Malware analysis https://www.wps.com/blog/es-microsoft-office-crack-download-free/ Malicious activity

Add for printing

URL:	https://www.wps.com/blog/es-microsoft-office-crack-download-free/
Full analysis:	https://app.any.run/tasks/0f305ad5-9042-48c2-a0e7-a105448cd4e8
Verdict:	Malicious activity
Analysis date:	December 06, 2023, 17:55:15
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Tags:	qrcode maldoc-17
Indicators:
MD5:	D26E6B5326256827ED5297B4DE996426
SHA1:	0E2DAD04BB9E25EC909DA5C6F9891B18EF349C29
SHA256:	82EED146C4B3C6A1C8A5BFD91C0F87450E9A6C38A00C63AD17B64E428B68D884
SSDEEP:	3:N8DSLh2crbhRuuH0XvOskDQv:2OL/bhRuuH0XWuv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.18860 KB4052978
Adobe Acrobat Reader DC MUI (15.007.20033)
Adobe Flash Player 27 ActiveX (27.0.0.187)
Adobe Flash Player 27 NPAPI (27.0.0.187)
Adobe Flash Player 27 PPAPI (27.0.0.187)
CCleaner (5.35)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.33.23)
Java 8 Update 92 (64-bit) (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.177.11)
Microsoft Office Access MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Office 32-bit Components 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.4763.1000)
Microsoft Office Proof (French) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared 32-bit MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Single Image 2010 (14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2005 Redistributable (x64) (8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (11.0.61030.0)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (64-bit x64) (7.5.1)
PowerShell 7-x64 (7.2.11.0)
Skype version 8.100 (8.100)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (2.2.6)
WinRAR 5.60 (64-bit) (5.60.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3748)
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
- Drops known malicious document
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
SUSPICIOUS
- Reads the Internet Settings
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3748)
- Checks Windows Trust Settings
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3748)
- Reads settings of System Certificates
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3748)
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3816)
- Reads security settings of Internet Explorer
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3748)
- Process drops legitimate windows executable
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
- The process drops C-runtime libraries
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
- Write to the desktop.ini file (may be used to cloak folders)
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
INFO
- Checks supported languages
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3748)
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3816)
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
- Reads the computer name
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3748)
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3816)
- The process uses the downloaded file
  - firefox.exe (PID: 2832)
- Application launched itself
  - firefox.exe (PID: 2832)
- Checks proxy server information
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3748)
- Reads the machine GUID from the registry
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3748)
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3816)
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
- Drops the executable file immediately after the start
  - firefox.exe (PID: 2832)
- Create files in a temporary directory
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3816)
- Creates files or folders in the user directory
  - 09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe (PID: 1692)
- Process checks computer location settings
  - wps_wid.cid-1960927767.1701885326.exe (PID: 3816)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

244

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.2.930707789\1316654887" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 25524 -prefMapSize 244187 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bde97f23-7c36-4564-a8bd-cca62ffd5082} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 2084 1924c158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

588

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.1.294960846\2028839073" -parentBuildID 20230710165010 -prefsHandle 1416 -prefMapHandle 1412 -prefsLen 29857 -prefMapSize 244187 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e8ed7b0-4e9e-4157-8de8-7b7c45e7228e} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 1428 42d3258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

1628

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.3.2032955046\1459568438" -childID 2 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 35454 -prefMapSize 244187 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a47bae4-782d-4102-8b18-c8311cf24bf0} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 3024 1e4f0258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

1692

"C:\Users\admin\Downloads\cached\wps_download\09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe" -installCallByOnlineSetup -defaultOpen -defaultOpenPdf -createIcons -curlangofinstalledproduct=en_US -notElevateAndDirectlyInstall -D="C:\Users\admin\AppData\Local\Kingsoft\WPS Office" -notautostartwps

C:\Users\admin\Downloads\cached\wps_download\09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe

wps_wid.cid-1960927767.1701885326.exe

User:

admin

Company:

Zhuhai Kingsoft Office Software Co.,Ltd

Integrity Level:

MEDIUM

Description:

WPS Install Application

Exit code:

Version:

12,2,0,13266

Modules

Images
c:\users\admin\downloads\cached\wps_download\09db699b58b0ad591392bc08cea3cab3-13_setup_xa_mui_free.exe.600.1021.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll

1936

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.0.1137560229\1195781131" -parentBuildID 20230710165010 -prefsHandle 1116 -prefMapHandle 1108 -prefsLen 29780 -prefMapSize 244187 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edb72660-5cc2-4c1a-abbe-cfc1291bb327} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 1200 42d1458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

2028

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.6.1916904656\2081292453" -childID 5 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 35557 -prefMapSize 244187 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f79b4761-7b04-4206-9d80-224585d54ea5} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 3880 23688b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

2228

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.4.253876148\1559589325" -childID 3 -isForBrowser -prefsHandle 3792 -prefMapHandle 3804 -prefsLen 30253 -prefMapSize 244187 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6db775c-944f-46ff-9b5c-317cb5350151} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 3808 230df558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

2708

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.5.1016780133\115518964" -childID 4 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 30253 -prefMapSize 244187 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec782f6c-75e1-4538-aa91-10c7750017b0} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 4084 230dec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

2832

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.wps.com/blog/es-microsoft-office-crack-download-free/"

C:\Program Files\Mozilla Firefox\firefox.exe

explorer.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

3208

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.7.1414432537\1141057202" -childID 6 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 30357 -prefMapSize 244187 -jsInitHandle 876 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8217d83d-57e2-4c5e-8a8e-9d57fdbbcf2c} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 4012 230dc858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

115.0.2

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll

Add for printing

Total events

13 157

Read events

13 054

Write events

103

Delete events

Modification events


(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Browser
Value: 0000000000000000
(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Telemetry
Value: 1
(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe
Value: 0
(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Theme
Value: 1
(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Enabled
Value: 1
(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\|DisableTelemetry
Value: 0
(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\|DisableDefaultBrowserAgent
Value: 0
(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\|SetDefaultBrowserUserChoice
Value: 1
(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\|AppLastRunTime
Value: F8B731ACA1C5D901
(PID) Process:	(2832) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0

Add for printing

Executable files

105

Suspicious files

762

Text files

2 097

Unknown types

Dropped files

PID	Process	Filename		Type
2832	firefox.exe	C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\nltxvmn2.default\cache2\doomed\21349		compressed
		MD5:58BF90C279D403DC2DFB9B9DF37D9B81	SHA256:4A922FE9DF274368DBD30EC32F033BC5404E868AE1F512F6CFB291D7A4D781C5
2832	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\sessionCheckpoints.json.tmp		binary
		MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A	SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
2832	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
2832	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\datareporting\glean\pending_pings\8874cf50-3b4f-483e-840e-255bb2e98352		text
		MD5:62ECEA500D053B33C97FDD1D5C67AD4B	SHA256:98EE959A42123FE04467C6CD9F33EAA6921BA973FFC95D42D7CE796047451E0D
2832	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal		binary
		MD5:5A4915726F478E3CDA51138C6A93CC23	SHA256:58E854E4F553A12A3EB3ABEAE51BB881B9813DDD7A31DA7DDFED937D8B4B0E2C
2832	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\prefs.js		text
		MD5:F42921723A3596D2FA57BE1279C18862	SHA256:5D6A78D6523693521C6D337C72269B0320B0C5A82D699D74FF2490813574C652
2832	firefox.exe	C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\nltxvmn2.default\startupCache\urlCache-current.bin		binary
		MD5:4DF9B77C7650AF87B264E535779AE2A4	SHA256:C57071FCFEF26EE4F08A2029E547848EC015B10045ABAD705195A9F966FEAE58
2832	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\cookies.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
2832	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\sessionCheckpoints.json		binary
		MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A	SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
2832	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nltxvmn2.default\datareporting\glean\tmp\584051ae-b8c3-42bd-be1b-3cc457110dee		text
		MD5:5758A48D44BB510AE4DF92E7EFFE716F	SHA256:90A13DBA0939015DADAEEA546908F8CF4C27842159BED44FA2CCA10356B6F680

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

141

DNS requests

206

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2832	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/canonical.html	unknown	text	90 b	unknown
2832	firefox.exe	POST	200	184.24.77.61:80	http://r3.o.lencr.org/	unknown	binary	503 b	unknown
2832	firefox.exe	POST	200	184.24.77.61:80	http://r3.o.lencr.org/	unknown	binary	503 b	unknown
2832	firefox.exe	POST	200	184.24.77.61:80	http://r3.o.lencr.org/	unknown	binary	503 b	unknown
2832	firefox.exe	POST	200	18.245.65.219:80	http://ocsp.r2m02.amazontrust.com/	unknown	binary	471 b	unknown
2832	firefox.exe	POST	200	216.58.212.131:80	http://ocsp.pki.goog/gts1c3	unknown	binary	471 b	unknown
2832	firefox.exe	POST	200	192.229.221.95:80	http://ocsp.digicert.com/	unknown	binary	471 b	unknown
2832	firefox.exe	POST	200	216.58.212.131:80	http://ocsp.pki.goog/gts1c3	unknown	binary	472 b	unknown
2832	firefox.exe	POST	200	216.58.212.131:80	http://ocsp.pki.goog/gts1c3	unknown	binary	472 b	unknown
2832	firefox.exe	POST	200	184.24.77.61:80	http://r3.o.lencr.org/	unknown	binary	503 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
2832	firefox.exe	217.198.191.102:443	www.wps.com	ZEN-ECN	SG	unknown
1956	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
2832	firefox.exe	34.107.221.82:80	detectportal.firefox.com	GOOGLE	US	whitelisted
2832	firefox.exe	34.117.237.239:443	contile.services.mozilla.com	GOOGLE-CLOUD-PLATFORM	US	unknown
2832	firefox.exe	44.216.137.107:443	spocs.getpocket.com	AMAZON-AES	US	unknown
2832	firefox.exe	184.24.77.61:80	r3.o.lencr.org	Akamai International B.V.	DE	unknown
2832	firefox.exe	34.160.144.191:443	content-signature-2.cdn.mozilla.net	GOOGLE	US	unknown

DNS requests

Domain	IP	Reputation
detectportal.firefox.com	34.107.221.82	whitelisted
www.wps.com	217.198.191.102 217.198.191.115 217.198.191.116 217.198.191.121 217.198.191.94	unknown
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82 2600:1901:0:38d7::	whitelisted
sz-special-overseas.volcgtm.com	217.198.191.102 217.198.191.115 217.198.191.116 217.198.191.121 217.198.191.94	unknown
example.org	93.184.216.34	whitelisted
ipv4only.arpa	192.0.0.171 192.0.0.170	whitelisted
contile.services.mozilla.com	34.117.237.239	whitelisted
spocs.getpocket.com	44.216.137.107 34.204.4.120 34.233.191.125 54.81.250.249	shared
ocsp.dcocsp.cn	163.181.56.211 163.181.56.212 163.181.56.213 163.181.56.214 163.181.56.215 163.181.56.216 163.181.56.209 163.181.56.210	whitelisted
proxyserverecs-1736642167.us-east-1.elb.amazonaws.com	44.216.137.107 34.204.4.120 34.233.191.125 54.81.250.249	shared

Threats

No threats detected

Add for printing

Process	Message
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	[kscreen] isElide:0 switchRec:0 switchRecElide:1
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	QLayout: Attempting to add QLayout "" to QWidget "", which already has a layout
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	QLayout: Attempting to add QLayout "" to QWidget "m_BrandAreaWidget", which already has a layout
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	QLayout: Attempting to add QLayout "" to QWidget "m_customizeSettingsWidget", which already has a layout
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	QLayout: Attempting to add QLayout "" to QWidget "m_customizeSettingsWidget", which already has a layout
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	QLayout: Attempting to add QLayout "" to QWidget "m_customizeSettingsWidget", which already has a layout
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	QLayout: Attempting to add QLayout "" to QWidget "m_customizeSettingsWidget", which already has a layout
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	QLayout: Attempting to add QLayout "" to QWidget "m_customizeSettingsWidget", which already has a layout
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	QLayout: Attempting to add QLayout "" to QWidget "m_customizeSettingsWidget", which already has a layout
09db699b58b0ad591392bc08cea3cab3-13_setup_XA_mui_Free.exe.600.1021.exe	QLayout: Attempting to add QLayout "" to QWidget "m_customizeSettingsWidget", which already has a layout

General Info

https://www.wps.com/blog/es-microsoft-office-crack-download-free/

D26E6B5326256827ED5297B4DE996426

0E2DAD04BB9E25EC909DA5C6F9891B18EF349C29

82EED146C4B3C6A1C8A5BFD91C0F87450E9A6C38A00C63AD17B64E428B68D884

3:N8DSLh2crbhRuuH0XvOskDQv:2OL/bhRuuH0XWuv

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Drops known malicious document

SUSPICIOUS

Reads the Internet Settings

Checks Windows Trust Settings

Reads settings of System Certificates

Reads security settings of Internet Explorer

Process drops legitimate windows executable

The process drops C-runtime libraries

Write to the desktop.ini file (may be used to cloak folders)

INFO

Checks supported languages

Reads the computer name

The process uses the downloaded file

Application launched itself

Checks proxy server information

Reads the machine GUID from the registry

Drops the executable file immediately after the start

Create files in a temporary directory

Creates files or folders in the user directory

Process checks computer location settings

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings