Malware analysis http://www.vstmenia.com/iobit-software-updater-pro-crack/ Malicious activity

Add for printing

URL:	http://www.vstmenia.com/iobit-software-updater-pro-crack/
Full analysis:	https://app.any.run/tasks/b6c57a1f-9500-45b1-859d-39878a68507e
Verdict:	Malicious activity
Analysis date:	April 30, 2023, 14:33:36
OS:	Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MD5:	315E001F010A0E23362382DF6E7CE06F
SHA1:	6470F19E3F0CFBDDA3E07F7632ED2ABE32C435C3
SHA256:	B04578C1DDE4084EC3E07E17D39BC322C4411867765DBC251859B9A36C643CA7
SSDEEP:	3:N1KJS4auALoZYcVy3K7l:Cc4aPLo6cVy6R

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.1.22000.0
Adobe Acrobat (64-bit) (22.003.20314)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (5.74)
FileZilla Client 3.51.0 (3.51.0)
Google Chrome (69.123.49202)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java 8 Update 351 (64-bit) (8.0.3510.10)
Java Auto Updater (2.8.351.10)
Microsoft Edge (111.0.1661.62)
Microsoft Edge Update (1.3.173.51)
Microsoft Edge WebView2 Runtime (103.0.1264.77)
Microsoft Office Ev ve İş 2021 - tr-tr (16.0.15601.20142)
Microsoft Office Famille et Petite Entreprise 2021 - fr-fr (16.0.15601.20142)
Microsoft Office Hogar y Empresas 2021 - es-es (16.0.15601.20142)
Microsoft Office Home and Business 2021 - de-de (16.0.15601.20142)
Microsoft Office Home and Business 2021 - en-us (16.0.15601.20142)
Microsoft Office Home and Business 2021 - it-it (16.0.15601.20142)
Microsoft Office Home and Business 2021 - ja-jp (16.0.15601.20142)
Microsoft Office Home and Business 2021 - pt-br (16.0.15601.20142)
Microsoft Office Home 및 Business 2021 - ko-kr (16.0.15601.20142)
Microsoft Office для дома и бизнеса 2021 - ru-ru (16.0.15601.20142)
Microsoft OneDrive (22.077.0410.0007)
Microsoft Update Health Tools (4.67.0.0)
Mozilla Firefox (x64 en-US) (111.0.1)
Mozilla Maintenance Service (111.0.1)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15601.20064)
Office 16 Click-to-Run Licensing Component (16.0.15601.20142)
Office 16 Click-to-Run Localization Component (16.0.15601.20064)
Office 16 Click-to-Run Localization Component (16.0.15601.20064)
Office 16 Click-to-Run Localization Component (16.0.15601.20064)
Office 16 Click-to-Run Localization Component (16.0.15601.20064)
Office 16 Click-to-Run Localization Component (16.0.15601.20064)
Office 16 Click-to-Run Localization Component (16.0.15601.20064)
Office 16 Click-to-Run Localization Component (16.0.15601.20064)
Office 16 Click-to-Run Localization Component (16.0.15601.20064)
Opera 12.15 (12.15.1748)
VLC media player (3.0.11)
VLC media player 3.0.17 (64-bit) (3.0.17.0)
WinRAR 5.91 (64-bit) (5.91.0)

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
- Application launched itself
  - firefox.exe (PID: 3760)
  - firefox.exe (PID: 2360)
- Create files in a temporary directory
  - firefox.exe (PID: 2360)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

141

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

700

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2360.1.1601615930\904823396" -parentBuildID 20230321111920 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 22972 -prefMapSize 236587 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec6ab9a3-4e74-41a9-ba7f-e3ffdddc2220} 2360 "\\.\pipe\gecko-crash-server-pipe.2360" 2228 231656e2258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

2360

"C:\Program Files\Mozilla Firefox\firefox.exe" http://www.vstmenia.com/iobit-software-updater-pro-crack/

C:\Program Files\Mozilla Firefox\firefox.exe

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

3760

"C:\Program Files\Mozilla Firefox\firefox.exe" "http://www.vstmenia.com/iobit-software-updater-pro-crack/"

C:\Program Files\Mozilla Firefox\firefox.exe

—

explorer.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\msvcp140.dll

4524

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2360.2.9670793\1276992244" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3064 -prefsLen 21754 -prefMapSize 236587 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f65253a0-4a0d-44ad-8666-641ad4144abc} 2360 "\\.\pipe\gecko-crash-server-pipe.2360" 3088 2316b522358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

6284

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2360.0.2011272930\254264761" -parentBuildID 20230321111920 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 22972 -prefMapSize 236587 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40c3f7b8-17e7-496a-8eaf-a0c1b81a06fd} 2360 "\\.\pipe\gecko-crash-server-pipe.2360" 1788 23164f98758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\bcrypt.dll

6384

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2360.12.1370847282\1833117104" -childID 9 -isForBrowser -prefsHandle 8784 -prefMapHandle 9128 -prefsLen 26804 -prefMapSize 236587 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3621d92f-7fbd-40df-bfec-3b8880229334} 2360 "\\.\pipe\gecko-crash-server-pipe.2360" 8588 2315887c158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

6836

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2360.4.619873992\103239382" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3644 -prefsLen 21977 -prefMapSize 236587 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8927541-84c3-4273-89bc-665374d46825} 2360 "\\.\pipe\gecko-crash-server-pipe.2360" 3696 2316c016358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

6924

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2360.3.1172110051\35436440" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3420 -prefsLen 24142 -prefMapSize 236587 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd2e86ea-55e9-4f89-af22-9d2bca2bd5b1} 2360 "\\.\pipe\gecko-crash-server-pipe.2360" 3436 2316b705c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll

7408

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2360.11.1380134896\1449726946" -childID 8 -isForBrowser -prefsHandle 8268 -prefMapHandle 8272 -prefsLen 26723 -prefMapSize 236587 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33fd6843-b37a-4991-be74-083c8991c8d0} 2360 "\\.\pipe\gecko-crash-server-pipe.2360" 9320 231728be758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

7436

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2360.13.517335707\464286637" -childID 10 -isForBrowser -prefsHandle 5376 -prefMapHandle 5276 -prefsLen 26928 -prefMapSize 236587 -jsInitHandle 1424 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5c47983-1176-46ed-ab42-bf9fe2acce47} 2360 "\\.\pipe\gecko-crash-server-pipe.2360" 3708 2316dd8d458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Exit code:

Version:

111.0.1

Modules

Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll

Add for printing

Total events

22 786

Read events

22 744

Write events

Delete events

Modification events


(PID) Process:	(3760) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:	delete value	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Launcher
Value: BBE1C37401000000
(PID) Process:	(3760) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:	delete value	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Browser
Value: 96E9C47401000000
(PID) Process:	(2360) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Progress
Value: 1
(PID) Process:	(2360) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Progress
Value: 0
(PID) Process:	(2360) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Telemetry
Value: 1
(PID) Process:	(2360) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe
Value: 0
(PID) Process:	(2360) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe\|Theme
Value: 1
(PID) Process:	(2360) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\|DisableTelemetry
Value: 0
(PID) Process:	(2360) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\|DisableDefaultBrowserAgent
Value: 0
(PID) Process:	(2360) firefox.exe	Key:	HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\|SetDefaultBrowserUserChoice
Value: 1

Add for printing

Executable files

Suspicious files

564

Text files

134

Unknown types

Dropped files

PID	Process	Filename		Type
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20230321111920		text
		MD5:9595DA0B17A7F143A4DA9A8BF63C9B1B	SHA256:281AC6644B4602CE3DD2DFEC51AF01D9C2F4AEF99ED0DAE07831523DC29BE594
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8o2qovza.default-release\compatibility.ini		text
		MD5:DEBA18A64D02347AC44475F260DA8294	SHA256:31CC635079DBD141E22E7A5ABF23B339B8FE923258FDBEFACE9511CFA809142C
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8o2qovza.default-release\sessionCheckpoints.json.tmp		binary
		MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A	SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8o2qovza.default-release\prefs.js		text
		MD5:558AE4E68C85157FE682CD6CA3FBD5EF	SHA256:9EC33F6C4C3317426207A1C1557D7C989A04C0E17293B295693C1FFF750F02D2
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8o2qovza.default-release\sessionCheckpoints.json		binary
		MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A	SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8o2qovza.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8o2qovza.default-release\extensions.json.tmp		text
		MD5:FBEADD857445C3D00C258396149D75E8	SHA256:ADD813AF5E305BC9DB1214165B37C1806DDD96C91B63140F687503BFE41AE05D
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8o2qovza.default-release\cookies.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8o2qovza.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite		binary
		MD5:B7E8A7B765A8D3796639FB49C7891BF7	SHA256:EE3FE2CDA725BE41F90B7B3EE434BDF322D51866EB4A97D5B68FB446808673C4
2360	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8o2qovza.default-release\prefs-1.js		text
		MD5:558AE4E68C85157FE682CD6CA3FBD5EF	SHA256:9EC33F6C4C3317426207A1C1557D7C989A04C0E17293B295693C1FFF750F02D2

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

125

DNS requests

147

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
4000	svchost.exe	GET	304	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8e555dfb3f8a59e6	US	—	—	whitelisted
2360	firefox.exe	POST	200	2.16.241.15:80	http://r3.o.lencr.org/	unknown	binary	503 b	shared
2360	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/success.txt?ipv4	US	text	8 b	whitelisted
2360	firefox.exe	GET	200	68.178.247.250:80	http://www.vstmenia.com/iobit-software-updater-pro-crack/	US	html	15.7 Kb	suspicious
2360	firefox.exe	POST	200	2.16.241.15:80	http://r3.o.lencr.org/	unknown	binary	503 b	shared
2360	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/canonical.html	US	text	90 b	whitelisted
4000	svchost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	US	der	471 b	whitelisted
2360	firefox.exe	POST	200	2.16.241.15:80	http://r3.o.lencr.org/	unknown	binary	503 b	shared
2360	firefox.exe	GET	200	68.178.247.250:80	http://www.vstmenia.com/wp-content/fonts/6c03258347cd08d9a022dbcf33977603.css?ver=20201110	US	text	771 b	suspicious
2360	firefox.exe	GET	200	68.178.247.250:80	http://www.vstmenia.com/wp-content/plugins/click-to-top/assets/js/jquery.easing.js?ver=1.0	US	text	1.94 Kb	suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2164	svchost.exe	2.19.229.151:443	fs.microsoft.com	AKAMAI-AS	FR	suspicious
2360	firefox.exe	34.107.221.82:80	detectportal.firefox.com	GOOGLE	US	whitelisted
2360	firefox.exe	34.117.237.239:443	contile.services.mozilla.com	GOOGLE-CLOUD-PLATFORM	US	suspicious
2360	firefox.exe	35.241.9.150:443	firefox.settings.services.mozilla.com	GOOGLE	US	suspicious
2360	firefox.exe	50.16.121.128:443	spocs.getpocket.com	AMAZON-AES	US	unknown
2360	firefox.exe	68.178.247.250:80	www.vstmenia.com	GO-DADDY-COM-LLC	US	suspicious
2360	firefox.exe	2.16.241.15:80	r3.o.lencr.org	Akamai International B.V.	DE	suspicious
4000	svchost.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
2360	firefox.exe	104.22.71.197:443	static.addtoany.com	CLOUDFLARENET	—	suspicious
2360	firefox.exe	34.120.115.102:443	contile-images.services.mozilla.com	GOOGLE-CLOUD-PLATFORM	US	unknown

DNS requests

Domain	IP	Reputation
fs.microsoft.com	2.19.229.151	whitelisted
www.vstmenia.com	68.178.247.250	unknown
detectportal.firefox.com	34.107.221.82	whitelisted
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82 2600:1901:0:38d7::	whitelisted
contile.services.mozilla.com	34.117.237.239	whitelisted
spocs.getpocket.com	50.16.121.128 44.193.185.134 52.86.6.162 52.72.185.134 18.235.192.16 67.202.4.228 3.210.193.78 52.202.76.145	shared
proxyserverecs-1736642167.us-east-1.elb.amazonaws.com	52.202.76.145 3.210.193.78 67.202.4.228 18.235.192.16 52.72.185.134 52.86.6.162 44.193.185.134 50.16.121.128	shared
firefox.settings.services.mozilla.com	35.241.9.150	whitelisted
vstmenia.com	68.178.247.250	unknown
r3.o.lencr.org	2.16.241.15 2.16.241.12	shared

Threats

PID	Process	Class	Message
—	—	Misc activity	ET INFO Microsoft Connection Test

Add for printing

No debug info

General Info

http://www.vstmenia.com/iobit-software-updater-pro-crack/

315E001F010A0E23362382DF6E7CE06F

6470F19E3F0CFBDDA3E07F7632ED2ABE32C435C3

B04578C1DDE4084EC3E07E17D39BC322C4411867765DBC251859B9A36C643CA7

3:N1KJS4auALoZYcVy3K7l:Cc4aPLo6cVy6R

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Application launched itself

Create files in a temporary directory

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings