URL:

https://app.prntscr.com/es/

Full analysis: https://app.any.run/tasks/b86ec44a-ecdf-42c1-90a9-1d9ccc6f75d8
Verdict: Malicious activity
Analysis date: June 23, 2025, 15:14:42
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
arch-scr
Indicators:
MD5:

22A1091238EC607F6577F0FC09F3AEB5

SHA1:

8F39391F62BAB87DA216DE776FE88D9E1E86E4EA

SHA256:

428B492203F353EBAB327AECC89D6A028408D86D02CEEF0CFFF2A09C5568380E

SSDEEP:

3:N8aB7c:2aB7c

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • setup-lightshot.tmp (PID: 4216)

    • Executing a file with an untrusted certificate

      • setupupdater.exe (PID: 4836)
      • Updater.exe (PID: 3844)
      • Updater.exe (PID: 3800)
      • Updater.exe (PID: 3924)
      • Updater.exe (PID: 760)
      • Updater.exe (PID: 4100)
      • Updater.exe (PID: 7824)
      • Updater.exe (PID: 3148)
      • Updater.exe (PID: 1232)
      • Updater.exe (PID: 4264)

    • Starts NET.EXE for service management

      • setupupdater.tmp (PID: 2808)
      • net.exe (PID: 2028)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • setup-lightshot.exe (PID: 7564)
      • setup-lightshot.exe (PID: 8076)
      • setup-lightshot.tmp (PID: 4216)
      • setupupdater.exe (PID: 4836)
      • setupupdater.tmp (PID: 2808)

    • Reads security settings of Internet Explorer

      • setup-lightshot.tmp (PID: 4544)
      • setup-lightshot.tmp (PID: 4216)
      • setupupdater.tmp (PID: 2808)
      • Updater.exe (PID: 3800)
      • Updater.exe (PID: 1232)
      • Updater.exe (PID: 4100)

    • Reads the Windows owner or organization settings

      • setup-lightshot.tmp (PID: 4216)
      • setupupdater.tmp (PID: 2808)

    • Uses TASKKILL.EXE to kill process

      • setup-lightshot.tmp (PID: 4216)

  • INFO

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 5616)

    • Application launched itself

      • firefox.exe (PID: 632)
      • firefox.exe (PID: 5616)
      • msedge.exe (PID: 1644)
      • msedge.exe (PID: 6756)
      • msedge.exe (PID: 8652)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 5616)

    • Create files in a temporary directory

      • setup-lightshot.exe (PID: 7564)
      • setup-lightshot.exe (PID: 8076)
      • setup-lightshot.tmp (PID: 4216)
      • setupupdater.exe (PID: 4836)
      • setupupdater.tmp (PID: 2808)

    • Checks supported languages

      • setup-lightshot.exe (PID: 7564)
      • setup-lightshot.tmp (PID: 4544)
      • setup-lightshot.exe (PID: 8076)
      • setup-lightshot.tmp (PID: 4216)
      • Lightshot.exe (PID: 3608)
      • Lightshot.exe (PID: 3964)
      • setupupdater.exe (PID: 4836)
      • setupupdater.tmp (PID: 2808)
      • Updater.exe (PID: 3924)
      • Updater.exe (PID: 3844)
      • Updater.exe (PID: 3800)
      • Updater.exe (PID: 760)
      • Updater.exe (PID: 4100)
      • Updater.exe (PID: 7824)
      • Updater.exe (PID: 3148)
      • Updater.exe (PID: 4264)
      • Updater.exe (PID: 1232)
      • identity_helper.exe (PID: 8200)
      • identity_helper.exe (PID: 8808)

    • Launching a file from the Downloads directory

      • firefox.exe (PID: 5616)

    • Reads the computer name

      • setup-lightshot.tmp (PID: 4544)
      • setup-lightshot.tmp (PID: 4216)
      • Lightshot.exe (PID: 3608)
      • setupupdater.tmp (PID: 2808)
      • Updater.exe (PID: 3844)
      • Updater.exe (PID: 3800)
      • Updater.exe (PID: 4100)
      • Updater.exe (PID: 7824)
      • Updater.exe (PID: 1232)
      • identity_helper.exe (PID: 8200)
      • identity_helper.exe (PID: 8808)

    • Process checks computer location settings

      • setup-lightshot.tmp (PID: 4544)
      • setup-lightshot.tmp (PID: 4216)
      • setupupdater.tmp (PID: 2808)

    • Launching a file from a Registry key

      • setup-lightshot.tmp (PID: 4216)

    • Creates a software uninstall entry

      • setup-lightshot.tmp (PID: 4216)

    • Reads the machine GUID from the registry

      • Lightshot.exe (PID: 3608)
      • Updater.exe (PID: 3800)
      • Updater.exe (PID: 4100)
      • Updater.exe (PID: 1232)

    • Creates files in the program directory

      • setup-lightshot.tmp (PID: 4216)
      • setupupdater.tmp (PID: 2808)
      • Updater.exe (PID: 3800)

    • The sample compiled with english language support

      • setup-lightshot.tmp (PID: 4216)

    • Creates files or folders in the user directory

      • Updater.exe (PID: 3844)
      • Updater.exe (PID: 3800)
      • Updater.exe (PID: 4100)
      • setup-lightshot.tmp (PID: 4216)
      • Updater.exe (PID: 1232)

    • Checks proxy server information

      • Updater.exe (PID: 3800)
      • setup-lightshot.tmp (PID: 4216)
      • Updater.exe (PID: 1232)
      • Updater.exe (PID: 4100)

    • Reads the software policy settings

      • Updater.exe (PID: 3800)
      • Updater.exe (PID: 4100)
      • Updater.exe (PID: 1232)

    • Detects InnoSetup installer (YARA)

      • setup-lightshot.exe (PID: 7564)
      • setup-lightshot.tmp (PID: 4544)

    • Compiled with Borland Delphi (YARA)

      • setup-lightshot.exe (PID: 7564)
      • setup-lightshot.tmp (PID: 4544)

    • Reads Environment values

      • identity_helper.exe (PID: 8200)
      • identity_helper.exe (PID: 8808)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
207
Monitored processes
66
Malicious processes
6
Suspicious processes
9

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs setup-lightshot.exe setup-lightshot.tmp no specs setup-lightshot.exe setup-lightshot.tmp taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs lightshot.exe no specs lightshot.exe no specs setupupdater.exe setupupdater.tmp net.exe no specs conhost.exe no specs net1.exe no specs updater.exe no specs updater.exe no specs updater.exe updater.exe no specs updater.exe updater.exe no specs updater.exe no specs updater.exe no specs updater.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs firefox.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632"C:\Program Files\Mozilla Firefox\firefox.exe" "https://app.prntscr.com/es/"C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\msvcp140.dll
724\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
760"C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"C:\Program Files (x86)\Skillbrains\Updater\Updater.exesetupupdater.tmp
User:
admin
Company:
TODO: <Company name>
Integrity Level:
HIGH
Description:
TODO: <File description>
Exit code:
0
Version:
1.0.0.1
Modules
Images
c:\program files (x86)\skillbrains\updater\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1232"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
Updater.exe
User:
admin
Integrity Level:
HIGH
Description:
Updater Module
Exit code:
0
Version:
1.8.0.0
Modules
Images
c:\program files (x86)\skillbrains\updater\1.8.0.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1480"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2564,i,753825210752480797,17164766714572997071,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://app.prntscr.com/thankyou_desktop.html#install_source=defaultC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2028"C:\WINDOWS\system32\net.exe" START SCHEDULEC:\Windows\SysWOW64\net.exesetupupdater.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2148"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2120,i,753825210752480797,17164766714572997071,262144 --variations-seed-version --mojo-platform-channel-handle=2804 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2320C:\WINDOWS\system32\net1 START SCHEDULEC:\Windows\SysWOW64\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
2808"C:\Users\admin\AppData\Local\Temp\is-29ART.tmp\setupupdater.tmp" /SL5="$20364,490430,120832,C:\Users\admin\AppData\Local\Temp\is-K3HJ9.tmp\setupupdater.exe" /verysilentC:\Users\admin\AppData\Local\Temp\is-29ART.tmp\setupupdater.tmp
setupupdater.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-29art.tmp\setupupdater.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
29 577
Read events
29 490
Write events
81
Delete events
6

Modification events

(PID) Process:(5616) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3608) Lightshot.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Lightshot
Operation:writeName:Locale
Value:
EN
(PID) Process:(2808) setupupdater.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:Owner
Value:
F80A00000AD2B39D51E4DB01
(PID) Process:(2808) setupupdater.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:SessionHash
Value:
CC8A69A9144B08B0BA95392A562AB66B5DD8D0DFA7FD4ED24AABF23D3E9AA384
(PID) Process:(2808) setupupdater.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:Sequence
Value:
1
(PID) Process:(3608) Lightshot.exeKey:HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Lightshot
Operation:writeName:appFirstRun
Value:
0
(PID) Process:(4216) setup-lightshot.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Lightshot
Value:
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
(PID) Process:(4216) setup-lightshot.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Skillbrains\Lightshot
Operation:writeName:Locale
Value:
EN
(PID) Process:(4216) setup-lightshot.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.6.1 (u)
(PID) Process:(4216) setup-lightshot.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\Skillbrains\lightshot
Executable files
26
Suspicious files
213
Text files
240
Unknown types
281

Dropped files

PID
Process
Filename
Type
5616firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
5616firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:3134ED3F12E4F4F8643DB90043B0FD7B
SHA256:26E4F122034D7A03F6DA0E707799B09CBEEBDAF8D7A3133A1F7BD894AC72EEA1
5616firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5616firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5616firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
5616firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5616firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
5616firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\activity-stream.contile.jsonbinary
MD5:C35B90B2DB189076987A25053EE0CA15
SHA256:C4CD5D3545EDDF7804135C5AB304320A38CBB6AA1C7A63CA6D040A84EF44710C
5616firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
5616firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:2FD670934FEF0C60E2119BD874AAF470
SHA256:771A7C83CA015BDBC6AB86A7BD9B1D54E40062E28942D311A9178A0FE6433CF2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
48
TCP/UDP connections
162
DNS requests
229
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5616
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
5616
firefox.exe
POST
200
172.217.16.195:80
http://o.pki.goog/s/wr3/azY
unknown
whitelisted
5616
firefox.exe
POST
200
172.217.16.195:80
http://o.pki.goog/we2
unknown
whitelisted
5616
firefox.exe
POST
200
172.217.16.195:80
http://o.pki.goog/s/wr3/azY
unknown
whitelisted
5616
firefox.exe
POST
200
172.217.16.195:80
http://o.pki.goog/wr2
unknown
whitelisted
5616
firefox.exe
POST
200
172.217.16.195:80
http://o.pki.goog/we2
unknown
whitelisted
5616
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
5616
firefox.exe
POST
200
172.217.16.195:80
http://o.pki.goog/s/wr3/k58
unknown
whitelisted
5616
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
5616
firefox.exe
POST
200
172.217.16.195:80
http://o.pki.goog/we2
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
856
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5616
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted
5616
firefox.exe
172.67.36.44:443
app.prntscr.com
CLOUDFLARENET
US
whitelisted
5616
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
5616
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
5616
firefox.exe
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
whitelisted
5616
firefox.exe
172.217.16.195:80
o.pki.goog
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
google.com
  • 142.250.184.206
whitelisted
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted
content-signature-chains.prod.autograph.services.mozaws.net
  • 34.160.144.191
  • 2600:1901:0:92a9::
whitelisted
app.prntscr.com
  • 172.67.36.44
  • 104.22.77.209
  • 104.22.76.209
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted
mc.prod.ads.prod.webservices.mozgcp.net
  • 34.36.137.203
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2148
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2148
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2148
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2148
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://app.prntscr.com/es/