File name:

PBLauncher.exe

Full analysis: https://app.any.run/tasks/e4169705-86a6-4310-ab18-c75191502dac
Verdict: Malicious activity
Analysis date: January 25, 2019, 01:07:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
installer
phishing
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

9A34322A527E71E410A1F217A8305F8A

SHA1:

79C64FED04790CA07237A19BF6A20573C1FA7ACA

SHA256:

F302C39AC23C80F15799C53E3FB0263A0AC99771AF11EB104AC4013816A93A5D

SSDEEP:

196608:rwT2ibWTPr7wohrJyZ+FcQ/jR43alWGRPVcE6:/TPwFZ+auFWuM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes settings of System certificates

      • PBLauncher.exe (PID: 3144)

    • Application was dropped or rewritten from another process

      • PBLauncher.exe (PID: 3144)
      • UpdaterModifier.exe (PID: 3432)

  • SUSPICIOUS

    • Connects to unusual port

      • PBLauncher.exe (PID: 2784)
      • PBLauncher.exe (PID: 3144)

    • Executable content was dropped or overwritten

      • PBLauncher.exe (PID: 2784)
      • UpdaterModifier.exe (PID: 3432)

    • Reads internet explorer settings

      • PBLauncher.exe (PID: 3144)

    • Adds / modifies Windows certificates

      • PBLauncher.exe (PID: 3144)

  • INFO

    • Reads CPU info

      • firefox.exe (PID: 2376)
      • firefox.exe (PID: 2788)
      • firefox.exe (PID: 2532)
      • firefox.exe (PID: 3884)

    • Reads settings of System Certificates

      • pingsender.exe (PID: 2904)

    • Application launched itself

      • firefox.exe (PID: 2532)

    • Creates files in the user directory

      • firefox.exe (PID: 2532)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (27.1)
.exe | Win32 EXE PECompact compressed (generic) (26.2)
.exe | Win32 Executable MS Visual C++ (generic) (19.6)
.exe | Win64 Executable (generic) (17.4)
.dll | Win32 Dynamic Link Library (generic) (4.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:01:09 11:09:14+01:00
PEType: PE32
LinkerVersion: 9
CodeSize: 467968
InitializedDataSize: 11105280
UninitializedDataSize: -
EntryPoint: 0x53313
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.1.1103.2401
ProductVersionNumber: 1.1.1103.2401
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Korean
CharacterSet: Windows, Korea (Shift - KSC 5601)
CompanyName: Zepetto Co.
FileDescription: PBLauncher
FileVersion: 1.1.0.0
InternalName: PBLauncher.exe
LegalCopyright: (c) Zepetto. All rights reserved.
OriginalFileName: PBLauncher.exe
ProductName: PBLauncher
ProductVersion: 1.1.0.0

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 09-Jan-2019 10:09:14
Detected languages:
  • English - United States
  • Korean - Korea
Debug artifacts:
  • D:\00_Code\Launcher\Launcher\PBLauncher_VS2015\FileSyncSystem\Updater\Release TRMN\PBLauncher.pdb
CompanyName: Zepetto Co.
FileDescription: PBLauncher
FileVersion: 1.1.0.0
InternalName: PBLauncher.exe
LegalCopyright: (c) Zepetto. All rights reserved.
OriginalFilename: PBLauncher.exe
ProductName: PBLauncher
ProductVersion: 1.1.0.0

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000F8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 4
Time date stamp: 09-Jan-2019 10:09:14
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00072219
0x00072400
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.5883
.rdata
0x00074000
0x000190D6
0x00019200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.95609
.data
0x0008E000
0x000092FC
0x00004A00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.34162
.rsrc
0x00098000
0x00A7976C
0x00A79800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
7.51469

Resources

Title
Entropy
Size
Codepage
Language
Type
1
4.77792
357
Latin 1 / Western European
English - United States
RT_MANIFEST
2
4.75807
67624
Latin 1 / Western European
Korean - Korea
RT_ICON
3
4.93785
16936
Latin 1 / Western European
Korean - Korea
RT_ICON
4
5.18659
9640
Latin 1 / Western European
Korean - Korea
RT_ICON
5
5.31557
4264
Latin 1 / Western European
Korean - Korea
RT_ICON
6
5.80596
1128
Latin 1 / Western European
Korean - Korea
RT_ICON
7
3.02695
308
Latin 1 / Western European
Korean - Korea
RT_CURSOR
8
2.74274
180
Latin 1 / Western European
Korean - Korea
RT_CURSOR
9
2.34038
308
Latin 1 / Western European
Korean - Korea
RT_CURSOR
10
2.90266
214
Latin 1 / Western European
Korean - Korea
RT_STRING

Imports

ADVAPI32.dll
COMDLG32.dll
GDI32.dll
IPHLPAPI.DLL
KERNEL32.dll
MSIMG32.dll
OLEACC.dll
OLEAUT32.dll
SHELL32.dll
SHLWAPI.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
9
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
drop and start start drop and start pblauncher.exe updatermodifier.exe pblauncher.exe firefox.exe firefox.exe firefox.exe firefox.exe pingsender.exe pblauncher.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2376"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.6.1834804548\126796004" -childID 2 -isForBrowser -prefsHandle 2484 -prefsLen 11442 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 2396 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
61.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2532"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
61.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2784"C:\Users\admin\AppData\Local\Temp\PBLauncher.exe" C:\Users\admin\AppData\Local\Temp\PBLauncher.exe
explorer.exe
User:
admin
Company:
Zepetto Co.
Integrity Level:
HIGH
Description:
PBLauncher
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\pblauncher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2788"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.0.6230518\739984117" -childID 1 -isForBrowser -prefsHandle 1376 -prefsLen 8309 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 1336 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
61.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2904"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/3ae06d8f-536f-4875-89b2-7a1e8ff3b559/main/Firefox/61.0.2/release/20180807170231?v=4 C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\3ae06d8f-536f-4875-89b2-7a1e8ff3b559C:\Program Files\Mozilla Firefox\pingsender.exe
firefox.exe
User:
admin
Company:
Mozilla Foundation
Integrity Level:
MEDIUM
Exit code:
0
Version:
61.0.2
Modules
Images
c:\program files\mozilla firefox\pingsender.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
3144"PBLauncher.exe"C:\Users\admin\AppData\Local\Temp\PBLauncher.exe
UpdaterModifier.exe
User:
admin
Company:
Zepetto Co.
Integrity Level:
HIGH
Description:
PBLauncher
Exit code:
2
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\pblauncher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3344"C:\Users\admin\AppData\Local\Temp\PBLauncher.exe" C:\Users\admin\AppData\Local\Temp\PBLauncher.exeexplorer.exe
User:
admin
Company:
Zepetto Co.
Integrity Level:
MEDIUM
Description:
PBLauncher
Exit code:
3221226540
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\pblauncher.exe
c:\systemroot\system32\ntdll.dll
3432"C:\Users\admin\AppData\Local\Temp\UpdaterModifier.exe" PBLauncher.exe _LauncherPatchFiles/PBLauncher_20190123.exe C:\Users\admin\AppData\Local\Temp\UpdaterModifier.exe
PBLauncher.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\updatermodifier.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
3884"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2532.12.2067101789\752685861" -childID 3 -isForBrowser -prefsHandle 3016 -prefsLen 11808 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2532 "\\.\pipe\gecko-crash-server-pipe.2532" 3028 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
61.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
Total events
1 019
Read events
961
Write events
56
Delete events
2

Modification events

(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASAPI32
Operation:writeName:FileTracingMask
Value:
4294901760
(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
4294901760
(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASMANCS
Operation:writeName:FileTracingMask
Value:
4294901760
(PID) Process:(2784) PBLauncher.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PBLauncher_RASMANCS
Operation:writeName:ConsoleTracingMask
Value:
4294901760
Executable files
3
Suspicious files
65
Text files
77
Unknown types
31

Dropped files

PID
Process
Filename
Type
2784PBLauncher.exeC:\Users\admin\AppData\Local\Temp\_LauncherPatchFiles\Launcher_20190123.svl
MD5:
SHA256:
3144PBLauncher.exeC:\Users\admin\AppData\Local\Temp\_LauncherPatchFiles\config_20180412.zip
MD5:
SHA256:
3144PBLauncher.exeC:\Users\admin\AppData\Local\Temp\_LauncherPatchFiles\MessagesTR_20180312.zip
MD5:
SHA256:
3144PBLauncher.exeC:\Users\admin\AppData\Local\Temp\_LauncherPatchFiles\MessagesEN_20180312.zip
MD5:
SHA256:
3144PBLauncher.exeC:\Users\admin\AppData\Local\Temp\_LauncherPatchFiles\UI_20140116.zip
MD5:
SHA256:
3144PBLauncher.exeC:\Users\admin\AppData\Local\Temp\_LauncherPatchFiles\config_20180412.zpt
MD5:
SHA256:
3144PBLauncher.exeC:\Users\admin\AppData\Local\Temp\_LauncherPatchFiles\MessagesTR_20180312.xml
MD5:
SHA256:
3144PBLauncher.exeC:\Users\admin\AppData\Local\Temp\_LauncherPatchFiles\MessagesEN_20180312.xml
MD5:
SHA256:
3144PBLauncher.exeC:\Users\admin\AppData\Local\Temp\_LauncherPatchFiles\UI_20140116.xml
MD5:
SHA256:
2784PBLauncher.exeC:\Users\admin\AppData\Local\Temp\Launcher.svlbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
20
DNS requests
49
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2784
PBLauncher.exe
GET
200
2.16.186.49:80
http://nfcdn.zepetto.com/PointBlank/TR/Live/_LauncherPatchFiles/MessagesTR_20180312.zip
unknown
compressed
1.92 Kb
whitelisted
2784
PBLauncher.exe
GET
200
2.16.186.49:80
http://nfcdn.zepetto.com/PointBlank/TR/Live/_LauncherPatchFiles/UI_20140116.zip
unknown
compressed
494 b
whitelisted
3144
PBLauncher.exe
GET
200
2.16.186.49:80
http://nfcdn.zepetto.com/PointBlank/TR/Live/_LauncherPatchFiles/MessagesTR_20180312.zip
unknown
compressed
1.92 Kb
whitelisted
3144
PBLauncher.exe
GET
200
2.16.186.49:80
http://nfcdn.zepetto.com/PointBlank/TR/Live/_LauncherPatchFiles/config_20180412.zip
unknown
compressed
418 b
whitelisted
3144
PBLauncher.exe
GET
200
85.111.16.247:80
http://image.nfinitygames.com/pbtr/v3launchertr/Content/HomePage/images/ico-star-anim.gif
TR
image
62.9 Kb
suspicious
2784
PBLauncher.exe
GET
200
2.16.186.49:80
http://nfcdn.zepetto.com/PointBlank/TR/Live/_LauncherPatchFiles/MessagesEN_20180312.zip
unknown
compressed
1.84 Kb
whitelisted
3144
PBLauncher.exe
GET
200
85.111.16.247:80
http://image.nfinitygames.com/pbtr/v3launchertr/Content/HomePage/images/ico-user.png
TR
image
412 b
suspicious
3144
PBLauncher.exe
GET
200
85.111.16.247:80
http://image.nfinitygames.com/pbtr/v3launchertr/Content/HomePage/css/Launcher/launcher.css
TR
text
1009 b
suspicious
3144
PBLauncher.exe
GET
200
85.111.16.247:80
http://image.nfinitygames.com/pbtr/v3launchertr/Content/HomePage/css/main.css
TR
text
2.27 Kb
suspicious
3144
PBLauncher.exe
GET
200
85.111.16.247:80
http://image.nfinitygames.com/pbtr/v3launchertr/Content/HomePage/images/ico-tg.png
TR
image
628 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2784
PBLauncher.exe
2.16.186.49:80
nfcdn.zepetto.com
Akamai International B.V.
whitelisted
2784
PBLauncher.exe
85.111.16.3:49100
Turk Telekom
TR
unknown
3144
PBLauncher.exe
2.16.186.49:80
nfcdn.zepetto.com
Akamai International B.V.
whitelisted
3144
PBLauncher.exe
85.111.16.247:80
image.nfinitygames.com
Turk Telekom
TR
suspicious
3144
PBLauncher.exe
85.111.16.3:49100
Turk Telekom
TR
unknown
2532
firefox.exe
2.16.186.112:80
detectportal.firefox.com
Akamai International B.V.
whitelisted
2532
firefox.exe
34.216.89.123:443
search.services.mozilla.com
Amazon.com, Inc.
US
unknown
3144
PBLauncher.exe
104.19.197.151:443
cdnjs.cloudflare.com
Cloudflare Inc
US
shared
2532
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2532
firefox.exe
52.25.70.97:443
tiles.services.mozilla.com
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
nfcdn.zepetto.com
  • 2.16.186.49
  • 2.16.186.113
whitelisted
image.nfinitygames.com
  • 85.111.16.247
unknown
cdnjs.cloudflare.com
  • 104.19.197.151
  • 104.19.198.151
  • 104.19.199.151
  • 104.19.195.151
  • 104.19.196.151
whitelisted
detectportal.firefox.com
  • 2.16.186.112
  • 2.16.186.50
whitelisted
a1089.dscd.akamai.net
  • 2.16.186.50
  • 2.16.186.112
whitelisted
search.services.mozilla.com
  • 34.216.89.123
  • 52.27.184.151
  • 52.89.32.107
whitelisted
search.r53-2.services.mozilla.com
  • 52.89.32.107
  • 52.27.184.151
  • 34.216.89.123
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
cs9.wac.phicdn.net
  • 93.184.220.29
whitelisted
tiles.services.mozilla.com
  • 52.25.70.97
  • 52.43.40.243
  • 52.34.107.172
  • 52.41.78.152
  • 52.41.60.30
  • 52.39.131.77
  • 52.26.103.165
  • 54.187.46.234
whitelisted

Threats

PID
Process
Class
Message
3144
PBLauncher.exe
A Network Trojan was detected
ET INFO Possible Phish - Mirrored Website Comment Observed
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PBLauncher.exe