URL:

http://107.174.234.46

Full analysis: https://app.any.run/tasks/cf6a9980-df8b-46c9-b615-243d8dfac512
Verdict: Malicious activity
Analysis date: April 23, 2019, 12:39:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

71720938EE321348E74763B25E646CA2

SHA1:

7024F481D694D9B2B553A02615D92A99F057E435

SHA256:

9886B2C21516888612474DE4C49EFCE8A4B3AF60BDB94AA1816A7C6652A1127E

SSDEEP:

3:N1Kt4RgTn:COyT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 3904)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 3904)

    • Creates files in the user directory

      • firefox.exe (PID: 3904)

    • Reads CPU info

      • firefox.exe (PID: 3904)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
296"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.13.2021894296\1181266863" -childID 2 -isForBrowser -prefsHandle 2512 -prefMapHandle 2516 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 2528 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2532"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.0.1901447722\1602548640" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 1120 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2888"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.6.49765167\59818464" -childID 1 -isForBrowser -prefsHandle 1504 -prefMapHandle 1528 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 1728 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3176"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.20.2055023791\826340314" -childID 3 -isForBrowser -prefsHandle 3260 -prefMapHandle 3348 -prefsLen 5824 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 3340 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3904"C:\Program Files\Mozilla Firefox\firefox.exe" http://107.174.234.46C:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
Total events
576
Read events
574
Write events
2
Delete events
0

Modification events

(PID) Process:(3904) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3904) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
Executable files
1
Suspicious files
115
Text files
47
Unknown types
76

Dropped files

PID
Process
Filename
Type
3904firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
3904firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
MD5:
SHA256:
3904firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\trash23482
MD5:
SHA256:
3904firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
MD5:
SHA256:
3904firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
3904firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
MD5:
SHA256:
3904firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.binbinary
MD5:
SHA256:
3904firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F036AD506C4350670A86CBDF4BF8E129680824C1der
MD5:
SHA256:
3904firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\58967CE720D3E32D7F1E8D6585FBCC6F7CA3CED0html
MD5:
SHA256:
3904firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.psetcdxl
MD5:076933FF9904D1110D896E2C525E39E5
SHA256:4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
65
DNS requests
119
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3904
firefox.exe
GET
107.174.234.46:80
http://107.174.234.46/favicon.ico
US
unknown
3904
firefox.exe
GET
200
107.174.234.46:80
http://107.174.234.46/
US
html
195 b
unknown
3904
firefox.exe
POST
200
2.21.242.245:80
http://ocsp.int-x3.letsencrypt.org/
NL
der
527 b
whitelisted
3904
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3904
firefox.exe
POST
200
172.217.23.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3904
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3904
firefox.exe
POST
200
2.21.242.245:80
http://ocsp.int-x3.letsencrypt.org/
NL
der
527 b
whitelisted
3904
firefox.exe
POST
200
172.217.23.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3904
firefox.exe
POST
200
172.217.23.163:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3904
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3904
firefox.exe
107.174.234.46:80
ColoCrossing
US
unknown
3904
firefox.exe
34.208.143.106:443
tiles.services.mozilla.com
Amazon.com, Inc.
US
unknown
3904
firefox.exe
143.204.205.62:443
snippets.cdn.mozilla.net
US
unknown
3904
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3904
firefox.exe
23.227.38.64:443
www.pioneerhousehold.store
Shopify, Inc.
CA
malicious
3904
firefox.exe
2.16.106.209:80
detectportal.firefox.com
Akamai International B.V.
whitelisted
3904
firefox.exe
151.101.0.104:443
cdn.shopify.com
Fastly
US
unknown
3904
firefox.exe
172.217.23.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted
3904
firefox.exe
34.224.36.137:443
salespopbyevm.herokuapp.com
Amazon.com, Inc.
US
unknown
3904
firefox.exe
104.25.9.32:443
sdk.beeketing.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 2.16.106.209
  • 2.16.106.152
whitelisted
search.services.mozilla.com
  • 52.10.42.204
  • 54.200.51.65
  • 52.27.229.90
whitelisted
search.r53-2.services.mozilla.com
  • 52.27.229.90
  • 54.200.51.65
  • 52.10.42.204
whitelisted
tiles.services.mozilla.com
  • 34.208.143.106
  • 54.149.115.79
  • 52.42.232.148
  • 52.43.40.243
  • 52.43.91.152
  • 34.214.69.153
  • 52.88.59.160
  • 54.186.163.246
whitelisted
tiles.r53-2.services.mozilla.com
  • 54.186.163.246
  • 52.88.59.160
  • 34.214.69.153
  • 52.43.91.152
  • 52.43.40.243
  • 52.42.232.148
  • 54.149.115.79
  • 34.208.143.106
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
snippets.cdn.mozilla.net
  • 143.204.205.62
whitelisted
cs9.wac.phicdn.net
  • 93.184.220.29
whitelisted
drcwo519tnci7.cloudfront.net
  • 143.204.205.62
shared
www.pioneerhousehold.store
  • 23.227.38.64
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://107.174.234.46