URL:

https://www.stremio.com/

Full analysis: https://app.any.run/tasks/da1ee712-1e64-4745-a7b4-4a07d1882a13
Verdict: Malicious activity
Analysis date: June 18, 2025, 14:19:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-scr
github
Indicators:
MD5:

C48A7E7632695FEE04409139E42217C8

SHA1:

708CD71205301F6D59FAFE7800446C8381B946C7

SHA256:

7058A6D48706C9D7887C5FF54CE4307001F78022797F09B43ACEFC30538AF3C8

SSDEEP:

3:N8DSLLG:2OLLG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Stremio+4.4.168.exe (PID: 8156)

    • Process drops legitimate windows executable

      • Stremio+4.4.168.exe (PID: 8156)

    • There is functionality for taking screenshot (YARA)

      • Stremio+4.4.168.exe (PID: 8156)
      • stremio.exe (PID: 7400)
      • QtWebEngineProcess.exe (PID: 7564)
      • QtWebEngineProcess.exe (PID: 4020)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Stremio+4.4.168.exe (PID: 8156)

    • The process drops C-runtime libraries

      • Stremio+4.4.168.exe (PID: 8156)

    • Creates a software uninstall entry

      • Stremio+4.4.168.exe (PID: 8156)

    • Detected use of alternative data streams (AltDS)

      • stremio.exe (PID: 7400)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 5140)
      • cmd.exe (PID: 1704)
      • cmd.exe (PID: 2168)

    • Uses WMIC.EXE to obtain local storage devices information

      • cmd.exe (PID: 6408)
      • cmd.exe (PID: 4196)

    • Starts CMD.EXE for commands execution

      • stremio-runtime.exe (PID: 7216)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 3756)
      • firefox.exe (PID: 3752)
      • msedge.exe (PID: 4324)
      • msedge.exe (PID: 7280)
      • msedge.exe (PID: 1040)
      • msedge.exe (PID: 8808)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 3756)

    • The sample compiled with english language support

      • firefox.exe (PID: 3756)
      • Stremio+4.4.168.exe (PID: 8156)

    • Checks supported languages

      • Stremio+4.4.168.exe (PID: 8156)
      • QtWebEngineProcess.exe (PID: 4020)
      • stremio-runtime.exe (PID: 7216)
      • stremio.exe (PID: 7400)
      • ffmpeg.exe (PID: 6004)
      • ffmpeg.exe (PID: 7028)
      • ffmpeg.exe (PID: 7524)

    • Launching a file from the Downloads directory

      • firefox.exe (PID: 3756)

    • Creates files or folders in the user directory

      • Stremio+4.4.168.exe (PID: 8156)
      • QtWebEngineProcess.exe (PID: 4020)
      • stremio.exe (PID: 7400)
      • stremio-runtime.exe (PID: 7216)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 3756)

    • Reads the computer name

      • Stremio+4.4.168.exe (PID: 8156)
      • stremio-runtime.exe (PID: 7216)
      • stremio.exe (PID: 7400)

    • Reads the machine GUID from the registry

      • QtWebEngineProcess.exe (PID: 4020)

    • Create files in a temporary directory

      • Stremio+4.4.168.exe (PID: 8156)

    • Checks proxy server information

      • slui.exe (PID: 4888)
      • QtWebEngineProcess.exe (PID: 4020)
      • stremio.exe (PID: 7400)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 3948)

    • Reads CPU info

      • stremio-runtime.exe (PID: 7216)

    • Reads the software policy settings

      • QtWebEngineProcess.exe (PID: 4020)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
224
Monitored processes
76
Malicious processes
2
Suspicious processes
3

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs stremio+4.4.168.exe slui.exe stremio.exe stremio-runtime.exe conhost.exe no specs qtwebengineprocess.exe qtwebengineprocess.exe no specs ffprobe.exe no specs ffmpeg.exe no specs cmd.exe no specs ffmpeg.exe no specs taskkill.exe no specs cmd.exe no specs ffmpeg.exe no specs taskkill.exe no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs svchost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
592"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3188 -prefsLen 31090 -prefMapHandle 3192 -prefMapSize 272997 -jsInitHandle 3196 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 3204 -initialChannelId {04b03ec4-576f-44af-b5fa-2a1e1452dffe} -parentPid 3756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140_1.dll
756"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2208,i,12301311109230572845,12858654568437690453,262144 --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.stremio.com/warning#https%3A%2F%2Fplay.max.com%2Fvideo%2Fwatch%2Fdae9e532-3714-4f2e-b758-fb9a13def902%3Futm_source%3Duniversal_searchC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exestremio.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1296"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 1888 -prefsLen 36520 -prefMapHandle 1892 -prefMapSize 272997 -ipcHandle 1952 -initialChannelId {9722c0b1-6f47-49ff-b03d-5f9573f9c0b3} -parentPid 3756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3756" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\crypt32.dll
1560"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4788 -prefsLen 44957 -prefMapHandle 4792 -prefMapSize 272997 -jsInitHandle 4796 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 4764 -initialChannelId {e002d5b8-b32a-44ff-9db6-d5305dcc3d4c} -parentPid 3756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1568wmic logicaldisk where drivetype=3 get caption,size,freespaceC:\Windows\SysWOW64\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4852,i,11855325126477122095,17060189562772193368,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1580"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3680,i,12301311109230572845,12858654568437690453,262144 --variations-seed-version --mojo-platform-channel-handle=1496 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1704C:\WINDOWS\system32\cmd.exe /d /s /c "taskkill /pid 7028 /T /F"C:\Windows\SysWOW64\cmd.exestremio-runtime.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1760"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 2112 -prefsLen 36520 -prefMapHandle 2116 -prefMapSize 272997 -ipcHandle 2124 -initialChannelId {5984d5c5-bb62-46cb-a9ca-1a073bb57200} -parentPid 3756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
45 707
Read events
45 646
Write events
61
Delete events
0

Modification events

(PID) Process:(3756) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:EstimatedSize
Value:
370119
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:DisplayName
Value:
Stremio
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:DisplayVersion
Value:
4.4.168
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\LNV\Stremio-4\stremio.exe
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:Publisher
Value:
Smart Code Ltd
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Local\Programs\LNV\Stremio-4\Uninstall.exe
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:InstallString
Value:
C:\Users\admin\AppData\Local\Programs\LNV\Stremio-4
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:URLInfoAbout
Value:
https://www.stremio.com
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:NoModify
Value:
1
Executable files
124
Suspicious files
769
Text files
863
Unknown types
292

Dropped files

PID
Process
Filename
Type
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3756firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:3134ED3F12E4F4F8643DB90043B0FD7B
SHA256:26E4F122034D7A03F6DA0E707799B09CBEEBDAF8D7A3133A1F7BD894AC72EEA1
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.tmpdbf
MD5:60C7BC55E67F7809EA3E676699B04486
SHA256:4C17E9CCC742C84E21B054E4969EEC00E4DB43CE439E44B52DD5CEAA22ACC88D
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3756firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\activity-stream.contile.json.tmpbinary
MD5:38347117111DECBD14FD4A764FBE03C1
SHA256:CAB9100CBD7D95ED254DA7D20E2AA483C1511035CB8EA09CC64A3938506CB5DE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
86
TCP/UDP connections
359
DNS requests
414
Threats
31

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
GET
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
3756
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
420
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3756
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted
3756
firefox.exe
104.16.203.97:443
www.stremio.com
CLOUDFLARENET
whitelisted
3756
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3756
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
3756
firefox.exe
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted
content-signature-chains.prod.autograph.services.mozaws.net
  • 34.160.144.191
  • 2600:1901:0:92a9::
whitelisted
www.stremio.com
  • 104.16.203.97
  • 104.16.204.97
  • 2606:4700::6810:cb61
  • 2606:4700::6810:cc61
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted
mc.prod.ads.prod.webservices.mozgcp.net
  • 34.36.137.203
whitelisted
example.org
  • 96.7.128.192
  • 23.215.0.132
  • 23.215.0.133
  • 96.7.128.186
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
756
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
756
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
756
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
756
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Process
Message
stremio.exe
WebEngineContext used before QtWebEngine::initialize() or OpenGL context creation failed.
stremio.exe
qml: Loading web UI from URL: https://app.strem.io/shell-v4.4/#?loginFlow=desktop
stremio.exe
qml: Stremio Shell version: 4.4.168
stremio.exe
qml: **** Completed. Loading Autoupdater ***
stremio.exe
qml: Auto-updater: checking for new version
stremio.exe
qml: Auto-updater: up to date
stremio.exe
js: A cookie associated with a cross-site resource at http://bit.ly/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.stremio.com/