{ "id": "62c7a168-175b-4dca-9bdd-8f12d8abdd70", "created_at": "2026-04-06T00:07:12.410552Z", "updated_at": "2026-04-10T03:21:07.492018Z", "deleted_at": null, "sha1_hash": "58d0c992097aa6114e62bddaddc46971c76b5115", "title": "Analysis http://getapp.normandoh.com/up/dl/1514720375122642/pupdate.exe Malicious activity - Interactive analysis ANY.RUN", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 90933, "plain_text": "Analysis\r\nhttp://getapp.normandoh.com/up/dl/1514720375122642/pupdate.exe\r\nMalicious activity - Interactive analysis ANY.RUN\r\nArchived: 2026-04-05 12:46:45 UTC\r\nMove your mouse to view screenshots\r\nTimeshift\r\nHeaders\r\nRep\r\nPID\r\nProcess name\r\nCN\r\nhttps://app.any.run/tasks/ea024149-8e83-41c0-b0ed-32ec38dea4a6/\r\nPage 1 of 3\n\nURL\r\nŠ”ontent\r\nhttp://getapp.normandoh.com/up/dl/1514720375122642/pupdate.exe\r\nStart:\r\n19.07.2019, 21:20\r\nTotal time:\r\n58 s\r\nLost connection with guest OS while task running\r\n3868\r\nfirefox.exe\r\n\"http://getapp.normandoh.com/up/dl/1514720375122642/pupdate.exe\"\r\n2616\r\nfirefox.exe\r\n-contentproc --channel=\"3868.0.1919910712\\3527278\" -parentBuildID 20190619235627 -greomni \"C:\\Program\r\nFiles\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir\r\n\"C:\\Program Files\\Mozilla Firefox\\browser\" - 3868 \"\\\\.\\pipe\\gecko-crash-server-pipe.3868\" 1168 gpu\r\n4000\r\nfirefox.exe\r\n-contentproc --channel=\"3868.3.1233738814\\1074657126\" -childID 1 -isForBrowser -prefsHandle 1640 -\r\nprefMapHandle 1636 -prefsLen 1 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni \"C:\\Program\r\nFiles\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir\r\n\"C:\\Program Files\\Mozilla Firefox\\browser\" - 3868 \"\\\\.\\pipe\\gecko-crash-server-pipe.3868\" 1320 tab\r\n3504\r\nfirefox.exe\r\n-contentproc --channel=\"3868.13.1673596704\\1166091922\" -childID 2 -isForBrowser -prefsHandle 2708 -\r\nprefMapHandle 2712 -prefsLen 5842 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni\r\n\"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -\r\nappdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3868 \"\\\\.\\pipe\\gecko-crash-server-pipe.3868\" 2716 tab\r\nhttps://app.any.run/tasks/ea024149-8e83-41c0-b0ed-32ec38dea4a6/\r\nPage 2 of 3\n\n3484\r\nfirefox.exe\r\n-contentproc --channel=\"3868.20.1447472350\\216281834\" -childID 3 -isForBrowser -prefsHandle 3624 -\r\nprefMapHandle 3628 -prefsLen 6604 -prefMapSize 188076 -parentBuildID 20190619235627 -greomni\r\n\"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -\r\nappdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3868 \"\\\\.\\pipe\\gecko-crash-server-pipe.3868\" 3720 tab\r\n3060\r\nschtasks.exe\r\n/create /SC DAILY /TN ZUpdater /TR \"\\\"C:\\Users\\admin\\AppData\\Roaming\\ZUpdater\\ZUpdater.exe\\\"\r\ndo://zupdater\r\n3728\r\npingsender.exe\r\nhttps://incoming.telemetry.mozilla.org/submit/telemetry/4a8d22c5-e560-429e-aa1a-6c71020553e4/event/Firefox/67.0.4/release/20190619235627?v=4\r\nC:\\Users\\admin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qldyz51w.default\\saved-telemetry-pings\\4a8d22c5-\r\ne560-429e-aa1a-6c71020553e4\r\n3344\r\npingsender.exe\r\nhttps://incoming.telemetry.mozilla.org/submit/telemetry/931f1892-26d7-4ed3-b578-\r\nfc43eda2e515/health/Firefox/67.0.4/release/20190619235627?v=4\r\nC:\\Users\\admin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qldyz51w.default\\saved-telemetry-pings\\931f1892-\r\n26d7-4ed3-b578-fc43eda2e515\r\n3700\r\npingsender.exe\r\nhttps://incoming.telemetry.mozilla.org/submit/telemetry/5402ddc0-4435-4423-baa8-\r\nfb54f6be43c6/main/Firefox/67.0.4/release/20190619235627?v=4\r\nC:\\Users\\admin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qldyz51w.default\\saved-telemetry-pings\\5402ddc0-\r\n4435-4423-baa8-fb54f6be43c6\r\nSource: https://app.any.run/tasks/ea024149-8e83-41c0-b0ed-32ec38dea4a6/\r\nhttps://app.any.run/tasks/ea024149-8e83-41c0-b0ed-32ec38dea4a6/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://app.any.run/tasks/ea024149-8e83-41c0-b0ed-32ec38dea4a6/" ], "report_names": [ "ea024149-8e83-41c0-b0ed-32ec38dea4a6" ], "threat_actors": [], "ts_created_at": 1775434032, "ts_updated_at": 1775791267, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/58d0c992097aa6114e62bddaddc46971c76b5115.pdf", "text": "https://archive.orkl.eu/58d0c992097aa6114e62bddaddc46971c76b5115.txt", "img": "https://archive.orkl.eu/58d0c992097aa6114e62bddaddc46971c76b5115.jpg" } }