	185.246.85.141:80	http://eikjz.khabar24nepal.com/favicon.ico	unknown	—	—	unknown
—	—	POST	200	142.250.184.227:80	http://o.pki.goog/we2	unknown	—	—	whitelisted
—	—	GET	200	34.107.221.82:80	http://detectportal.firefox.com/success.txt?ipv4	unknown	—	—	whitelisted
—	—	POST	200	184.24.77.57:80	http://r10.o.lencr.org/	unknown	—	—	whitelisted
—	—	POST	—	142.250.184.227:80	http://o.pki.goog/s/wr3/jLM	unknown	—	—	whitelisted
—	—	POST	200	142.250.184.227:80	http://o.pki.goog/s/wr3/3cs	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	40.127.240.158:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
—	—	185.246.85.141:80	eikjz.khabar24nepal.com	Ikoula Net SAS	FR	unknown
—	—	34.107.221.82:80	detectportal.firefox.com	GOOGLE	US	whitelisted
—	—	184.24.77.57:80	r10.o.lencr.org	Akamai International B.V.	DE	whitelisted
—	—	34.117.188.166:443	contile.services.mozilla.com	—	—	whitelisted
—	—	142.250.185.202:443	safebrowsing.googleapis.com	—	—	whitelisted
—	—	34.117.121.53:443	firefox-settings-attachments.cdn.mozilla.net	GOOGLE-CLOUD-PLATFORM	US	whitelisted
—	—	34.107.243.93:443	push.services.mozilla.com	GOOGLE	US	whitelisted
—	—	34.160.144.191:443	content-signature-2.cdn.mozilla.net	GOOGLE	US	whitelisted

DNS requests

Domain	IP	Reputation
eikjz.khabar24nepal.com	185.246.85.141	unknown
detectportal.firefox.com	34.107.221.82	whitelisted
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82 2600:1901:0:38d7::	whitelisted
example.org	23.215.0.133 96.7.128.192 96.7.128.186 23.215.0.132	whitelisted
ipv4only.arpa	192.0.0.171 192.0.0.170	whitelisted
contile.services.mozilla.com	34.117.188.166	whitelisted
spocs.getpocket.com	34.117.188.166	whitelisted
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	whitelisted
content-signature-2.cdn.mozilla.net	34.160.144.191	whitelisted
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191 2600:1901:0:92a9::	whitelisted

Threats

PID	Process	Class	Message
—	—	Possible Social Engineering Attempted	REDIRECT [ANY.RUN] Fake Market FoxWhoops Evil Redirect
—	—	Possible Social Engineering Attempted	REDIRECT [ANY.RUN] Fake Market FoxWhoops Evil Redirect
—	—	Possible Social Engineering Attempted	REDIRECT [ANY.RUN] Fake Market FoxWhoops Evil Redirect

Add for printing

No debug info

General Info

eikjz.khabar24nepal.com/4HrGxn4301CpGK460cgcojlsamf321UVYJSMFYSJXECUP30669FCVJ15866q13

98CBB17403092292203328EAFC06BEB4

9376C8F71BABFC4E75177C7D6F9D283C62CEE9B1

37983C2FD65D2668ABEA1B2A51B52E19952FF3DB5CC67619C5D6E09668E23A9D

3:pOPyA+BLx8KIwid0dTmVk8h50aDg:bj8TuQS8h50aE

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Executable content was dropped or overwritten

Application launched itself

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings