URL:

https://kinoger.com/

Full analysis: https://app.any.run/tasks/66535b31-d900-41e3-abfc-9db2658be70f
Verdict: Malicious activity
Analysis date: June 12, 2025, 15:07:21
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
arch-scr
Indicators:
MD5:

FBB6A7E76EB01CBD652940586C80739F

SHA1:

6FA1F3B5B2E05220C2F0B3D4052D89E901406B39

SHA256:

185A0D00D4D1CE35F52CC80E4C0C15412480678E6A98D19677D9B842ED136A50

SSDEEP:

3:N8JyR:2oR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • svchost.exe (PID: 2200)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • firefox.exe (PID: 1068)
      • firefox.exe (PID: 3488)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 1068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
182
Monitored processes
47
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs #PHISHING svchost.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6168 -prefsLen 39390 -prefMapHandle 7248 -prefMapSize 272997 -jsInitHandle 7464 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 4376 -initialChannelId {2f234820-7e72-48d8-aaa8-cfdd26a13338} -parentPid 1068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 40 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
424"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 1888 -prefsLen 36520 -prefMapHandle 1892 -prefMapSize 272997 -ipcHandle 1952 -initialChannelId {6cc4f259-d0eb-4d19-a034-95b031ad4d9c} -parentPid 1068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1068" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
1068"C:\Program Files\Mozilla Firefox\firefox.exe" https://kinoger.com/C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1488"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5016 -prefsLen 39390 -prefMapHandle 5500 -prefMapSize 272997 -jsInitHandle 7204 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 7248 -initialChannelId {e27f762e-a853-4f5b-9d1b-672eda35b589} -parentPid 1068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 38 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
1508"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4564 -prefsLen 39338 -prefMapHandle 5664 -prefMapSize 272997 -jsInitHandle 7156 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 6172 -initialChannelId {e5f75fd8-1fb7-437f-a511-539c0f940bf5} -parentPid 1068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 25 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1752"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 2088 -prefsLen 36520 -prefMapHandle 2092 -prefMapSize 272997 -ipcHandle 2128 -initialChannelId {43a2d34c-7db4-470f-a3ac-25f9dcfc60a7} -parentPid 1068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2200C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2464"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7076 -prefsLen 39338 -prefMapHandle 7112 -prefMapSize 272997 -jsInitHandle 7068 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 6628 -initialChannelId {1bbffac5-73ae-48f3-af60-3a0a2e310f56} -parentPid 1068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 23 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2864"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -sandboxingKind 0 -prefsHandle 4696 -prefsLen 44905 -prefMapHandle 4692 -prefMapSize 272997 -ipcHandle 4388 -initialChannelId {e1281640-5f82-4a0b-8b7e-c4887a44b1c5} -parentPid 1068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3488"C:\Program Files\Mozilla Firefox\firefox.exe" "https://kinoger.com/"C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\bcrypt.dll
Total events
40 574
Read events
40 572
Write events
2
Delete events
0

Modification events

(PID) Process:(1068) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(1068) firefox.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-790078335-998561069-2208156648-988539944-4021756109-3505228477-4058360096
Operation:writeName:DisplayName
Value:
Chrome Sandbox
Executable files
0
Suspicious files
195
Text files
31
Unknown types
392

Dropped files

PID
Process
Filename
Type
1068firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
1068firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:3134ED3F12E4F4F8643DB90043B0FD7B
SHA256:26E4F122034D7A03F6DA0E707799B09CBEEBDAF8D7A3133A1F7BD894AC72EEA1
1068firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1068firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:2FD670934FEF0C60E2119BD874AAF470
SHA256:771A7C83CA015BDBC6AB86A7BD9B1D54E40062E28942D311A9178A0FE6433CF2
1068firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1068firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:2FD670934FEF0C60E2119BD874AAF470
SHA256:771A7C83CA015BDBC6AB86A7BD9B1D54E40062E28942D311A9178A0FE6433CF2
1068firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1068firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
1068firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1068firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.tmpdbf
MD5:E3FC1A783723F57DD176551BA95A2197
SHA256:5961DB5898EF50EFAEB4C9D59D2033EA908DD47362214D5DD1CCBD4BAFC11F76
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
75
TCP/UDP connections
276
DNS requests
402
Threats
31

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1068
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
1068
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
1068
firefox.exe
POST
200
2.22.242.121:80
http://r11.o.lencr.org/
unknown
whitelisted
1068
firefox.exe
POST
200
142.250.185.195:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
1068
firefox.exe
POST
200
142.250.185.195:80
http://o.pki.goog/we2
unknown
whitelisted
1068
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
1068
firefox.exe
POST
200
2.22.242.121:80
http://r11.o.lencr.org/
unknown
whitelisted
1068
firefox.exe
POST
200
2.22.242.225:80
http://r10.o.lencr.org/
unknown
whitelisted
1068
firefox.exe
POST
200
172.64.149.23:80
http://ocsp.sectigo.com/
unknown
whitelisted
1068
firefox.exe
POST
200
2.22.242.225:80
http://r10.o.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5348
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1068
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted
1068
firefox.exe
104.21.16.1:443
kinoger.com
CLOUDFLARENET
whitelisted
1068
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
4
System
192.168.100.255:138
whitelisted
1068
firefox.exe
34.107.243.93:443
push.services.mozilla.com
GOOGLE
US
whitelisted
1068
firefox.exe
2.22.242.121:80
r11.o.lencr.org
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.78
whitelisted
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted
content-signature-chains.prod.autograph.services.mozaws.net
  • 34.160.144.191
  • 2600:1901:0:92a9::
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
kinoger.com
  • 104.21.16.1
  • 104.21.112.1
  • 104.21.48.1
  • 104.21.80.1
  • 104.21.64.1
  • 104.21.32.1
  • 104.21.96.1
  • 2606:4700:3030::6815:3001
  • 2606:4700:3030::6815:1001
  • 2606:4700:3030::6815:2001
  • 2606:4700:3030::6815:4001
  • 2606:4700:3030::6815:7001
  • 2606:4700:3030::6815:6001
  • 2606:4700:3030::6815:5001
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
r11.o.lencr.org
  • 2.22.242.121
  • 2.22.242.225
  • 2.16.206.143
  • 2.16.206.148
  • 95.101.54.131
  • 2.16.202.121
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
a1887.dscq.akamai.net
  • 2.22.242.121
  • 2.22.242.225
  • 2a02:26f0:480:e::210:f10f
  • 2a02:26f0:480:e::210:f108
  • 2.16.206.143
  • 2.16.206.148
  • 95.101.54.131
  • 2.16.202.121
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
2200
svchost.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (oamoameevee .net)
2200
svchost.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (oamoameevee .net)
2200
svchost.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (oamoameevee .net)
2200
svchost.exe
Misc activity
ET INFO CMS Hosting Domain in DNS Lookup (storyblok .com)
2200
svchost.exe
Misc activity
ET INFO CMS Hosting Domain in DNS Lookup (storyblok .com)
2200
svchost.exe
Misc activity
ET INFO CMS Hosting Domain in DNS Lookup (storyblok .com)
1068
firefox.exe
Misc activity
ET INFO CMS Hosting Domain in TLS SNI (storyblok .com)
1068
firefox.exe
Misc activity
ET INFO CMS Hosting Domain in TLS SNI (storyblok .com)
1068
firefox.exe
Misc activity
ET INFO CMS Hosting Domain in TLS SNI (storyblok .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://kinoger.com/