URL:

https://www.mediafire.com/file/pi1l15j22yez7kj/ZaynPack.rar/file

Full analysis: https://app.any.run/tasks/7f4d2648-6a7d-4471-992b-6b3fae65406c
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: September 08, 2024, 13:15:06
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
discordgrabber
generic
Indicators:
MD5:

B7A01F0BD589A0E01A017310011AB817

SHA1:

76AA4DADD49098C635BDDE9AAE2C25CC5ABC43B7

SHA256:

9C358E8119D13C0CC56CA08F97F82EDECC7D6A350A21053EBAF0F05340C5F912

SSDEEP:

3:N8DSLw3eGUo1BR6OPKJ1EUA:2OLw3eGVlyJJA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • ZaynPack.exe (PID: 2008)

    • DISCORDGRABBER has been detected (YARA)

      • ZaynPack.exe (PID: 2008)

    • Create files in the Startup directory

      • ZaynPack.exe (PID: 2008)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 8092)
      • ZaynPack Setup 1.0.0.exe (PID: 6724)

    • Creates a software uninstall entry

      • ZaynPack Setup 1.0.0.exe (PID: 6724)

    • The process creates files with name similar to system file names

      • ZaynPack Setup 1.0.0.exe (PID: 6724)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ZaynPack Setup 1.0.0.exe (PID: 6724)

    • Drops 7-zip archiver for unpacking

      • ZaynPack Setup 1.0.0.exe (PID: 6724)

    • Process drops legitimate windows executable

      • ZaynPack Setup 1.0.0.exe (PID: 6724)

    • Executable content was dropped or overwritten

      • ZaynPack Setup 1.0.0.exe (PID: 6724)
      • ZaynPack.exe (PID: 2008)

    • Starts CMD.EXE for commands execution

      • ZaynPack.exe (PID: 2008)
      • hexonsadwqjfqwfqwsajdowqifjqk.exe (PID: 6340)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 6052)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 6200)

    • Get information on the list of running processes

      • ZaynPack.exe (PID: 2008)
      • cmd.exe (PID: 8080)
      • cmd.exe (PID: 8068)
      • cmd.exe (PID: 8104)
      • cmd.exe (PID: 7724)
      • cmd.exe (PID: 7492)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 8016)
      • cmd.exe (PID: 7192)
      • cmd.exe (PID: 4132)
      • cmd.exe (PID: 3672)

    • Application launched itself

      • ZaynPack.exe (PID: 2008)

    • Uses TASKKILL.EXE to kill Browsers

      • cmd.exe (PID: 7824)

    • The process executes VB scripts

      • cmd.exe (PID: 2248)

    • Runs shell command (SCRIPT)

      • cscript.exe (PID: 6772)

    • Connects to unusual port

      • hexonsadwqjfqwfqwsajdowqifjqk.exe (PID: 6340)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 4444)
      • firefox.exe (PID: 6176)
      • firefox.exe (PID: 6004)
      • firefox.exe (PID: 6552)

    • Manual execution by a user

      • ZaynPack.exe (PID: 2008)
      • WinRAR.exe (PID: 8092)
      • cmd.exe (PID: 6868)
      • firefox.exe (PID: 6552)

    • Create files in a temporary directory

      • ZaynPack Setup 1.0.0.exe (PID: 6724)
      • ZaynPack.exe (PID: 2008)
      • hexonsadwqjfqwfqwsajdowqifjqk.exe (PID: 6340)

    • Reads the computer name

      • ZaynPack Setup 1.0.0.exe (PID: 6724)
      • ZaynPack.exe (PID: 2008)
      • ZaynPack.exe (PID: 7036)
      • ZaynPack.exe (PID: 3244)

    • Checks supported languages

      • ZaynPack.exe (PID: 2008)
      • ZaynPack.exe (PID: 7036)
      • ZaynPack Setup 1.0.0.exe (PID: 6724)
      • ZaynPack.exe (PID: 3244)
      • strings2.exe (PID: 6780)
      • hexonsadwqjfqwfqwsajdowqifjqk.exe (PID: 6340)

    • Creates files or folders in the user directory

      • ZaynPack Setup 1.0.0.exe (PID: 6724)
      • ZaynPack.exe (PID: 2008)

    • Reads product name

      • ZaynPack.exe (PID: 2008)
      • hexonsadwqjfqwfqwsajdowqifjqk.exe (PID: 6340)

    • Reads Environment values

      • ZaynPack.exe (PID: 2008)
      • hexonsadwqjfqwfqwsajdowqifjqk.exe (PID: 6340)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 6200)
      • cscript.exe (PID: 6772)

    • Process checks computer location settings

      • ZaynPack.exe (PID: 2008)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 4444)
      • firefox.exe (PID: 6004)

    • The process uses the downloaded file

      • firefox.exe (PID: 4444)
      • WinRAR.exe (PID: 8092)
      • cscript.exe (PID: 6772)

    • Checks proxy server information

      • ZaynPack.exe (PID: 2008)
      • slui.exe (PID: 7248)

    • Reads the machine GUID from the registry

      • ZaynPack.exe (PID: 2008)

    • Reads the software policy settings

      • slui.exe (PID: 1404)
      • slui.exe (PID: 7248)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
226
Monitored processes
94
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs svchost.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs rundll32.exe no specs sppextcomobj.exe no specs slui.exe winrar.exe no specs zaynpack setup 1.0.0.exe #DISCORDGRABBER zaynpack.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs tasklist.exe no specs taskkill.exe no specs tasklist.exe no specs taskkill.exe no specs zaynpack.exe no specs zaynpack.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs where.exe no specs cmd.exe no specs conhost.exe no specs where.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs strings2.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe cmd.exe no specs conhost.exe no specs cscript.exe no specs hexonsadwqjfqwfqwsajdowqifjqk.exe conhost.exe no specs cmd.exe no specs reg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
400tasklistC:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
508"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7596 -childID 10 -isForBrowser -prefsHandle 5344 -prefMapHandle 5888 -prefsLen 31161 -prefMapSize 244343 -jsInitHandle 1284 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12a28921-4ecd-41ea-b3aa-331775f05a96} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 1cce661dbd0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
964C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
964\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
964\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1124"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4388 -childID 2 -isForBrowser -prefsHandle 4428 -prefMapHandle 4424 -prefsLen 36263 -prefMapSize 244343 -jsInitHandle 1284 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de3af604-d623-4b0c-ac92-816d4032338a} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 1cce3c6c850 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
123.0
1168taskkill /IM Growtopia.exe /FC:\Windows\System32\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1404"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1656"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1800 -parentBuildID 20240213221259 -prefsHandle 1460 -prefMapHandle 1524 -prefsLen 30537 -prefMapSize 244343 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60ee1051-4bac-4ae9-afa8-8f1dd82c5634} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 1ccdcec3a10 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1776\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
32 955
Read events
32 934
Write events
21
Delete events
0

Modification events

(PID) Process:(4444) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(8092) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(8092) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\ZaynPack.rar
(PID) Process:(8092) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(8092) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(8092) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(8092) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6724) ZaynPack Setup 1.0.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\378c5483-7805-5d1c-9328-84ef7f4f64ec
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\unitygame-setup
(PID) Process:(6724) ZaynPack Setup 1.0.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\378c5483-7805-5d1c-9328-84ef7f4f64ec
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(6724) ZaynPack Setup 1.0.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\378c5483-7805-5d1c-9328-84ef7f4f64ec
Operation:writeName:ShortcutName
Value:
ZaynPack
Executable files
29
Suspicious files
458
Text files
56
Unknown types
3

Dropped files

PID
Process
Filename
Type
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\SiteSecurityServiceState.binbinary
MD5:70FFD9D7136D878B071F900BB88FF7F2
SHA256:4A846F5E1858A55E794A82717812A95D5D8098138B5649520022A5686317F095
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:8AF3538A933853586C86FD3C1E5C216F
SHA256:6DC843964E856D39691CCF6F4F5D37150A5D445554056F2A990784832C5BBE13
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.bindbf
MD5:3B156E12141F8CBCE9D60CDCE2077617
SHA256:E6287E44B44ABEA20E1B2E3F415D22B9E5E5FBBC155AD9DADBABA63951B2AF6F
4444firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
312
TCP/UDP connections
391
DNS requests
463
Threats
23

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
200
142.250.184.195:80
http://o.pki.goog/wr2
unknown
unknown
POST
142.250.184.195:80
http://o.pki.goog/s/wr3/XjA
unknown
unknown
POST
200
142.250.184.195:80
http://o.pki.goog/wr2
unknown
unknown
POST
200
142.250.184.195:80
http://o.pki.goog/wr2
unknown
unknown
POST
200
142.250.184.195:80
http://o.pki.goog/wr2
unknown
unknown
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
POST
200
95.101.54.107:80
http://r10.o.lencr.org/
unknown
unknown
POST
200
142.250.184.195:80
http://o.pki.goog/wr2
unknown
unknown
POST
200
95.101.54.107:80
http://r10.o.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4760
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6260
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
104.17.150.117:443
www.mediafire.com
CLOUDFLARENET
shared
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
172.217.16.202:443
safebrowsing.googleapis.com
GOOGLE
US
whitelisted
34.117.188.166:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
whitelisted
34.107.243.93:443
push.services.mozilla.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
  • 51.104.136.2
  • 20.106.86.13
whitelisted
google.com
  • 142.250.186.78
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
www.mediafire.com
  • 104.17.150.117
  • 104.17.151.117
shared
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
example.org
  • 93.184.215.14
whitelisted
ipv4only.arpa
  • 192.0.0.171
  • 192.0.0.170
whitelisted
spocs.getpocket.com
  • 34.117.188.166
whitelisted
prod.ads.prod.webservices.mozgcp.net
  • 34.117.188.166
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
2256
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
2256
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
2256
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
2256
svchost.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
2256
svchost.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
2256
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.pw domain - Likely Hostile
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.mediafire.com/file/pi1l15j22yez7kj/ZaynPack.rar/file