File name:

simple_tab_groups-5.2.xpi

Full analysis: https://app.any.run/tasks/781c5272-0bf1-4ff1-9e9d-af2087c6f633
Verdict: Malicious activity
Analysis date: November 22, 2024, 13:30:38
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-scr
arch-html
java
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

9A19F5E0A4BE22A5A25021CB4AAA534F

SHA1:

30D55C6E9937FA23B3DD7F3D03B989E1421FFACB

SHA256:

B56F30CEA753A9C4D1C0E078C0E5E635F1885EA7E40305CEE59B9E145FAD0A6C

SSDEEP:

24576:sLEhCvNL4iV0b3PvnCXWyvOQLi7BVBPyr9/Bm2cdu4LzF3m5O2nuaHM/j7pktkzf:sLEh0NLXV0b3PvnCXWyvOQLi7BVBPyre

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • javaw.exe (PID: 2632)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application based on Java

      • javaw.exe (PID: 2632)

    • Reads the computer name

      • javaw.exe (PID: 2632)

    • Checks supported languages

      • javaw.exe (PID: 2632)

    • Application launched itself

      • firefox.exe (PID: 3932)
      • firefox.exe (PID: 6928)
      • firefox.exe (PID: 2524)
      • firefox.exe (PID: 5380)

    • Manual execution by a user

      • firefox.exe (PID: 3932)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 2524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jar | Java Archive (54.7)
.xpi | Mozilla Firefox browser extension (30.1)
.zip | ZIP compressed archive (15)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0008
ZipCompression: Deflated
ZipModifyDate: 1980:00:00 00:00:00
ZipCRC: 0x29a6ced1
ZipCompressedSize: 1049
ZipUncompressedSize: 4020
ZipFileName: manifest.json
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
156
Monitored processes
31
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaw.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs textinputhost.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1876"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -childID 5 -isForBrowser -prefsHandle 4816 -prefMapHandle 2756 -prefsLen 29027 -prefMapSize 240426 -jsInitHandle 1316 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a527888a-7d9e-4877-a356-182eb5879559} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 2061b340150 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2456"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4972 -childID 4 -isForBrowser -prefsHandle 5080 -prefMapHandle 3732 -prefsLen 28985 -prefMapSize 240426 -jsInitHandle 1316 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5634975-481f-445c-a277-0d000f3c416e} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 20622d68d90 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2524"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2632"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar C:\Users\admin\AppData\Local\Temp\simple_tab_groups-5.2.xpi.jarC:\Program Files\Java\jre1.8.0_271\bin\javaw.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3032"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 6 -isForBrowser -prefsHandle 5244 -prefMapHandle 5240 -prefsLen 29027 -prefMapSize 240426 -jsInitHandle 1316 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45719bb8-087e-4db7-b553-2c8246335327} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 2061b3404d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3932"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
4208"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2152 -parentBuildID 20240213221259 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 31031 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32aaadb2-162c-4dc4-a93b-9a525e933014} 5380 "\\.\pipe\gecko-crash-server-pipe.5380" 1662da82710 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
4540"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240213221259 -prefsHandle 2012 -prefMapHandle 2008 -prefsLen 19989 -prefMapSize 240426 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b3d59d0-5101-4e45-8221-80cb62c3fa93} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 2060cd85710 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
5372"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -childID 1 -isForBrowser -prefsHandle 2104 -prefMapHandle 3088 -prefsLen 21575 -prefMapSize 240426 -jsInitHandle 1316 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53ae4839-ca67-47d7-b58c-8368cecb8356} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" 2061cc82690 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
5380"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
33 424
Read events
33 422
Write events
2
Delete events
0

Modification events

(PID) Process:(5380) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(2524) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
Executable files
4
Suspicious files
474
Text files
90
Unknown types
14

Dropped files

PID
Process
Filename
Type
5380firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
5380firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
5380firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5380firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
5380firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5380firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5380firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\SiteSecurityServiceState.binbinary
MD5:140BB7142820F9BF619BFF454EEADA6B
SHA256:D22625106F4ADAA33DE47F0E9ADB0A549158FC9A38FB825C2D680ACABC7CC0A8
5380firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.dbsqlite
MD5:1D22F6839A105C044087E30859895D5C
SHA256:F174E2F191F612E494C94DC696E3C6D610683E0F909CA9CCB36F891E14301333
5380firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5380firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
543
TCP/UDP connections
280
DNS requests
422
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5380
firefox.exe
POST
200
2.16.241.15:80
http://r10.o.lencr.org/
unknown
whitelisted
5380
firefox.exe
POST
200
142.250.185.163:80
http://o.pki.goog/wr2
unknown
whitelisted
5380
firefox.exe
POST
200
95.101.54.131:80
http://r11.o.lencr.org/
unknown
whitelisted
5380
firefox.exe
POST
200
95.101.54.131:80
http://r11.o.lencr.org/
unknown
whitelisted
GET
200
23.48.23.140:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.140:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4932
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.140:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.140:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3976
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
  • 40.127.240.158
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.140
  • 23.48.23.193
  • 23.48.23.139
  • 23.48.23.150
  • 23.48.23.146
  • 23.48.23.137
  • 23.48.23.194
  • 23.48.23.147
  • 23.48.23.138
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
google.com
  • 142.250.186.110
whitelisted
www.bing.com
  • 2.19.96.75
  • 2.19.96.96
  • 2.19.96.74
  • 2.19.96.81
  • 2.19.96.80
  • 2.19.96.90
  • 2.19.96.88
  • 2.19.96.89
  • 2.19.96.83
  • 92.123.104.19
  • 92.123.104.14
  • 92.123.104.20
  • 92.123.104.11
  • 92.123.104.15
  • 92.123.104.9
  • 92.123.104.16
  • 92.123.104.12
  • 92.123.104.10
  • 2.23.209.144
  • 2.23.209.177
  • 2.23.209.150
  • 2.23.209.154
  • 2.23.209.156
  • 2.23.209.176
  • 2.23.209.149
  • 2.23.209.158
  • 2.23.209.160
  • 92.123.104.17
  • 92.123.104.18
  • 92.123.104.41
  • 92.123.104.38
  • 92.123.104.37
  • 92.123.104.46
  • 92.123.104.39
  • 92.123.104.40
  • 92.123.104.43
  • 92.123.104.36
  • 92.123.104.45
  • 92.123.104.63
  • 92.123.104.4
  • 92.123.104.5
  • 92.123.104.58
  • 92.123.104.62
  • 92.123.104.65
  • 92.123.104.67
  • 92.123.104.66
  • 92.123.104.59
  • 92.123.104.28
  • 92.123.104.24
  • 92.123.104.21
  • 92.123.104.27
  • 92.123.104.7
  • 92.123.104.61
  • 92.123.104.51
  • 92.123.104.42
  • 92.123.104.47
  • 92.123.104.32
  • 92.123.104.35
  • 92.123.104.33
  • 92.123.104.34
  • 92.123.104.30
  • 2.23.209.173
  • 2.23.209.175
  • 2.23.209.181
  • 2.23.209.179
  • 2.23.209.182
  • 2.23.209.171
  • 2.23.209.183
  • 2.23.209.189
  • 2.23.209.185
whitelisted
login.live.com
  • 40.126.32.140
  • 40.126.32.72
  • 40.126.32.138
  • 20.190.160.20
  • 20.190.160.14
  • 20.190.160.22
  • 40.126.32.68
  • 40.126.32.76
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 23.213.166.81
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
simple_tab_groups-5.2.xpi