URL:

https://download.oracle.com/java/17/archive/jdk-17.0.11_windows-x64_bin.exe

Full analysis: https://app.any.run/tasks/859420a9-3ef8-49a3-9182-4f1ca8dac8c3
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 24, 2024, 00:27:01
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
discord
Indicators:
MD5:

00FC8C2009B5C25A4CB71745C161A2B1

SHA1:

40EB622A44FA84222BEB9B4CB4A25C66026A216C

SHA256:

89B15CB686C3986E2EBCFE6484B7D0B55966A1525DDA0859B3654B6E2455DFCB

SSDEEP:

3:N8SEl8JAZ/S7XGNMTRUYLo/1KtdA:2SK8JAiGNS+/AtdA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • java.exe (PID: 7684)
      • java.exe (PID: 7660)

  • SUSPICIOUS

    • Checks for Java to be installed

      • jdk-17.0.11_windows-x64_bin.exe (PID: 2572)
      • msiexec.exe (PID: 6112)
      • msiexec.exe (PID: 7404)
      • msiexec.exe (PID: 448)
      • msiexec.exe (PID: 7812)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6548)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 448)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 448)

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 448)
      • msiexec.exe (PID: 7812)
      • java.exe (PID: 7684)
      • java.exe (PID: 7660)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 7812)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 7812)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 7812)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 7812)

    • Executable content was dropped or overwritten

      • java.exe (PID: 7684)
      • java.exe (PID: 7660)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 6648)
      • firefox.exe (PID: 6600)
      • msiexec.exe (PID: 448)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 6648)
      • msiexec.exe (PID: 7008)
      • msiexec.exe (PID: 448)
      • msiexec.exe (PID: 7812)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 6648)
      • msiexec.exe (PID: 7812)

    • Create files in a temporary directory

      • jdk-17.0.11_windows-x64_bin.exe (PID: 236)
      • msiexec.exe (PID: 6112)
      • java.exe (PID: 5552)
      • java.exe (PID: 7684)
      • java.exe (PID: 7660)

    • Checks supported languages

      • jdk-17.0.11_windows-x64_bin.exe (PID: 236)
      • jdk-17.0.11_windows-x64_bin.exe (PID: 2572)
      • msiexec.exe (PID: 448)
      • msiexec.exe (PID: 7404)
      • msiexec.exe (PID: 6112)
      • java.exe (PID: 7684)
      • java.exe (PID: 5552)
      • msiexec.exe (PID: 7812)
      • java.exe (PID: 7712)
      • java.exe (PID: 7660)

    • Reads the computer name

      • jdk-17.0.11_windows-x64_bin.exe (PID: 236)
      • jdk-17.0.11_windows-x64_bin.exe (PID: 2572)
      • msiexec.exe (PID: 448)
      • msiexec.exe (PID: 6112)
      • msiexec.exe (PID: 7404)
      • java.exe (PID: 7684)
      • msiexec.exe (PID: 7812)
      • java.exe (PID: 7660)

    • Creates files or folders in the user directory

      • jdk-17.0.11_windows-x64_bin.exe (PID: 2572)
      • msiexec.exe (PID: 7008)
      • java.exe (PID: 7684)

    • Creates files in the program directory

      • jdk-17.0.11_windows-x64_bin.exe (PID: 2572)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 7008)

    • Reads the software policy settings

      • msiexec.exe (PID: 7008)
      • msiexec.exe (PID: 448)

    • Checks proxy server information

      • msiexec.exe (PID: 7008)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 448)
      • java.exe (PID: 5552)
      • java.exe (PID: 7684)
      • java.exe (PID: 7712)
      • java.exe (PID: 7660)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 448)

    • Manual execution by a user

      • cmd.exe (PID: 7440)

    • Reads CPU info

      • java.exe (PID: 7684)
      • java.exe (PID: 7660)

    • Process checks computer location settings

      • java.exe (PID: 7684)
      • java.exe (PID: 7660)

    • Attempting to use instant messaging service

      • java.exe (PID: 7684)
      • java.exe (PID: 7660)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
31
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs jdk-17.0.11_windows-x64_bin.exe no specs jdk-17.0.11_windows-x64_bin.exe jdk-17.0.11_windows-x64_bin.exe no specs msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs firefox.exe no specs firefox.exe no specs msiexec.exe rundll32.exe no specs cmd.exe no specs conhost.exe no specs java.exe no specs java.exe java.exe no specs java.exe

Process information

PID
CMD
Path
Indicators
Parent process
236"C:\Users\admin\Downloads\jdk-17.0.11_windows-x64_bin.exe" C:\Users\admin\Downloads\jdk-17.0.11_windows-x64_bin.exe
firefox.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
HIGH
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
17.0.11.0
Modules
Images
c:\users\admin\downloads\jdk-17.0.11_windows-x64_bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
448C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1608\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2572"C:\Users\admin\AppData\Local\Temp\jds1273453.tmp\jdk-17.0.11_windows-x64_bin.exe"C:\Users\admin\AppData\Local\Temp\jds1273453.tmp\jdk-17.0.11_windows-x64_bin.exejdk-17.0.11_windows-x64_bin.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
HIGH
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
17.0.11.0
Modules
Images
c:\users\admin\appdata\local\temp\jds1273453.tmp\jdk-17.0.11_windows-x64_bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\gdi32.dll
3104"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5500 -prefsLen 31108 -prefMapSize 244343 -jsInitHandle 1312 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be873062-561a-4b01-a9a8-45cad094181f} 6648 "\\.\pipe\gecko-crash-server-pipe.6648" 27d33875f50 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
5072"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7188 -childID 7 -isForBrowser -prefsHandle 7184 -prefMapHandle 7180 -prefsLen 32132 -prefMapSize 244343 -jsInitHandle 1312 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51d45d52-d2f3-43e3-aeb9-210fd96d267c} 6648 "\\.\pipe\gecko-crash-server-pipe.6648" 27d2d587f50 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
5248"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4744 -childID 3 -isForBrowser -prefsHandle 5280 -prefMapHandle 4952 -prefsLen 31108 -prefMapSize 244343 -jsInitHandle 1312 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b569b885-200e-4413-9f3e-909bebe4c834} 6648 "\\.\pipe\gecko-crash-server-pipe.6648" 27d31256d90 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
5552java -jar stealer.jarC:\Program Files\Common Files\Oracle\Java\javapath_target_1320140\java.execmd.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
17.0.11.0
Modules
Images
c:\program files\common files\oracle\java\javapath_target_1320140\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\gdi32.dll
6112C:\Windows\System32\MsiExec.exe -Embedding F11BB5AF55BFA0519409E586A9EF9D86 CC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6156"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 4 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 31108 -prefMapSize 244343 -jsInitHandle 1312 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55ffee19-16ce-4929-90bf-832179c0989f} 6648 "\\.\pipe\gecko-crash-server-pipe.6648" 27d31256f50 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
35 248
Read events
34 826
Write events
394
Delete events
28

Modification events

(PID) Process:(6600) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
92237EF900000000
(PID) Process:(6648) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
245B80F900000000
(PID) Process:(6648) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Progress
Value:
0
(PID) Process:(6648) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Progress
Value:
1
(PID) Process:(6648) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Installer\308046B0AF4A39CB
Operation:delete valueName:installer.taskbarpin.win10.enabled
Value:
(PID) Process:(6648) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(6648) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(6648) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Theme
Value:
1
(PID) Process:(6648) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Enabled
Value:
1
(PID) Process:(6648) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
Executable files
170
Suspicious files
324
Text files
262
Unknown types
3

Dropped files

PID
Process
Filename
Type
6648firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:7A97B8DBC4F98D175F958C00F463A52A
SHA256:92074D2ED1AA1FD621287E35DB9EF1AE3DC04777EFAE5F09E7A3B4534C201548
6648firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
6648firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6648firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6648firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6648firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
6648firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:7A97B8DBC4F98D175F958C00F463A52A
SHA256:92074D2ED1AA1FD621287E35DB9EF1AE3DC04777EFAE5F09E7A3B4534C201548
6648firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6648firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.tmpdbf
MD5:C78F36BF78A74A5C37232FA18305FA6E
SHA256:319C730AC6614FDCE611894E281CBE1B5E1A304DCD812D6B642D3BE978E82EEC
6648firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.bindbf
MD5:C78F36BF78A74A5C37232FA18305FA6E
SHA256:319C730AC6614FDCE611894E281CBE1B5E1A304DCD812D6B642D3BE978E82EEC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
114
DNS requests
144
Threats
21

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6648
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
6648
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
6648
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
unknown
6648
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
unknown
6648
firefox.exe
POST
200
184.24.77.48:80
http://r10.o.lencr.org/
unknown
unknown
6648
firefox.exe
POST
200
184.24.77.48:80
http://r10.o.lencr.org/
unknown
unknown
6648
firefox.exe
POST
200
184.24.77.48:80
http://r10.o.lencr.org/
unknown
unknown
6648
firefox.exe
POST
200
184.24.77.48:80
http://r10.o.lencr.org/
unknown
unknown
6648
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/wr2
unknown
unknown
6648
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
5504
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6648
firefox.exe
23.32.100.101:443
download.oracle.com
AKAMAI-AS
SE
unknown
6648
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
6648
firefox.exe
34.117.188.166:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
6648
firefox.exe
184.24.77.54:80
r11.o.lencr.org
Akamai International B.V.
DE
unknown
6648
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
unknown
6648
firefox.exe
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
download.oracle.com
  • 23.32.100.101
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
e2875.d.akamaiedge.net
  • 23.32.100.101
unknown
example.org
  • 93.184.215.14
whitelisted
ipv4only.arpa
  • 192.0.0.171
  • 192.0.0.170
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
spocs.getpocket.com
  • 34.117.188.166
whitelisted
prod.ads.prod.webservices.mozgcp.net
  • 34.117.188.166
unknown

Threats

PID
Process
Class
Message
2256
svchost.exe
Misc activity
ET INFO File Sharing Related Domain in DNS Lookup (mega .nz)
6648
firefox.exe
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
2256
svchost.exe
Misc activity
ET INFO File Sharing Related Domain in DNS Lookup (mega .nz)
2256
svchost.exe
Misc activity
ET INFO File Sharing Related Domain in DNS Lookup (mega .nz)
6648
firefox.exe
Misc activity
ET INFO File Sharing Domain Observed in TLS SNI (mega .nz)
2256
svchost.exe
Misc activity
ET INFO Observed DNS Query to Filesharing Service (mega .co .nz)
2256
svchost.exe
Misc activity
ET INFO Observed DNS Query to Filesharing Service (mega .co .nz)
2256
svchost.exe
Misc activity
ET INFO Observed DNS Query to Filesharing Service (mega .co .nz)
2256
svchost.exe
Misc activity
ET INFO Observed DNS Query to Filesharing Service (mega .co .nz)
2256
svchost.exe
Misc activity
ET INFO Observed DNS Query to Filesharing Service (mega .co .nz)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://download.oracle.com/java/17/archive/jdk-17.0.11_windows-x64_bin.exe