URL:

https://halamenta.online

Full analysis: https://app.any.run/tasks/fffa066f-c5c5-4ff7-a7ea-7a964fe7ce1e
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 10, 2024, 02:35:48
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
discordgrabber
generic
stealer
ai-domain
Indicators:
MD5:

758CEFFC0A3F3DA1D138F93C5035EEB3

SHA1:

FB28ADA7D7E7363E6617356E96787707CB6EB0EA

SHA256:

4B5C14B84A08B1643082E94239DBA1F35A7121D31A52C25FA7DDDB8E54EEDE18

SSDEEP:

3:N84Kiun:24KP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • DISCORDGRABBER has been detected (YARA)

      • Installer_1.0.0.exe (PID: 6368)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • Installer_1.0.0.exe (PID: 7028)

    • Executable content was dropped or overwritten

      • Installer_1.0.0.exe (PID: 7028)
      • Installer_1.0.0.exe (PID: 6368)

    • Drops the executable file immediately after the start

      • Installer_1.0.0.exe (PID: 7028)
      • Installer_1.0.0.exe (PID: 6368)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Installer_1.0.0.exe (PID: 7028)

    • Drops 7-zip archiver for unpacking

      • Installer_1.0.0.exe (PID: 7028)

    • Process drops legitimate windows executable

      • Installer_1.0.0.exe (PID: 7028)

    • Reads security settings of Internet Explorer

      • Installer_1.0.0.exe (PID: 7028)

    • Creates a software uninstall entry

      • Installer_1.0.0.exe (PID: 7028)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 3904)

    • Starts CMD.EXE for commands execution

      • Installer_1.0.0.exe (PID: 6368)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 7420)

    • Application launched itself

      • Installer_1.0.0.exe (PID: 6368)

  • INFO

    • The process uses the downloaded file

      • firefox.exe (PID: 6352)
      • WinRAR.exe (PID: 8100)

    • Application launched itself

      • firefox.exe (PID: 6308)
      • firefox.exe (PID: 6352)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 6352)

    • Manual execution by a user

      • Installer_1.0.0.exe (PID: 7028)
      • WinRAR.exe (PID: 8100)
      • Installer_1.0.0.exe (PID: 6368)

    • Checks supported languages

      • Installer_1.0.0.exe (PID: 7028)
      • Installer_1.0.0.exe (PID: 3292)
      • Installer_1.0.0.exe (PID: 1716)
      • Installer_1.0.0.exe (PID: 6368)
      • Installer_1.0.0.exe (PID: 6596)

    • Create files in a temporary directory

      • Installer_1.0.0.exe (PID: 7028)
      • Installer_1.0.0.exe (PID: 6368)

    • Reads the computer name

      • Installer_1.0.0.exe (PID: 7028)
      • Installer_1.0.0.exe (PID: 6368)
      • Installer_1.0.0.exe (PID: 1716)
      • Installer_1.0.0.exe (PID: 3292)
      • Installer_1.0.0.exe (PID: 6596)

    • Creates files or folders in the user directory

      • Installer_1.0.0.exe (PID: 7028)
      • Installer_1.0.0.exe (PID: 6596)
      • Installer_1.0.0.exe (PID: 6368)

    • Reads Environment values

      • Installer_1.0.0.exe (PID: 6368)

    • Reads product name

      • Installer_1.0.0.exe (PID: 6368)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 7420)

    • Checks proxy server information

      • Installer_1.0.0.exe (PID: 6368)

    • Reads the machine GUID from the registry

      • Installer_1.0.0.exe (PID: 6368)
      • Installer_1.0.0.exe (PID: 6596)

    • May use AI service

      • Installer_1.0.0.exe (PID: 6368)
      • Installer_1.0.0.exe (PID: 3292)
      • Installer_1.0.0.exe (PID: 1716)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 6352)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
160
Monitored processes
23
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs rundll32.exe no specs winrar.exe no specs installer_1.0.0.exe #DISCORDGRABBER installer_1.0.0.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs THREAT installer_1.0.0.exe no specs THREAT installer_1.0.0.exe no specs installer_1.0.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1184\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1716"C:\Users\admin\AppData\Local\Programs\Installer_1.0.0\Installer_1.0.0.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\Installer_1.0.0" --field-trial-handle=2128,i,6630363866453251982,3694012155752576986,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:3C:\Users\admin\AppData\Local\Programs\Installer_1.0.0\Installer_1.0.0.exe
Installer_1.0.0.exe
User:
admin
Company:
Unity-Game
Integrity Level:
MEDIUM
Description:
Installer_1.0.0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\local\programs\installer_1.0.0\installer_1.0.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2136"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6076 -childID 6 -isForBrowser -prefsHandle 5892 -prefMapHandle 5896 -prefsLen 34713 -prefMapSize 244343 -jsInitHandle 1260 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aab7842-dc84-4e2b-82c6-4e5d9d510922} 6352 "\\.\pipe\gecko-crash-server-pipe.6352" 2b802440bd0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2796"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6316 -parentBuildID 20240213221259 -prefsHandle 6196 -prefMapHandle 6200 -prefsLen 34713 -prefMapSize 244343 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee3db5d9-b2f1-42a0-a85d-ab4733e2ae14} 6352 "\\.\pipe\gecko-crash-server-pipe.6352" 2b803830710 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3140"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5660 -prefMapHandle 5652 -prefsLen 31161 -prefMapSize 244343 -jsInitHandle 1260 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {800b3c94-620f-40cb-9277-b87cc76b218c} 6352 "\\.\pipe\gecko-crash-server-pipe.6352" 2b8025b7bd0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3292"C:\Users\admin\AppData\Local\Programs\Installer_1.0.0\Installer_1.0.0.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Installer_1.0.0" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,6630363866453251982,3694012155752576986,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1904 /prefetch:2C:\Users\admin\AppData\Local\Programs\Installer_1.0.0\Installer_1.0.0.exe
Installer_1.0.0.exe
User:
admin
Company:
Unity-Game
Integrity Level:
LOW
Description:
Installer_1.0.0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\local\programs\installer_1.0.0\installer_1.0.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3904C:\WINDOWS\system32\cmd.exe /d /s /c "wmic csproduct get uuid"C:\Windows\System32\cmd.exeInstaller_1.0.0.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
4056"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 2748 -prefMapHandle 5668 -prefsLen 31161 -prefMapSize 244343 -jsInitHandle 1260 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f451578c-ffe9-4453-b0a2-abab507c707f} 6352 "\\.\pipe\gecko-crash-server-pipe.6352" 2b8036ebbd0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
6152"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6340 -parentBuildID 20240213221259 -sandboxingKind 1 -prefsHandle 6324 -prefMapHandle 6320 -prefsLen 34713 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65e07413-5654-457a-a0c0-351d86e5defd} 6352 "\\.\pipe\gecko-crash-server-pipe.6352" 2b802fabb10 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
6308"C:\Program Files\Mozilla Firefox\firefox.exe" "https://halamenta.online"C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
Total events
24 394
Read events
24 334
Write events
59
Delete events
1

Modification events

(PID) Process:(6308) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
9B0267C800000000
(PID) Process:(6352) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
D57868C800000000
(PID) Process:(6352) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Progress
Value:
0
(PID) Process:(6352) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Progress
Value:
1
(PID) Process:(6352) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Installer\308046B0AF4A39CB
Operation:delete valueName:installer.taskbarpin.win10.enabled
Value:
(PID) Process:(6352) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(6352) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(6352) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Theme
Value:
1
(PID) Process:(6352) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Enabled
Value:
1
(PID) Process:(6352) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
Executable files
24
Suspicious files
295
Text files
42
Unknown types
3

Dropped files

PID
Process
Filename
Type
6352firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6352firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6352firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
6352firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6352firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
6352firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6352firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.bindbf
MD5:4006DDC2918B16C7EF5516C58373842B
SHA256:269EA23B77EDE0874628BD8611BCC5A3E87E0C44CA8A821C0D028B929D4F468F
6352firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.dbsqlite
MD5:7103BC819DB98A95B1707F46B8CA9424
SHA256:1CCA857A652E7949EBBB7FD7D933FA8BC68310A56EB2EEBB32DF11246E23D8ED
6352firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage.sqlite-journalbinary
MD5:13B4728DD84EDB6E12AA009C97C4338D
SHA256:42E1D8A0565925E4E7847B08DE57ED9A9CA68830E989D9E299EAE2C0A39C0BB5
6352firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.tmpdbf
MD5:4006DDC2918B16C7EF5516C58373842B
SHA256:269EA23B77EDE0874628BD8611BCC5A3E87E0C44CA8A821C0D028B929D4F468F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
109
DNS requests
128
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6352
firefox.exe
POST
142.250.185.195:80
http://o.pki.goog/wr2
unknown
unknown
6352
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
6352
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
6352
firefox.exe
POST
142.250.185.195:80
http://o.pki.goog/wr2
unknown
unknown
6352
firefox.exe
POST
200
184.24.77.54:80
http://r10.o.lencr.org/
unknown
unknown
6352
firefox.exe
POST
200
184.24.77.54:80
http://r10.o.lencr.org/
unknown
unknown
6352
firefox.exe
POST
200
184.24.77.54:80
http://r10.o.lencr.org/
unknown
unknown
6352
firefox.exe
POST
200
184.24.77.48:80
http://r11.o.lencr.org/
unknown
unknown
6352
firefox.exe
POST
200
184.24.77.48:80
http://r11.o.lencr.org/
unknown
unknown
6352
firefox.exe
POST
200
184.24.77.54:80
http://r10.o.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2120
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2464
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5116
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6352
firefox.exe
188.114.96.3:443
halamenta.online
CLOUDFLARENET
NL
unknown
6352
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
6352
firefox.exe
34.117.188.166:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
6352
firefox.exe
142.250.184.202:443
safebrowsing.googleapis.com
whitelisted
6352
firefox.exe
172.217.16.202:443
maps.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.206
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
halamenta.online
  • 188.114.96.3
  • 188.114.97.3
  • 2a06:98c1:3121::3
  • 2a06:98c1:3120::3
unknown
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 93.184.215.14
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
spocs.getpocket.com
  • 34.117.188.166
whitelisted
prod.ads.prod.webservices.mozgcp.net
  • 34.117.188.166
unknown
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted

Threats

PID
Process
Class
Message
6352
firefox.exe
Misc activity
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
6352
firefox.exe
Misc activity
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
6352
firefox.exe
Misc activity
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
6352
firefox.exe
Misc activity
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://halamenta.online