URL:

https://www.youtubedownloaderhd.com/

Full analysis: https://app.any.run/tasks/c96ab6b5-a78a-46cd-ac35-e272360dcd1c
Verdict: Malicious activity
Analysis date: May 17, 2025, 09:19:47
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
arch-exec
inno
installer
delphi
arch-scr
arch-html
Indicators:
MD5:

9F160DFECD616AAFFF3A09656E1AF61A

SHA1:

F8B83D5D831F0712D92327B5BC391712FF7B8241

SHA256:

A00BF754CA820DC473A41BDFF36193B4F7E1E7F7658B44DEC6A3FDEFCEA34873

SSDEEP:

3:N8DSLU7JodXN9GG:2OLU7kT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • firefox.exe (PID: 4880)
      • WinRAR.exe (PID: 8632)
      • firefox.exe (PID: 4880)

    • Executing a file with an untrusted certificate

      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe (PID: 1012)
      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe (PID: 5020)
      • PreLoader.exe (PID: 864)
      • Conflict of Nations.exe (PID: 4880)
      • Conflict of Nations.exe (PID: 3124)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe (PID: 1012)
      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe (PID: 5020)
      • 6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe (PID: 8928)
      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.tmp (PID: 3024)

    • There is functionality for taking screenshot (YARA)

      • 6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe (PID: 8928)

    • Process drops legitimate windows executable

      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.tmp (PID: 3024)
      • 6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe (PID: 8928)

    • Explorer used for Indirect Command Execution

      • explorer.exe (PID: 8716)

  • INFO

    • The sample compiled with english language support

      • firefox.exe (PID: 4880)
      • 6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe (PID: 8928)
      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.tmp (PID: 3024)

    • Manual execution by a user

      • WinRAR.exe (PID: 8632)
      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe (PID: 1012)
      • 6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe (PID: 7720)
      • 6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe (PID: 8928)
      • msedge.exe (PID: 3968)
      • Conflict of Nations.exe (PID: 3124)
      • Conflict of Nations.exe (PID: 4880)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 8632)

    • Application launched itself

      • firefox.exe (PID: 4880)
      • msedge.exe (PID: 8920)
      • firefox.exe (PID: 2384)
      • msedge.exe (PID: 8204)
      • msedge.exe (PID: 3968)
      • msedge.exe (PID: 2504)

    • Detects InnoSetup installer (YARA)

      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe (PID: 1012)
      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.tmp (PID: 6752)

    • Compiled with Borland Delphi (YARA)

      • 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.tmp (PID: 6752)
      • PreLoader.exe (PID: 864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
246
Monitored processes
105
Malicious processes
6
Suspicious processes
4

Behavior graph

Click at the process to see the details
start firefox.exe no specs #GENERIC firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs sppextcomobj.exe no specs slui.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe firefox.exe no specs rundll32.exe no specs #GENERIC winrar.exe 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.tmp no specs 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe 5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.tmp msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe no specs 6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe conflict of nations.exe no specs conflict of nations.exe preloader.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs game.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs explorer.exe no specs explorer.exe no specs weather.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
444"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5180 --field-trial-handle=2368,i,14143508838203548847,18223649142183578340,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
456"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7ffc89985fd8,0x7ffc89985fe4,0x7ffc89985ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1632 --field-trial-handle=2368,i,14143508838203548847,18223649142183578340,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
668"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7ffc89985fd8,0x7ffc89985fe4,0x7ffc89985ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
732\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exegame.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
864"C:\Program Files (x86)\MyPlayCity.com\Conflict of Nations\PreLoader.exe" C:\Program Files (x86)\MyPlayCity.com\Conflict of Nations\PreLoader.exe
Conflict of Nations.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
3.3.0.0
Modules
Images
c:\program files (x86)\myplaycity.com\conflict of nations\preloader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
920"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2524 --field-trial-handle=2368,i,14143508838203548847,18223649142183578340,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
960"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5244 --field-trial-handle=2380,i,9424620002101480962,870379316998678452,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1012"C:\Users\admin\Desktop\5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe" C:\Users\admin\Desktop\5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe
explorer.exe
User:
admin
Company:
MyPlayCity, Inc.
Integrity Level:
MEDIUM
Description:
Conflict of Nations Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\5b22a6de59b33db22c854b036c372419d3e67c337361bc642c10f9362845d60b.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1660"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5564 --field-trial-handle=2380,i,9424620002101480962,870379316998678452,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
35 832
Read events
35 708
Write events
109
Delete events
15

Modification events

(PID) Process:(4880) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(8632) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:15
Value:
(PID) Process:(8632) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:14
Value:
(PID) Process:(8632) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:13
Value:
(PID) Process:(8632) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:12
Value:
(PID) Process:(8632) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:11
Value:
(PID) Process:(8632) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:10
Value:
(PID) Process:(8632) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:9
Value:
(PID) Process:(8632) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:8
Value:
(PID) Process:(8632) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:7
Value:
Executable files
55
Suspicious files
1 919
Text files
341
Unknown types
0

Dropped files

PID
Process
Filename
Type
4880firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
4880firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
4880firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.db-journalbinary
MD5:7FF1370E8754EC194618A1C1640ABCD6
SHA256:329D5C3E0A97825A4D6EC968A17ED4DFE8E260AC9FD7888426BC4E4BE03FBD2D
4880firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-child-current.binbinary
MD5:C95DDC2B1A525D1A243E4C294DA2F326
SHA256:3A5919E086BFB31E36110CF636D2D5109EB51F2C410B107F126126AB25D67363
4880firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.dbbinary
MD5:651D9092BF42C933CDE9D506A5B1ADF7
SHA256:DE054FDEB9A94ADD3D2BE4B0D14506B7BDBCAC596A416A155AF555C404CF2011
4880firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
4880firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.binbinary
MD5:4006DDC2918B16C7EF5516C58373842B
SHA256:269EA23B77EDE0874628BD8611BCC5A3E87E0C44CA8A821C0D028B929D4F468F
4880firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\protections.sqlite-journalbinary
MD5:CD5FB6BCC2E84E2FFA859A22A908A926
SHA256:816F797A306C9D239F073981B51BFD515770ED508F8348377242049C537735AB
4880firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
4880firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
228
TCP/UDP connections
183
DNS requests
280
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4880
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
4880
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
4880
firefox.exe
POST
200
2.22.242.122:80
http://r10.o.lencr.org/
unknown
whitelisted
4880
firefox.exe
POST
200
2.16.168.113:80
http://r11.o.lencr.org/
unknown
whitelisted
4880
firefox.exe
POST
200
2.16.168.113:80
http://r11.o.lencr.org/
unknown
whitelisted
4880
firefox.exe
POST
200
216.58.206.67:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
4880
firefox.exe
POST
200
2.22.242.122:80
http://r10.o.lencr.org/
unknown
whitelisted
4880
firefox.exe
POST
200
2.22.242.122:80
http://r10.o.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
4880
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
4880
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
4880
firefox.exe
34.107.152.202:443
firefox-settings-attachments.cdn.mozilla.net
GOOGLE
US
whitelisted
4880
firefox.exe
216.58.206.67:80
o.pki.goog
GOOGLE
US
whitelisted
4880
firefox.exe
216.58.206.74:443
safebrowsing.googleapis.com
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
whitelisted
www.microsoft.com
  • 23.219.150.101
  • 23.35.229.160
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
www.youtubedownloaderhd.com
  • 138.201.226.176
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 23.215.0.133
  • 96.7.128.192
  • 23.215.0.132
  • 96.7.128.186
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
8144
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
8144
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
8928
6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
8928
6fe1c83ad9f915cf4c82895f8f795a45f71c4513924edb83bf4d8b2ef53f7698.exe
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloud Application Platform (.herokuapp .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloud Application Platform (.herokuapp .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.youtubedownloaderhd.com/