URL:

www.local.laurenduterrail.com

Full analysis: https://app.any.run/tasks/298f0dd4-85d9-4f7c-8783-6a4cc93f2dc8
Verdict: Malicious activity
Analysis date: February 25, 2026, 19:49:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
etherhiding
Indicators:
MD5:

B360CB4F4067E41C30219B4FD7281AFB

SHA1:

C638333617433CD8DEC04D2808860D6836BEBF72

SHA256:

5ECAEAD599C333A82E33A6787CBFCE178376B902F71DA2A678FE875542AEC02C

SSDEEP:

3:EgFLQaETyTn:hFLpTn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ETHERHIDING has been detected (SURICATA)

      • firefox.exe (PID: 8344)

  • SUSPICIOUS

    • Checks for external IP

      • svchost.exe (PID: 2292)

  • INFO

    • Drops script file

      • firefox.exe (PID: 8344)

    • Application launched itself

      • firefox.exe (PID: 7992)
      • firefox.exe (PID: 8344)

    • Manual execution by a user

      • notepad.exe (PID: 4696)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
162
Monitored processes
16
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start firefox.exe no specs #ETHERHIDING firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs svchost.exe notepad.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
756"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 3420 -prefsLen 37207 -prefMapHandle 3424 -prefMapSize 272981 -ipcHandle 3432 -initialChannelId {3564d22c-bcd1-4586-a52b-c4d571606043} -parentPid 8344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8344" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
1172C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1176"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4792 -prefsLen 39330 -prefMapHandle 2512 -prefMapSize 272981 -jsInitHandle 2332 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 4940 -initialChannelId {338b219f-4ab0-4e80-ac47-c1db9541c8cc} -parentPid 8344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
1836"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4792 -prefsLen 39330 -prefMapHandle 2720 -prefMapSize 272981 -jsInitHandle 2724 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 4692 -initialChannelId {60c7b3d6-800f-47a0-8f59-b57095534da9} -parentPid 8344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
1868"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -sandboxingKind 0 -prefsHandle 4616 -prefsLen 45267 -prefMapHandle 4600 -prefMapSize 272981 -ipcHandle 2836 -initialChannelId {4c04a027-2494-4803-a222-65f8ea575ac7} -parentPid 8344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
2292C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
4196"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5200 -prefsLen 39330 -prefMapHandle 5204 -prefMapSize 272981 -jsInitHandle 5208 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5092 -initialChannelId {2f7283c3-e07c-4ced-97e5-b63966d19710} -parentPid 8344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
4292"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3284 -prefsLen 31275 -prefMapHandle 3288 -prefMapSize 272981 -jsInitHandle 3292 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 3300 -initialChannelId {03029502-41d0-4021-8c46-1030a7729c8a} -parentPid 8344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
4696"C:\WINDOWS\system32\notepad.exe" C:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
6240"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4824 -prefsLen 39330 -prefMapHandle 4968 -prefMapSize 272981 -jsInitHandle 4808 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 2700 -initialChannelId {c72ef119-b02c-436c-8f32-1a96bda8d9f8} -parentPid 8344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140_1.dll
Total events
386
Read events
386
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
193
Text files
33
Unknown types
0

Dropped files

PID
Process
Filename
Type
8344firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
8344firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
8344firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:0B1BB6B39621B20C5425BA1F277DCC7D
SHA256:9C4E429E7C02CC9E7AED1A2A4A60B0458C2BE1782D72AC0667FC3CA09DCFE132
8344firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
8344firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:0B1BB6B39621B20C5425BA1F277DCC7D
SHA256:9C4E429E7C02CC9E7AED1A2A4A60B0458C2BE1782D72AC0667FC3CA09DCFE132
8344firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
8344firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:3134ED3F12E4F4F8643DB90043B0FD7B
SHA256:26E4F122034D7A03F6DA0E707799B09CBEEBDAF8D7A3133A1F7BD894AC72EEA1
8344firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsontext
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
8344firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\activity-stream.discovery_stream.json.tmptext
MD5:E0448749FC5B01D29915F13E61A0F0EC
SHA256:D9E330A091EEBA82F3C895A3E897E934B34B3F8372C1CF50B8E1E9CA6FED0609
8344firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\activity-stream.contile.json.tmptext
MD5:E37FD1D1C58EE5C8C6C7D47C05F3722F
SHA256:1A992426B758CB58E55702982441E4FA53C528EE61682349D498D49F7B698B52
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
191
TCP/UDP connections
80
DNS requests
111
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8344
firefox.exe
GET
101
34.107.243.93:443
https://push.services.mozilla.com/
US
unknown
8344
firefox.exe
GET
301
109.234.165.184:80
http://www.local.laurenduterrail.com/
FR
binary
1 b
unknown
8344
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
US
text
90 b
unknown
8344
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
unknown
8344
firefox.exe
GET
200
151.101.65.91:443
https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=url-parser-default-unknown-schemes-interventions&bucket=main&_expected=0
US
text
274 b
unknown
8344
firefox.exe
GET
200
151.101.65.91:443
https://firefox.settings.services.mozilla.com/v1/
US
text
1.20 Kb
unknown
8344
firefox.exe
GET
200
151.101.65.91:443
https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=hijack-blocklists&bucket=main&_expected=0
US
text
243 b
unknown
8344
firefox.exe
GET
200
151.101.65.91:443
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/url-parser-default-unknown-schemes-interventions/changeset?_expected=1743513175300&_since=%221726769128879%22
US
text
1.76 Kb
unknown
8344
firefox.exe
GET
200
151.101.65.91:443
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
US
text
1.68 Kb
unknown
8344
firefox.exe
GET
200
151.101.65.91:443
https://contile.services.mozilla.com/v1/tiles
US
text
5.01 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
8568
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
876
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
8344
firefox.exe
151.101.65.91:443
firefox.settings.services.mozilla.com
FASTLY
US
whitelisted
8344
firefox.exe
109.234.165.184:80
www.local.laurenduterrail.com
O2SWITCH
FR
unknown
8344
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
8344
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE-CLOUD-PLATFORM
US
whitelisted
8344
firefox.exe
172.217.168.74:443
safebrowsing.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.201.174
whitelisted
firefox.settings.services.mozilla.com
  • 151.101.65.91
  • 151.101.193.91
  • 151.101.1.91
  • 151.101.129.91
whitelisted
mozilla.map.fastly.net
  • 151.101.65.91
  • 151.101.193.91
  • 151.101.1.91
  • 151.101.129.91
  • 2a04:4e42:200::347
  • 2a04:4e42:400::347
  • 2a04:4e42::347
  • 2a04:4e42:600::347
whitelisted
www.local.laurenduterrail.com
  • 109.234.165.184
unknown
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 151.101.65.91
  • 151.101.129.91
  • 151.101.1.91
  • 151.101.193.91
whitelisted
spocs.getpocket.com
  • 151.101.65.91
  • 151.101.1.91
  • 151.101.193.91
  • 151.101.129.91
whitelisted
example.org
  • 104.18.2.24
  • 104.18.3.24
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted

Threats

PID
Process
Class
Message
2292
svchost.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Suspected Domain Associated with Malware Distribution (security-malware .com)
2292
svchost.exe
Misc activity
ET INFO Observed DNS Query to Blockchain RPC Domain (rpc-mainnet .matic .quiknode .pro)
2292
svchost.exe
Misc activity
ET INFO Observed DNS Query to Blockchain RPC Domain (rpc-mainnet .matic .quiknode .pro)
2292
svchost.exe
Misc activity
ET INFO Observed DNS Query to Blockchain RPC Domain (rpc-mainnet .matic .quiknode .pro)
8344
firefox.exe
Misc activity
ET INFO Observed Blockchain RPC Domain (rpc-mainnet .matic .quiknode .pro in TLS SNI)
8344
firefox.exe
Misc activity
ET INFO Observed Blockchain RPC Domain (rpc-mainnet .matic .quiknode .pro in TLS SNI)
8344
firefox.exe
Misc activity
INFO [ANY.RUN] Connection to IP from commonly abused ASN (AS214943 RAILNET)
2292
svchost.exe
Potentially Bad Traffic
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
2292
svchost.exe
Potentially Bad Traffic
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
2292
svchost.exe
Potentially Bad Traffic
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
www.local.laurenduterrail.com