URL:

http://www.ipts.com/

Full analysis: https://app.any.run/tasks/7c80265c-77aa-426b-b1a8-8eef9912e827
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 01, 2025, 11:32:14
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
phishing
Indicators:
MD5:

0E72A6EA889827BFA1E618E6B46AE8FD

SHA1:

DF9A6D6D6DB1EB6581A57E3598DCA830110093E4

SHA256:

EF87EDB74ACAFBFF0B327D864081CC7EC133497FA174A957AC53453EA58FF7C9

SSDEEP:

3:N1KJS4rLdIKn:Cc4rLd3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • ipts.exe (PID: 8000)

    • PHISHING has been detected (SURICATA)

      • svchost.exe (PID: 2196)

  • SUSPICIOUS

    • Drops 7-zip archiver for unpacking

      • WinRAR.exe (PID: 6824)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 6824)

    • Application launched itself

      • ipts.exe (PID: 8136)
      • ipts.exe (PID: 8000)

    • Process requests binary or script from the Internet

      • ipts.exe (PID: 4996)
      • ipts.exe (PID: 5736)

    • Process communicates with Telegram (possibly using it as an attacker's C2 server)

      • ipts.exe (PID: 5736)

    • There is functionality for taking screenshot (YARA)

      • ipts.exe (PID: 8000)
      • ipts.exe (PID: 8092)

    • Reads security settings of Internet Explorer

      • ipts.exe (PID: 8136)

    • Block-list domains

      • ipts.exe (PID: 5736)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 6740)
      • firefox.exe (PID: 7812)

    • Launch of the file from Downloads directory

      • firefox.exe (PID: 6740)

    • Manual execution by a user

      • WinRAR.exe (PID: 6824)
      • ipts.exe (PID: 8000)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 6824)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6824)

    • Checks supported languages

      • ipts.exe (PID: 8000)
      • ipts.exe (PID: 4996)
      • ipts.exe (PID: 3828)
      • ipts.exe (PID: 4336)
      • ipts.exe (PID: 8136)
      • ipts.exe (PID: 7544)
      • ipts.exe (PID: 5056)
      • ipts.exe (PID: 4728)
      • ipts.exe (PID: 776)
      • ipts.exe (PID: 8092)
      • ipts.exe (PID: 5736)
      • ipts.exe (PID: 7444)
      • ipts.exe (PID: 3140)
      • ipts.exe (PID: 7908)
      • ipts.exe (PID: 5776)
      • ipts.exe (PID: 5548)
      • ipts.exe (PID: 7804)
      • ipts.exe (PID: 7388)
      • ipts.exe (PID: 7484)
      • ipts.exe (PID: 7184)
      • ipts.exe (PID: 7560)
      • ipts.exe (PID: 760)
      • ipts.exe (PID: 4784)
      • ipts.exe (PID: 5216)
      • ipts.exe (PID: 2108)
      • ipts.exe (PID: 6644)
      • ipts.exe (PID: 8080)
      • ipts.exe (PID: 5072)
      • ipts.exe (PID: 7744)
      • ipts.exe (PID: 8024)
      • ipts.exe (PID: 2340)
      • ipts.exe (PID: 6800)
      • ipts.exe (PID: 7500)
      • ipts.exe (PID: 7580)
      • ipts.exe (PID: 7820)
      • ipts.exe (PID: 2780)
      • ipts.exe (PID: 3332)
      • ipts.exe (PID: 2652)

    • Process checks computer location settings

      • ipts.exe (PID: 8000)
      • ipts.exe (PID: 4336)
      • ipts.exe (PID: 7544)
      • ipts.exe (PID: 8136)
      • ipts.exe (PID: 4728)
      • ipts.exe (PID: 5056)
      • ipts.exe (PID: 776)
      • ipts.exe (PID: 7184)
      • ipts.exe (PID: 7908)
      • ipts.exe (PID: 5776)
      • ipts.exe (PID: 3140)
      • ipts.exe (PID: 5548)
      • ipts.exe (PID: 7804)
      • ipts.exe (PID: 7484)
      • ipts.exe (PID: 760)
      • ipts.exe (PID: 4784)
      • ipts.exe (PID: 2108)
      • ipts.exe (PID: 2780)
      • ipts.exe (PID: 7560)
      • ipts.exe (PID: 6644)
      • ipts.exe (PID: 8080)
      • ipts.exe (PID: 8024)
      • ipts.exe (PID: 7744)
      • ipts.exe (PID: 2340)
      • ipts.exe (PID: 6800)
      • ipts.exe (PID: 7580)
      • ipts.exe (PID: 5072)
      • ipts.exe (PID: 3332)
      • ipts.exe (PID: 7820)
      • ipts.exe (PID: 2652)

    • Reads the computer name

      • ipts.exe (PID: 8136)
      • ipts.exe (PID: 8000)
      • ipts.exe (PID: 4996)
      • ipts.exe (PID: 5736)
      • ipts.exe (PID: 8092)
      • ipts.exe (PID: 7388)
      • ipts.exe (PID: 5216)
      • ipts.exe (PID: 7500)

    • Launch of the file from Registry key

      • ipts.exe (PID: 8000)

    • Reads CPU info

      • ipts.exe (PID: 8000)

    • Reads the machine GUID from the registry

      • ipts.exe (PID: 8000)
      • ipts.exe (PID: 8136)
      • ipts.exe (PID: 7500)

    • Create files in a temporary directory

      • ipts.exe (PID: 8136)
      • ipts.exe (PID: 4996)
      • ipts.exe (PID: 8000)

    • Reads the software policy settings

      • slui.exe (PID: 7012)
      • slui.exe (PID: 7376)

    • Checks proxy server information

      • slui.exe (PID: 7376)

    • Creates files or folders in the user directory

      • ipts.exe (PID: 7500)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
194
Monitored processes
68
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs sppextcomobj.exe no specs firefox.exe no specs firefox.exe no specs slui.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs winrar.exe ipts.exe ipts.exe no specs ipts.exe ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe ipts.exe no specs #PHISHING svchost.exe ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs slui.exe ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs ipts.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Users\admin\Desktop\ipts.exe" --type=renderer --ub-type=urltask --image-replacement --disable-databases --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2992 --field-trial-handle=1560,i,15285572966555549200,8480376650128010593,131072 /prefetch:1C:\Users\admin\Desktop\ipts.exeipts.exe
User:
admin
Company:
Spiritsoft(www.ipts.com)
Integrity Level:
LOW
Description:
Traffic Spirit(http://www.ipts.com)
Exit code:
0
Version:
2023.12.28.45
Modules
Images
c:\users\admin\desktop\ipts.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
760"C:\Users\admin\Desktop\ipts.exe" --type=renderer --ub-type=urltask --image-replacement --disable-databases --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4304 --field-trial-handle=1560,i,15285572966555549200,8480376650128010593,131072 /prefetch:1C:\Users\admin\Desktop\ipts.exeipts.exe
User:
admin
Company:
Spiritsoft(www.ipts.com)
Integrity Level:
LOW
Description:
Traffic Spirit(http://www.ipts.com)
Exit code:
0
Version:
2023.12.28.45
Modules
Images
c:\users\admin\desktop\ipts.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
776"C:\Users\admin\Desktop\ipts.exe" --type=renderer --ub-type=urltask --image-replacement --disable-databases --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3272 --field-trial-handle=1560,i,15285572966555549200,8480376650128010593,131072 /prefetch:1C:\Users\admin\Desktop\ipts.exeipts.exe
User:
admin
Company:
Spiritsoft(www.ipts.com)
Integrity Level:
LOW
Description:
Traffic Spirit(http://www.ipts.com)
Exit code:
0
Version:
2023.12.28.45
Modules
Images
c:\users\admin\desktop\ipts.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
832"C:\Users\admin\Desktop\ipts.exe" --type=renderer --ub-type=urltask --image-replacement --disable-databases --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4776 --field-trial-handle=1560,i,15285572966555549200,8480376650128010593,131072 /prefetch:1C:\Users\admin\Desktop\ipts.exeipts.exe
User:
admin
Company:
Spiritsoft(www.ipts.com)
Integrity Level:
LOW
Description:
Traffic Spirit(http://www.ipts.com)
Version:
2023.12.28.45
Modules
Images
c:\users\admin\desktop\ipts.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
1180"C:\Users\admin\Desktop\ipts.exe" --type=renderer --ub-type=urltask --image-replacement --disable-databases --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5004 --field-trial-handle=1560,i,15285572966555549200,8480376650128010593,131072 /prefetch:1C:\Users\admin\Desktop\ipts.exeipts.exe
User:
admin
Company:
Spiritsoft(www.ipts.com)
Integrity Level:
LOW
Description:
Traffic Spirit(http://www.ipts.com)
Exit code:
0
Version:
2023.12.28.45
Modules
Images
c:\users\admin\desktop\ipts.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
1240"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4276 -childID 2 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 36588 -prefMapSize 244583 -jsInitHandle 1268 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7622d3f9-b1a5-42ff-837d-5eac6e340329} 6740 "\\.\pipe\gecko-crash-server-pipe.6740" 2261c1dd850 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1276"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2168 -parentBuildID 20240213221259 -prefsHandle 2160 -prefMapHandle 2148 -prefsLen 31031 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28a9cf6b-b874-4135-a701-9818378931d6} 6740 "\\.\pipe\gecko-crash-server-pipe.6740" 22606f80f10 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2108"C:\Users\admin\Desktop\ipts.exe" --type=renderer --ub-type=urltask --image-replacement --disable-databases --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3152 --field-trial-handle=1560,i,15285572966555549200,8480376650128010593,131072 /prefetch:1C:\Users\admin\Desktop\ipts.exeipts.exe
User:
admin
Company:
Spiritsoft(www.ipts.com)
Integrity Level:
LOW
Description:
Traffic Spirit(http://www.ipts.com)
Exit code:
0
Version:
2023.12.28.45
Modules
Images
c:\users\admin\desktop\ipts.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2340"C:\Users\admin\Desktop\ipts.exe" --type=renderer --ub-type=urltask --image-replacement --disable-databases --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4776 --field-trial-handle=1560,i,15285572966555549200,8480376650128010593,131072 /prefetch:1C:\Users\admin\Desktop\ipts.exeipts.exe
User:
admin
Company:
Spiritsoft(www.ipts.com)
Integrity Level:
LOW
Description:
Traffic Spirit(http://www.ipts.com)
Exit code:
0
Version:
2023.12.28.45
Modules
Images
c:\users\admin\desktop\ipts.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\gdi32.dll
Total events
20 204
Read events
20 181
Write events
23
Delete events
0

Modification events

(PID) Process:(6740) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\ipts.7z
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
8
Suspicious files
218
Text files
27
Unknown types
0

Dropped files

PID
Process
Filename
Type
6740firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
6740firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6740firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
6740firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6740firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6740firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6740firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6740firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:C09FF302D57C404B61E6A89B0B9F36E7
SHA256:6A5B4F82595799346D0E501FE6CC8629E0FD6ED27B74D0E6CB5073DDB2E3C40B
6740firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6740firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:1C6DFEA85D923F5F91614EB52C226274
SHA256:7FE6109C3CB64DD9A64410DB1AA3BE491EA21F43EF88A52CE6F695C20DAB793D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
477
TCP/UDP connections
1 153
DNS requests
651
Threats
74

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6740
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6740
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6740
firefox.exe
GET
200
47.88.10.215:80
http://www.ipts.com/
unknown
unknown
6740
firefox.exe
POST
200
142.250.181.227:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
6740
firefox.exe
POST
200
142.250.181.227:80
http://o.pki.goog/we2
unknown
whitelisted
6740
firefox.exe
POST
200
2.22.242.121:80
http://r11.o.lencr.org/
unknown
whitelisted
6740
firefox.exe
POST
200
2.22.242.121:80
http://r11.o.lencr.org/
unknown
whitelisted
6740
firefox.exe
POST
200
2.22.242.225:80
http://r10.o.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7868
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
6740
firefox.exe
47.88.10.215:80
www.ipts.com
Alibaba US Technology Co., Ltd.
US
suspicious
6740
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
6740
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
6740
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 23.219.150.101
whitelisted
google.com
  • 142.250.185.238
whitelisted
www.ipts.com
  • 47.88.10.215
unknown
detectportal.firefox.com
  • 34.107.221.82
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted
mc.prod.ads.prod.webservices.mozgcp.net
  • 47.246.146.201
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
2196
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2196
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2196
svchost.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
5736
ipts.exe
Misc activity
ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.ipts.com/