URL:

http://infrarecorder.org/

Full analysis: https://app.any.run/tasks/56894ef4-0dcf-4cea-a568-630b864897b9
Verdict: Malicious activity
Analysis date: March 05, 2024, 20:26:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:
MD5:

2996B69599B814FB14E9CF8424D9C638

SHA1:

A33B759B7F272767714803BB3CAAB258AF383A98

SHA256:

2147CD742C98D0E1782DF3ECDEEE0228BCCBDE2E59F1CC6669465361A6346F94

SSDEEP:

3:N1KX+wBnXCKn:C9BXJn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ir053.exe (PID: 5264)

    • Detects Cygwin installation

      • ir053.exe (PID: 5264)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ir053.exe (PID: 5264)

    • The process creates files with name similar to system file names

      • ir053.exe (PID: 5264)

    • Creates a software uninstall entry

      • ir053.exe (PID: 5264)

    • Creates or modifies Windows services

      • infrarecorder.exe (PID: 2556)

    • Reads the Internet Settings

      • infrarecorder.exe (PID: 2556)

    • Changes default file association

      • WINWORD.EXE (PID: 4804)

    • Creates/Modifies COM task schedule object

      • WINWORD.EXE (PID: 4804)

    • Reads the date of Windows installation

      • infrarecorder.exe (PID: 2556)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 4052)
      • firefox.exe (PID: 3656)

    • Drops the executable file immediately after the start

      • firefox.exe (PID: 3656)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 3656)

    • The process uses the downloaded file

      • firefox.exe (PID: 3656)

    • Reads the computer name

      • ir053.exe (PID: 5264)
      • wmpnscfg.exe (PID: 5352)
      • infrarecorder.exe (PID: 5792)
      • infrarecorder.exe (PID: 2556)

    • Checks supported languages

      • ir053.exe (PID: 5264)
      • wmpnscfg.exe (PID: 5352)
      • infrarecorder.exe (PID: 5792)
      • infrarecorder.exe (PID: 2556)

    • Create files in a temporary directory

      • ir053.exe (PID: 5264)

    • Manual execution by a user

      • infrarecorder.exe (PID: 5792)
      • wmpnscfg.exe (PID: 5352)
      • infrarecorder.exe (PID: 2556)

    • Creates files or folders in the user directory

      • ir053.exe (PID: 5264)
      • infrarecorder.exe (PID: 5792)

    • Creates files in the program directory

      • ir053.exe (PID: 5264)

    • Reads the machine GUID from the registry

      • infrarecorder.exe (PID: 5792)
      • infrarecorder.exe (PID: 2556)

    • Reads Microsoft Office registry keys

      • infrarecorder.exe (PID: 2556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
87
Monitored processes
39
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs ir053.exe no specs firefox.exe no specs ir053.exe wmpnscfg.exe no specs firefox.exe no specs firefox.exe no specs infrarecorder.exe no specs firefox.exe no specs infrarecorder.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs winword.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
784"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.6.1167269266\178547313" -childID 5 -isForBrowser -prefsHandle 7512 -prefMapHandle 7556 -prefsLen 29365 -prefMapSize 244195 -jsInitHandle 928 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75c643ef-76ec-41f7-a6a9-bc24cd9fc7ed} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 7496 19864840 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
848"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.2.1335891920\1420338705" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 1932 -prefsLen 24491 -prefMapSize 244195 -jsInitHandle 928 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e32059f-349b-4032-8ad1-20d0f2522d23} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 2188 12966c90 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
908"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.10.166163924\1179295370" -childID 9 -isForBrowser -prefsHandle 3436 -prefMapHandle 2164 -prefsLen 31202 -prefMapSize 244195 -jsInitHandle 928 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26333d23-01db-49ce-8c48-72e191e8743f} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 7668 1acdde00 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1172"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.8.301891626\705919912" -childID 7 -isForBrowser -prefsHandle 2832 -prefMapHandle 3252 -prefsLen 31121 -prefMapSize 244195 -jsInitHandle 928 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29040271-c8d8-49a5-a871-0d03ce846b3f} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 7376 15fbd280 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1216"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.13.1273568132\124831328" -parentBuildID 20230710165010 -prefsHandle 6444 -prefMapHandle 6448 -prefsLen 36708 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84d07a58-13da-401d-9a39-cf58343c778c} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 6416 1d8342e0 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1544"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.4.693785042\1174754813" -childID 3 -isForBrowser -prefsHandle 5880 -prefMapHandle 5428 -prefsLen 29208 -prefMapSize 244195 -jsInitHandle 928 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2da4b7d4-2b60-4e91-b390-535414b9730e} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 7844 1acdd110 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1584"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.15.1894931256\58224516" -childID 12 -isForBrowser -prefsHandle 6000 -prefMapHandle 6076 -prefsLen 31323 -prefMapSize 244195 -jsInitHandle 928 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87cdf6bb-8a00-4560-b2db-55a0dce01f93} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 6104 1d84a840 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1816"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.14.726551200\673393704" -parentBuildID 20230710165010 -sandboxingKind 1 -prefsHandle 6428 -prefMapHandle 6436 -prefsLen 36708 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {525ead26-5860-4b22-ae3c-8b42bdd09c10} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 6400 1806cf50 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2332"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.1.1373502737\708591823" -parentBuildID 20230710165010 -prefsHandle 1432 -prefMapHandle 1428 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66046c74-f483-4cea-a005-1f2c8feff9a3} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 1444 ef1cd50 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2556"C:\Program Files\InfraRecorder\infrarecorder.exe" C:\Program Files\InfraRecorder\infrarecorder.exe
explorer.exe
User:
admin
Company:
Christian Kindahl
Integrity Level:
HIGH
Description:
InfraRecorder
Exit code:
0
Version:
0.53.0.0
Modules
Images
c:\program files\infrarecorder\infrarecorder.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
64 021
Read events
63 286
Write events
396
Delete events
339

Modification events

(PID) Process:(4052) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
63E8174F01000000
(PID) Process:(3656) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
01B4194F01000000
(PID) Process:(3656) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Installer\308046B0AF4A39CB
Operation:delete valueName:installer.taskbarpin.win10.enabled
Value:
(PID) Process:(3656) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(3656) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3656) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Theme
Value:
1
(PID) Process:(3656) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Enabled
Value:
1
(PID) Process:(3656) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
(PID) Process:(3656) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
Value:
0
(PID) Process:(3656) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|SetDefaultBrowserUserChoice
Value:
1
Executable files
20
Suspicious files
158
Text files
96
Unknown types
80

Dropped files

PID
Process
Filename
Type
3656firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3656firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3656firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3656firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\activity-stream.discovery_stream.json.tmpbinary
MD5:10390238BEBB2BAD99D7D80C558ED290
SHA256:CD4A9E553855E23092A90EE86EA0128B5197241E9B49F535141A55A2AE1DA67C
3656firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite-journalbinary
MD5:B21FA6C9AA9D69F95F39CD7ABE134521
SHA256:A6AD5A60D52D6B550AF585EFA734FEEE97D167258E4B316FA81FB7AD85B60098
3656firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\activity-stream.discovery_stream.jsonbinary
MD5:10390238BEBB2BAD99D7D80C558ED290
SHA256:CD4A9E553855E23092A90EE86EA0128B5197241E9B49F535141A55A2AE1DA67C
3656firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3656firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3656firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\protections.sqlite-journalbinary
MD5:B43C4E837F919BC36AB8046591F4980B
SHA256:FA361094D424626F8B4B3F4F3115E15025A5018411621E1FBCA48D6FA4D35209
3656firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
99
TCP/UDP connections
283
DNS requests
553
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3656
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
text
90 b
unknown
3656
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
text
8 b
unknown
3656
firefox.exe
GET
301
142.250.74.206:80
http://www.youtube.com/iframe_api
unknown
unknown
3656
firefox.exe
POST
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
unknown
3656
firefox.exe
POST
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3
unknown
binary
471 b
unknown
3656
firefox.exe
GET
200
139.162.142.193:80
http://infrarecorder.org/
unknown
html
4.90 Kb
unknown
3656
firefox.exe
POST
200
184.24.77.78:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
3656
firefox.exe
POST
200
184.24.77.78:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
3656
firefox.exe
POST
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
unknown
3656
firefox.exe
POST
200
184.24.77.78:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3656
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3656
firefox.exe
34.117.237.239:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
3656
firefox.exe
142.250.184.195:80
ocsp.pki.goog
GOOGLE
US
whitelisted
3656
firefox.exe
142.250.186.170:443
safebrowsing.googleapis.com
whitelisted
3656
firefox.exe
34.117.188.166:443
spocs.getpocket.com
unknown
3656
firefox.exe
172.217.18.2:443
pagead2.googlesyndication.com
GOOGLE
US
whitelisted
3656
firefox.exe
142.250.74.206:80
www.youtube.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
infrarecorder.org
  • 139.162.142.193
unknown
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.117.237.239
whitelisted
example.org
  • 93.184.216.34
whitelisted
spocs.getpocket.com
  • 34.117.188.166
shared
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
gkegw.prod.ads.prod.webservices.mozgcp.net
  • 34.117.188.166
unknown
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted
r3.o.lencr.org
  • 184.24.77.78
  • 184.24.77.62
  • 184.24.77.71
  • 184.24.77.70
  • 184.24.77.47
  • 184.24.77.74
  • 184.24.77.65
  • 184.24.77.80
  • 184.24.77.83
  • 184.24.77.54
  • 184.24.77.75
  • 184.24.77.77
  • 184.24.77.48
  • 184.24.77.45
  • 184.24.77.67
  • 184.24.77.53
  • 184.24.77.57
  • 184.24.77.79
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://infrarecorder.org/