File name:

Firefox Installer.exe

Full analysis: https://app.any.run/tasks/553a65b7-5437-4cea-b056-be00743947ea
Verdict: Malicious activity
Analysis date: January 08, 2025, 16:13:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
arch-scr
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

04C3E1B7EB4DD63317EB54B3E5089675

SHA1:

0BE38E5D8C5268F0A297A351650B7EAE11B9255F

SHA256:

8F25D5220EE8E2305575FCA71A6D229F1EF2FD7E5CA5780D7E899BFF4AEC4219

SSDEEP:

12288:sSvvp2jRWmtab28hx/vKv2D9irEEcwyvawvS5SggO0t5vkg:sSHp2jQmAS0x/vKvs9eERfSwvX1Nt5vF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • setup.exe (PID: 4228)

  • SUSPICIOUS

    • Reads Internet Explorer settings

      • setup-stub.exe (PID: 3680)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • setup-stub.exe (PID: 3680)
      • setup-stub.exe (PID: 4160)
      • setup.exe (PID: 4228)
      • maintenanceservice_installer.exe (PID: 2452)

    • Executable content was dropped or overwritten

      • Firefox Installer.exe (PID: 1828)
      • setup-stub.exe (PID: 4160)
      • download.exe (PID: 2212)
      • setup.exe (PID: 4228)
      • maintenanceservice_tmp.exe (PID: 4576)
      • maintenanceservice_installer.exe (PID: 2452)
      • setup-stub.exe (PID: 3680)

    • Application launched itself

      • setup-stub.exe (PID: 4160)

    • The process drops Mozilla's DLL files

      • download.exe (PID: 2212)
      • setup.exe (PID: 4228)

    • The process drops C-runtime libraries

      • download.exe (PID: 2212)
      • setup.exe (PID: 4228)

    • Process drops legitimate windows executable

      • download.exe (PID: 2212)
      • setup.exe (PID: 4228)

    • Loads DLL from Mozilla Firefox

      • regsvr32.exe (PID: 4512)
      • default-browser-agent.exe (PID: 2088)

    • Reads security settings of Internet Explorer

      • setup-stub.exe (PID: 4160)
      • setup-stub.exe (PID: 3680)

  • INFO

    • The sample compiled with english language support

      • Firefox Installer.exe (PID: 1828)
      • download.exe (PID: 2212)
      • setup.exe (PID: 4228)
      • maintenanceservice_installer.exe (PID: 2452)
      • firefox.exe (PID: 6496)

    • Reads the computer name

      • Firefox Installer.exe (PID: 1828)
      • setup-stub.exe (PID: 3680)
      • setup-stub.exe (PID: 4160)

    • UPX packer has been detected

      • Firefox Installer.exe (PID: 1828)

    • Process checks computer location settings

      • setup-stub.exe (PID: 4160)

    • Checks supported languages

      • setup-stub.exe (PID: 3680)
      • setup-stub.exe (PID: 4160)
      • Firefox Installer.exe (PID: 1828)

    • Create files in a temporary directory

      • Firefox Installer.exe (PID: 1828)

    • Process checks whether UAC notifications are on

      • setup-stub.exe (PID: 4160)

    • Checks proxy server information

      • setup-stub.exe (PID: 3680)

    • Creates files or folders in the user directory

      • setup-stub.exe (PID: 3680)

    • Application launched itself

      • firefox.exe (PID: 6296)
      • firefox.exe (PID: 3576)
      • firefox.exe (PID: 6476)
      • firefox.exe (PID: 6496)
      • firefox.exe (PID: 6476)
      • firefox.exe (PID: 2756)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 6496)

    • Manual execution by a user

      • firefox.exe (PID: 6476)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (64.2)
.dll | Win32 Dynamic Link Library (generic) (15.6)
.exe | Win32 Executable (generic) (10.6)
.exe | Generic Win/DOS Executable (4.7)
.exe | DOS Executable Generic (4.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:08:30 22:18:33+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 69632
InitializedDataSize: 65536
UninitializedDataSize: 147456
EntryPoint: 0x34fa0
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 18.5.0.0
ProductVersionNumber: 18.5.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Mozilla
FileDescription: Firefox
FileVersion: 18.05
InternalName: 7zS.sfx
LegalCopyright: Mozilla
OriginalFileName: 7zS.sfx.exe
ProductName: Firefox
ProductVersion: 18.05
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
29
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start firefox installer.exe setup-stub.exe setup-stub.exe download.exe setup.exe regsvr32.exe no specs maintenanceservice_installer.exe maintenanceservice_tmp.exe default-browser-agent.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1828"C:\Users\admin\AppData\Local\Temp\Firefox Installer.exe" C:\Users\admin\AppData\Local\Temp\Firefox Installer.exe
explorer.exe
User:
admin
Company:
Mozilla
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
18.05
Modules
Images
c:\users\admin\appdata\local\temp\firefox installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2088"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\default-browser-agent.exesetup.exe
User:
admin
Company:
Mozilla Foundation
Integrity Level:
HIGH
Exit code:
0
Version:
134.0
Modules
Images
c:\program files\mozilla firefox\default-browser-agent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2212"C:\Users\admin\AppData\Local\Temp\nse613F.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\admin\AppData\Local\Temp\nse613F.tmp\config.iniC:\Users\admin\AppData\Local\Temp\nse613F.tmp\download.exe
setup-stub.exe
User:
admin
Company:
Mozilla
Integrity Level:
HIGH
Description:
Firefox
Exit code:
0
Version:
18.05
Modules
Images
c:\users\admin\appdata\local\temp\nse613f.tmp\download.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2452"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
setup.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
HIGH
Description:
Mozilla Maintenance Service Installer
Exit code:
0
Version:
134.0
Modules
Images
c:\program files\mozilla firefox\maintenanceservice_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2756"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
134.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3576"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exedefault-browser-agent.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
HIGH
Description:
Firefox
Exit code:
0
Version:
134.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
3680"C:\Users\admin\AppData\Local\Temp\7zS4271B603\setup-stub.exe" /UAC:702C8 /NCRCC:\Users\admin\AppData\Local\Temp\7zS4271B603\setup-stub.exe
setup-stub.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
HIGH
Description:
Firefox Installer
Exit code:
0
Version:
134.0
Modules
Images
c:\users\admin\appdata\local\temp\7zs4271b603\setup-stub.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3840"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4652 -prefsLen 27596 -prefMapHandle 4456 -prefMapSize 265037 -jsInitHandle 4452 -jsInitLen 254356 -parentBuildID 20241230151726 -ipcHandle 4444 -initialChannelId {24c5f2e8-773c-485b-9e67-84b1a7723d8c} -parentPid 6496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6496" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
134.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
3848"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20241230151726 -prefsHandle 2148 -prefsLen 23417 -prefMapHandle 2152 -prefMapSize 265037 -ipcHandle 2104 -initialChannelId {195b95c6-439a-4c49-8bb4-ae92740f7a4f} -parentPid 2756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
134.0
4160.\setup-stub.exeC:\Users\admin\AppData\Local\Temp\7zS4271B603\setup-stub.exe
Firefox Installer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox Installer
Exit code:
0
Version:
134.0
Modules
Images
c:\users\admin\appdata\local\temp\7zs4271b603\setup-stub.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
20 142
Read events
20 046
Write events
66
Delete events
30

Modification events

(PID) Process:(3680) setup-stub.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs
Operation:writeName:C:\Program Files\Mozilla Firefox
Value:
308046B0AF4A39CB
(PID) Process:(3680) setup-stub.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3680) setup-stub.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3680) setup-stub.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3680) setup-stub.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
(PID) Process:(3680) setup-stub.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFeedsInitialSelection
Value:
(PID) Process:(4228) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs
Operation:writeName:C:\Program Files\Mozilla Firefox
Value:
308046B0AF4A39CB
(PID) Process:(4228) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB
Operation:writeName:FriendlyTypeName
Value:
Firefox HTML Document
(PID) Process:(4228) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec
Operation:delete keyName:(default)
Value:
(PID) Process:(4228) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB
Operation:writeName:FriendlyTypeName
Value:
Firefox PDF Document
Executable files
95
Suspicious files
270
Text files
144
Unknown types
4

Dropped files

PID
Process
Filename
Type
1828Firefox Installer.exeC:\Users\admin\AppData\Local\Temp\7zS4271B603\setup-stub.exeexecutable
MD5:B44A3FEDE966DA14608E93A8A7C70D78
SHA256:5E0B4F742552B62595615D79EC44A85A58782C4A4294D520376B0C9A24724168
3680setup-stub.exeC:\Users\admin\AppData\Local\Temp\nse613F.tmp\System.dllexecutable
MD5:B361682FA5E6A1906E754CFA08AA8D90
SHA256:B711C4F17690421C9DC8DDB9ED5A9DDC539B3A28F11E19C851E25DCFC7701C04
3680setup-stub.exeC:\Users\admin\AppData\Local\Temp\nse613F.tmp\CityHash.dllexecutable
MD5:2021ACC65FA998DAA98131E20C4605BE
SHA256:C299A0A71BF57EB241868158B4FCFE839D15D5BA607E1BDC5499FDF67B334A14
3680setup-stub.exeC:\Users\admin\AppData\Local\Temp\nse613F.tmp\stub_common.csstext
MD5:544B51F11AD19DF720669478D28F129D
SHA256:4D9495B6F0E18331659993B79440E414A6E607FCDAEACBC7477E0683CC0FA98B
1828Firefox Installer.exeC:\Users\admin\AppData\Local\Temp\7zS4271B603\postSigningDatatext
MD5:DE228A6CFD36EC7D11445447A52C09F5
SHA256:50DEF86F44839E6FBEF8624DD5AA801F73DBC4B2064843850BECCBA8B8E5D6A3
4160setup-stub.exeC:\Users\admin\AppData\Local\Temp\nsx5C8C.tmp\UAC.dllexecutable
MD5:D23B256E9C12FE37D984BAE5017C5F8C
SHA256:EC6A56D981892BF251DF1439BEA425A5F6C7E1C7312D44BEDD5E2957F270338C
3680setup-stub.exeC:\Users\admin\AppData\Local\Temp\nse613F.tmp\UserInfo.dllexecutable
MD5:610AD03DEC634768CD91C7ED79672D67
SHA256:C6C413108539F141BEA3F679E0E2EF705898C51EC7C2607F478A865FC5E2E2DF
3680setup-stub.exeC:\Users\admin\AppData\Local\Temp\nse613F.tmp\bgstub.jpgimage
MD5:C55F15CEEDC724D6C6E15D1DAF96B698
SHA256:4B7E441D51B790EE1C0BAFF19E4E968392A937877DFA8B84E74464F5BA7A4CF4
3680setup-stub.exeC:\Users\admin\AppData\Local\Temp\nse613F.tmp\installing_page.csstext
MD5:6582E207592B60A995B4510CF959EB03
SHA256:43C38801C1746880625F97EEE3FE37FE94D1300ADF812BFE26E47B094B87523B
3680setup-stub.exeC:\Users\admin\AppData\Local\Temp\nse613F.tmp\WebBrowser.dllexecutable
MD5:B53CD4AD8562A11F3F7C7890A09DF27A
SHA256:281A0DC8B4F644334C2283897963B20DF88FA9FD32ACCA98ED2856B23318E6EC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
45
TCP/UDP connections
90
DNS requests
105
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5864
svchost.exe
GET
200
2.16.164.113:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5864
svchost.exe
GET
200
23.209.210.103:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3680
setup-stub.exe
GET
200
18.66.145.213:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D
unknown
3680
setup-stub.exe
GET
200
2.16.202.121:80
http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgO%2BA6ENR5cTe4xwD%2FhhTCYdJQ%3D%3D
unknown
whitelisted
3680
setup-stub.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAMS6Jl19zCc5X6GAIL92CA%3D
unknown
whitelisted
3680
setup-stub.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D
unknown
whitelisted
3680
setup-stub.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
3680
setup-stub.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAEkCvseOAuKFvFLcZ3008A%3D
unknown
whitelisted
3680
setup-stub.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAc3sNDc3KuNeNL0DLEi%2BT8%3D
unknown
whitelisted
3680
setup-stub.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5864
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2452
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3680
setup-stub.exe
18.245.86.112:443
product-details.mozilla.org
US
shared
3680
setup-stub.exe
18.66.145.213:80
ocsp.rootca1.amazontrust.com
AMAZON-02
US
shared
5864
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5864
svchost.exe
2.16.164.113:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5864
svchost.exe
23.209.210.103:80
www.microsoft.com
PT. Telekomunikasi Selular
ID
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 51.124.78.146
whitelisted
google.com
  • 142.250.184.206
whitelisted
product-details.mozilla.org
  • 18.245.86.112
  • 18.245.86.36
  • 18.245.86.113
  • 18.245.86.56
shared
ocsp.rootca1.amazontrust.com
  • 18.66.145.213
shared
crl.microsoft.com
  • 2.16.164.113
  • 2.16.164.112
whitelisted
www.microsoft.com
  • 23.209.210.103
  • 184.30.21.171
whitelisted
download.mozilla.org
  • 18.213.206.215
  • 184.73.132.217
  • 52.4.52.198
unknown
ocsp.digicert.com
  • 192.229.221.95
whitelisted
download-installer.cdn.mozilla.net
  • 34.117.35.28
whitelisted
x1.c.lencr.org
  • 23.209.209.135
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Firefox Installer.exe