URL:

https://deltaexploits.net/

Full analysis: https://app.any.run/tasks/e50b3fb7-3a09-426a-a6a3-b0d3fd19e564
Verdict: Malicious activity
Analysis date: November 09, 2023, 22:19:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

0DB9C0EF5D3B797E817AA92A32F4CFE73F77880A

SHA256:

B7A81B44E9CAC8104B015C23338659BE50A8A7F4CC884DF92F2B926073B5E0C8

SSDEEP:

3:N8YLjKM+oK:2YfXPK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • OperaGX.exe (PID: 2144)

    • Actions looks like stealing of personal data

      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)
      • saBSI.exe (PID: 4084)

    • Reads security settings of Internet Explorer

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • saBSI.exe (PID: 4084)

    • Reads the Internet Settings

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • setup56845301.exe (PID: 2976)
      • OfferInstaller.exe (PID: 2028)
      • saBSI.exe (PID: 4084)
      • Delta.exe (PID: 3104)

    • Checks Windows Trust Settings

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • saBSI.exe (PID: 4084)

    • Process drops legitimate windows executable

      • setup56845301.exe (PID: 860)

    • The process drops C-runtime libraries

      • setup56845301.exe (PID: 860)

    • Reads the Windows owner or organization settings

      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)

    • Searches for installed software

      • setup56845301.exe (PID: 860)

    • Adds/modifies Windows certificates

      • firefox.exe (PID: 3440)
      • Delta V3.61 b_56845301.exe (PID: 2824)

    • Executing commands from a ".bat" file

      • setup56845301.exe (PID: 860)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 1208)

    • Start notepad (likely ransomware note)

      • Delta V3.61 b_56845301.exe (PID: 2824)

    • Starts CMD.EXE for commands execution

      • setup56845301.exe (PID: 860)

    • Get information on the list of running processes

      • cmd.exe (PID: 1208)

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 2788)
      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • setup56845301.exe (PID: 2976)
      • OfferInstaller.exe (PID: 2028)
      • saBSI.exe (PID: 4084)
      • Delta.exe (PID: 3104)

    • Checks supported languages

      • wmpnscfg.exe (PID: 2788)
      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)
      • setup56845301.exe (PID: 2976)
      • saBSI.exe (PID: 4084)
      • OperaGX.exe (PID: 2144)
      • Delta.exe (PID: 3104)

    • Application launched itself

      • firefox.exe (PID: 3384)
      • firefox.exe (PID: 3440)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 2788)
      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • setup56845301.exe (PID: 2976)
      • OfferInstaller.exe (PID: 2028)
      • saBSI.exe (PID: 4084)
      • Delta.exe (PID: 3104)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2788)
      • WinRAR.exe (PID: 908)

    • Checks proxy server information

      • Delta V3.61 b_56845301.exe (PID: 2824)

    • Drops the executable file immediately after the start

      • firefox.exe (PID: 3440)
      • WinRAR.exe (PID: 908)

    • The process uses the downloaded file

      • firefox.exe (PID: 3440)
      • WinRAR.exe (PID: 908)

    • Creates files or folders in the user directory

      • Delta V3.61 b_56845301.exe (PID: 2824)
      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)
      • OperaGX.exe (PID: 2144)

    • Create files in a temporary directory

      • setup56845301.exe (PID: 860)
      • Delta V3.61 b_56845301.exe (PID: 2824)
      • OfferInstaller.exe (PID: 2028)
      • setup56845301.exe (PID: 2976)
      • OperaGX.exe (PID: 2144)

    • Reads Environment values

      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)

    • Reads product name

      • setup56845301.exe (PID: 860)
      • OfferInstaller.exe (PID: 2028)

    • Creates files in the program directory

      • saBSI.exe (PID: 4084)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
87
Monitored processes
43
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs wmpnscfg.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs delta v3.61 b_56845301.exe no specs delta v3.61 b_56845301.exe setup56845301.exe setup56845301.exe no specs offerinstaller.exe cmd.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs notepad.exe no specs sabsi.exe operagx.exe no specs winrar.exe no specs delta.exe

Process information

PID
CMD
Path
Indicators
Parent process
328"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.21.1248302356\2053721234" -parentBuildID 20230710165010 -prefsHandle 8028 -prefMapHandle 8072 -prefsLen 36709 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57bd68ea-3f37-4dde-bbdb-d6c1fd2fa916} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 7424 266fc4a0 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
368"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.8.884406070\1127313635" -childID 7 -isForBrowser -prefsHandle 3872 -prefMapHandle 3860 -prefsLen 29366 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdd04ddc-3fe8-4b92-9844-730debdba071} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3836 11063b20 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
552"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.9.718528948\1671023" -childID 8 -isForBrowser -prefsHandle 4260 -prefMapHandle 3900 -prefsLen 31122 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {057e8c2b-722d-4437-9a92-340d9f544efa} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3896 1ec26f70 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
600"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.4.1118286297\364994268" -childID 3 -isForBrowser -prefsHandle 3748 -prefMapHandle 3752 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3102558-0da7-4de9-8a47-6857de6d66ec} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3768 11063b20 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
788"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.6.1604879352\1793879515" -childID 5 -isForBrowser -prefsHandle 3820 -prefMapHandle 3892 -prefsLen 34336 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e613813-96db-46c6-84ea-4681ba10b3ac} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 4132 20b36b20 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
860C:\Users\admin\AppData\Local\setup56845301.exe hhwnd=459158 hreturntoinstaller hextras=id:d1f26bd5f9aa134-DE-KA1rzC:\Users\admin\AppData\Local\setup56845301.exe
Delta V3.61 b_56845301.exe
User:
admin
Company:
DT001
Integrity Level:
HIGH
Description:
Software Installation
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\setup56845301.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
908"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\Delta V3.61.zip"C:\program files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1032"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.5.1593157347\682773603" -childID 4 -isForBrowser -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {baa10832-0b57-459b-a593-69e520e8d4e7} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3900 20b36110 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1208C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\H2OCleanup.bat""C:\Windows\System32\cmd.exesetup56845301.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1344"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.19.396879320\1681284274" -childID 18 -isForBrowser -prefsHandle 7608 -prefMapHandle 7620 -prefsLen 31324 -prefMapSize 244195 -jsInitHandle 900 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92e840c6-a6cf-4391-a005-fc43eb9b1186} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 7632 2330fe00 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
Total events
59 798
Read events
59 549
Write events
246
Delete events
3

Modification events

(PID) Process:(3384) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
2166C0A101000000
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
044CC1A101000000
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Theme
Value:
1
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Enabled
Value:
1
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
Value:
0
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|SetDefaultBrowserUserChoice
Value:
1
(PID) Process:(3440) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|AppLastRunTime
Value:
D14E5F3C23B0D901
Executable files
33
Suspicious files
284
Text files
70
Unknown types
0

Dropped files

PID
Process
Filename
Type
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalbinary
MD5:9AA4D2F31EF63D9851DF754407678A78
SHA256:A8B4309F6B0192B9636028579620EC2FF7D0AAB66DC4AD2EC77236CF309E974E
3440firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.binbinary
MD5:B7A3C61D0C144CC5E166B1E769CA8F8C
SHA256:7FADCB77FFACA6B9E9F15C6F1CD3AAD4C20DCD90FA92429A627A3A7110CA2644
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.jstext
MD5:60E0DE9E05EC76C749D80F0D15A81B21
SHA256:08252FA62CCCCD316474E20CC7317A6B5C932B2C972234318E8CCDA39EC2EF48
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite-journalbinary
MD5:323EB7A584C3A62865869A15A27AC6F1
SHA256:B64240EE7DCF3CECEAF687DEDB7F341086B8B437E4EF79B62C916D8B6EF5BA32
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.jstext
MD5:60E0DE9E05EC76C749D80F0D15A81B21
SHA256:08252FA62CCCCD316474E20CC7317A6B5C932B2C972234318E8CCDA39EC2EF48
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
3440firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
59
TCP/UDP connections
232
DNS requests
379
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3440
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
text
8 b
unknown
3440
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
text
90 b
unknown
3440
firefox.exe
POST
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
unknown
3440
firefox.exe
POST
200
184.24.77.52:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
3440
firefox.exe
POST
200
184.24.77.52:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
3440
firefox.exe
POST
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
unknown
3440
firefox.exe
POST
200
184.24.77.52:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
3440
firefox.exe
POST
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3
unknown
binary
471 b
unknown
3440
firefox.exe
POST
200
184.24.77.52:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
3440
firefox.exe
POST
200
192.229.221.95:80
http://ocsp.digicert.com/
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
3440
firefox.exe
172.67.211.218:443
deltaexploits.net
unknown
3440
firefox.exe
18.173.227.201:80
ocsp.r2m02.amazontrust.com
US
unknown
3440
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3440
firefox.exe
172.217.16.202:443
safebrowsing.googleapis.com
GOOGLE
US
whitelisted
3440
firefox.exe
34.117.237.239:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
3440
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
unknown
3440
firefox.exe
34.205.223.217:443
spocs.getpocket.com
AMAZON-AES
US
unknown

DNS requests

Domain
IP
Reputation
deltaexploits.net
  • 172.67.211.218
  • 104.21.67.36
  • 2606:4700:3036::6815:4324
  • 2606:4700:3034::ac43:d3da
unknown
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.117.237.239
whitelisted
example.org
  • 93.184.216.34
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
spocs.getpocket.com
  • 34.205.223.217
  • 3.214.21.201
  • 34.233.246.195
  • 18.235.78.81
shared
proxyserverecs-1736642167.us-east-1.elb.amazonaws.com
  • 18.235.78.81
  • 3.214.21.201
  • 34.233.246.195
  • 34.205.223.217
shared
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted
r3.o.lencr.org
  • 184.24.77.52
  • 184.24.77.83
  • 184.24.77.81
  • 184.24.77.65
  • 184.24.77.82
  • 184.24.77.59
  • 184.24.77.53
  • 95.101.54.217
  • 95.101.54.202
  • 2.16.202.114
  • 95.101.54.208
  • 95.101.54.144
  • 95.101.54.128
  • 2.16.202.113
  • 95.101.54.216
  • 95.101.54.210
  • 2.16.202.128
  • 95.101.54.130
  • 95.101.54.121
  • 95.101.54.114
  • 95.101.54.123
  • 23.55.161.176
  • 23.55.161.186
shared

Threats

PID
Process
Class
Message
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
7 ETPRO signatures available at the full report
Process
Message
setup56845301.exe
Error: File not found - sciterwrapper:console.tis
setup56845301.exe
setup56845301.exe
at sciter:init-script.tis
setup56845301.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
setup56845301.exe
setup56845301.exe
at sciter:init-script.tis
setup56845301.exe
Error: File not found - sciterwrapper:console.tis
setup56845301.exe
setup56845301.exe
setup56845301.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://deltaexploits.net/