URL:

https://deltaexploits.net/

Full analysis: https://app.any.run/tasks/e50b3fb7-3a09-426a-a6a3-b0d3fd19e564
Verdict: Malicious activity
Analysis date: November 09, 2023, 22:19:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

0DB9C0EF5D3B797E817AA92A32F4CFE73F77880A

SHA256:

B7A81B44E9CAC8104B015C23338659BE50A8A7F4CC884DF92F2B926073B5E0C8

SSDEEP:

3:N8YLjKM+oK:2YfXPK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • OperaGX.exe (PID: 2144)

    • Actions looks like stealing of personal data

      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)

  • SUSPICIOUS

    • Reads the Internet Settings

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • setup56845301.exe (PID: 2976)
      • OfferInstaller.exe (PID: 2028)
      • saBSI.exe (PID: 4084)
      • Delta.exe (PID: 3104)

    • Reads settings of System Certificates

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)
      • saBSI.exe (PID: 4084)

    • Reads security settings of Internet Explorer

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • saBSI.exe (PID: 4084)

    • Checks Windows Trust Settings

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • saBSI.exe (PID: 4084)

    • Process drops legitimate windows executable

      • setup56845301.exe (PID: 860)

    • The process drops C-runtime libraries

      • setup56845301.exe (PID: 860)

    • Reads the Windows owner or organization settings

      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)

    • Searches for installed software

      • setup56845301.exe (PID: 860)

    • Adds/modifies Windows certificates

      • firefox.exe (PID: 3440)
      • Delta V3.61 b_56845301.exe (PID: 2824)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 1208)

    • Starts CMD.EXE for commands execution

      • setup56845301.exe (PID: 860)

    • Get information on the list of running processes

      • cmd.exe (PID: 1208)

    • Start notepad (likely ransomware note)

      • Delta V3.61 b_56845301.exe (PID: 2824)

    • Executing commands from a ".bat" file

      • setup56845301.exe (PID: 860)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 3440)
      • firefox.exe (PID: 3384)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2788)
      • WinRAR.exe (PID: 908)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2788)
      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • setup56845301.exe (PID: 2976)
      • OfferInstaller.exe (PID: 2028)
      • saBSI.exe (PID: 4084)
      • OperaGX.exe (PID: 2144)
      • Delta.exe (PID: 3104)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2788)
      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • setup56845301.exe (PID: 2976)
      • OfferInstaller.exe (PID: 2028)
      • saBSI.exe (PID: 4084)
      • Delta.exe (PID: 3104)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 2788)
      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • setup56845301.exe (PID: 2976)
      • OfferInstaller.exe (PID: 2028)
      • saBSI.exe (PID: 4084)
      • Delta.exe (PID: 3104)

    • Checks proxy server information

      • Delta V3.61 b_56845301.exe (PID: 2824)

    • Drops the executable file immediately after the start

      • firefox.exe (PID: 3440)
      • WinRAR.exe (PID: 908)

    • The process uses the downloaded file

      • firefox.exe (PID: 3440)
      • WinRAR.exe (PID: 908)

    • Creates files or folders in the user directory

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)
      • OperaGX.exe (PID: 2144)

    • Create files in a temporary directory

      • setup56845301.exe (PID: 860)
      • Delta V3.61 b_56845301.exe (PID: 2824)
      • OfferInstaller.exe (PID: 2028)
      • setup56845301.exe (PID: 2976)
      • OperaGX.exe (PID: 2144)

    • Reads product name

      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)

    • Reads Environment values

      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)

    • Creates files in the program directory

      • saBSI.exe (PID: 4084)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
87
Monitored processes
43
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs wmpnscfg.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs delta v3.61 b_56845301.exe no specs delta v3.61 b_56845301.exe setup56845301.exe setup56845301.exe no specs offerinstaller.exe cmd.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs notepad.exe no specs sabsi.exe operagx.exe no specs winrar.exe no specs delta.exe

Process information

PID
CMD
Path
Indicators
Parent process
328"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.21.1248302356\2053721234" -parentBuildID 20230710165010 -prefsHandle 8028 -prefMapHandle 8072 -prefsLen 36709 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57bd68ea-3f37-4dde-bbdb-d6c1fd2fa916} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 7424 266fc4a0 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
368"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.8.884406070\1127313635" -childID 7 -isForBrowser -prefsHandle 3872 -prefMapHandle 3860 -prefsLen 29366 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdd04ddc-3fe8-4b92-9844-730debdba071} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3836 11063b20 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
552"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.9.718528948\1671023" -childID 8 -isForBrowser -prefsHandle 4260 -prefMapHandle 3900 -prefsLen 31122 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {057e8c2b-722d-4437-9a92-340d9f544efa} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3896 1ec26f70 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
600"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.4.1118286297\364994268" -childID 3 -isForBrowser -prefsHandle 3748 -prefMapHandle 3752 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3102558-0da7-4de9-8a47-6857de6d66ec} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3768 11063b20 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
788"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.6.1604879352\1793879515" -childID 5 -isForBrowser -prefsHandle 3820 -prefMapHandle 3892 -prefsLen 34336 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e613813-96db-46c6-84ea-4681ba10b3ac} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 4132 20b36b20 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
860C:\Users\admin\AppData\Local\setup56845301.exe hhwnd=459158 hreturntoinstaller hextras=id:d1f26bd5f9aa134-DE-KA1rzC:\Users\admin\AppData\Local\setup56845301.exe
Delta V3.61 b_56845301.exe
User:
admin
Company:
DT001
Integrity Level:
HIGH
Description:
Software Installation
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\setup56845301.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
908"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\Delta V3.61.zip"C:\program files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1032"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.5.1593157347\682773603" -childID 4 -isForBrowser -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {baa10832-0b57-459b-a593-69e520e8d4e7} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3900 20b36110 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1208C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\H2OCleanup.bat""C:\Windows\System32\cmd.exesetup56845301.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1344"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.19.396879320\1681284274" -childID 18 -isForBrowser -prefsHandle 7608 -prefMapHandle 7620 -prefsLen 31324 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92e840c6-a6cf-4391-a005-fc43eb9b1186} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 7632 2330fe00 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
Total events
59 798
Read events
59 549
Write events
246
Delete events
3

Modification events

(PID) Process:(3384) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
2166C0A101000000
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
044CC1A101000000
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Theme
Value:
1
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Enabled
Value:
1
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
Value:
0
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|SetDefaultBrowserUserChoice
Value:
1
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|AppLastRunTime
Value:
D14E5F3C23B0D901
Executable files
33
Suspicious files
284
Text files
70
Unknown types
0

Dropped files

PID
Process
Filename
Type
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.jstext
MD5:60E0DE9E05EC76C749D80F0D15A81B21
SHA256:08252FA62CCCCD316474E20CC7317A6B5C932B2C972234318E8CCDA39EC2EF48
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbbinary
MD5:CA4789911F929CD87174C7889FF964BC
SHA256:E56CC1075817109BEB52E066AEFFEA69616B0508CF7D9CCCA9E66714DEED99DC
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.jstext
MD5:60E0DE9E05EC76C749D80F0D15A81B21
SHA256:08252FA62CCCCD316474E20CC7317A6B5C932B2C972234318E8CCDA39EC2EF48
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
59
TCP/UDP connections
232
DNS requests
379
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3440
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
text
90 b
3440
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
binary
471 b
3440
firefox.exe
POST
200
184.24.77.52:80
http://r3.o.lencr.org/
unknown
binary
503 b
3440
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
text
8 b
3440
firefox.exe
POST
200
184.24.77.52:80
http://r3.o.lencr.org/
unknown
binary
503 b
3440
firefox.exe
POST
200
18.173.227.201:80
http://ocsp.r2m02.amazontrust.com/
unknown
binary
471 b
3440
firefox.exe
POST
200
184.24.77.52:80
http://r3.o.lencr.org/
unknown
binary
503 b
3440
firefox.exe
POST
200
184.24.77.52:80
http://r3.o.lencr.org/
unknown
binary
503 b
3440
firefox.exe
POST
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
3440
firefox.exe
POST
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3
unknown
binary
471 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
unknown
3440
firefox.exe
172.67.211.218:443
deltaexploits.net
unknown
3440
firefox.exe
18.173.227.201:80
ocsp.r2m02.amazontrust.com
US
unknown
3440
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
unknown
3440
firefox.exe
172.217.16.202:443
safebrowsing.googleapis.com
GOOGLE
US
unknown
3440
firefox.exe
34.117.237.239:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
3440
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
unknown
3440
firefox.exe
34.205.223.217:443
spocs.getpocket.com
AMAZON-AES
US
unknown

DNS requests

Domain
IP
Reputation
deltaexploits.net
  • 172.67.211.218
  • 104.21.67.36
  • 2606:4700:3036::6815:4324
  • 2606:4700:3034::ac43:d3da
unknown
detectportal.firefox.com
  • 34.107.221.82
unknown
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
unknown
contile.services.mozilla.com
  • 34.117.237.239
unknown
example.org
  • 93.184.216.34
unknown
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
unknown
spocs.getpocket.com
  • 34.205.223.217
  • 3.214.21.201
  • 34.233.246.195
  • 18.235.78.81
unknown
proxyserverecs-1736642167.us-east-1.elb.amazonaws.com
  • 18.235.78.81
  • 3.214.21.201
  • 34.233.246.195
  • 34.205.223.217
unknown
firefox.settings.services.mozilla.com
  • 34.149.100.209
unknown
r3.o.lencr.org
  • 184.24.77.52
  • 184.24.77.83
  • 184.24.77.81
  • 184.24.77.65
  • 184.24.77.82
  • 184.24.77.59
  • 184.24.77.53
  • 95.101.54.217
  • 95.101.54.202
  • 2.16.202.114
  • 95.101.54.208
  • 95.101.54.144
  • 95.101.54.128
  • 2.16.202.113
  • 95.101.54.216
  • 95.101.54.210
  • 2.16.202.128
  • 95.101.54.130
  • 95.101.54.121
  • 95.101.54.114
  • 95.101.54.123
  • 23.55.161.176
  • 23.55.161.186
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
7 ETPRO signatures available at the full report
Process
Message
setup56845301.exe
Error: File not found - sciterwrapper:console.tis
setup56845301.exe
setup56845301.exe
at sciter:init-script.tis
setup56845301.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
setup56845301.exe
setup56845301.exe
at sciter:init-script.tis
setup56845301.exe
Error: File not found - sciterwrapper:console.tis
setup56845301.exe
setup56845301.exe
setup56845301.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://deltaexploits.net/