URL:

https://www.stremio.com/

Full analysis: https://app.any.run/tasks/da1ee712-1e64-4745-a7b4-4a07d1882a13
Verdict: Malicious activity
Analysis date: June 18, 2025, 14:19:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-scr
github
Indicators:
MD5:

C48A7E7632695FEE04409139E42217C8

SHA1:

708CD71205301F6D59FAFE7800446C8381B946C7

SHA256:

7058A6D48706C9D7887C5FF54CE4307001F78022797F09B43ACEFC30538AF3C8

SSDEEP:

3:N8DSLLG:2OLLG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Stremio+4.4.168.exe (PID: 8156)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Stremio+4.4.168.exe (PID: 8156)

    • The process drops C-runtime libraries

      • Stremio+4.4.168.exe (PID: 8156)

    • Process drops legitimate windows executable

      • Stremio+4.4.168.exe (PID: 8156)

    • There is functionality for taking screenshot (YARA)

      • Stremio+4.4.168.exe (PID: 8156)
      • stremio.exe (PID: 7400)
      • QtWebEngineProcess.exe (PID: 4020)
      • QtWebEngineProcess.exe (PID: 7564)

    • Creates a software uninstall entry

      • Stremio+4.4.168.exe (PID: 8156)

    • Detected use of alternative data streams (AltDS)

      • stremio.exe (PID: 7400)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 2168)
      • cmd.exe (PID: 5140)
      • cmd.exe (PID: 1704)

    • Starts CMD.EXE for commands execution

      • stremio-runtime.exe (PID: 7216)

    • Uses WMIC.EXE to obtain local storage devices information

      • cmd.exe (PID: 6408)
      • cmd.exe (PID: 4196)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 3752)
      • firefox.exe (PID: 3756)
      • msedge.exe (PID: 4324)
      • msedge.exe (PID: 1040)
      • msedge.exe (PID: 7280)
      • msedge.exe (PID: 8808)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 3756)

    • Launching a file from the Downloads directory

      • firefox.exe (PID: 3756)

    • The sample compiled with english language support

      • Stremio+4.4.168.exe (PID: 8156)
      • firefox.exe (PID: 3756)

    • Creates files or folders in the user directory

      • Stremio+4.4.168.exe (PID: 8156)
      • QtWebEngineProcess.exe (PID: 4020)
      • stremio.exe (PID: 7400)
      • stremio-runtime.exe (PID: 7216)

    • Checks supported languages

      • Stremio+4.4.168.exe (PID: 8156)
      • stremio.exe (PID: 7400)
      • QtWebEngineProcess.exe (PID: 4020)
      • stremio-runtime.exe (PID: 7216)
      • ffmpeg.exe (PID: 6004)
      • ffmpeg.exe (PID: 7524)
      • ffmpeg.exe (PID: 7028)

    • Reads the computer name

      • Stremio+4.4.168.exe (PID: 8156)
      • stremio.exe (PID: 7400)
      • stremio-runtime.exe (PID: 7216)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 3756)

    • Create files in a temporary directory

      • Stremio+4.4.168.exe (PID: 8156)

    • Reads the machine GUID from the registry

      • QtWebEngineProcess.exe (PID: 4020)

    • Reads the software policy settings

      • QtWebEngineProcess.exe (PID: 4020)

    • Checks proxy server information

      • QtWebEngineProcess.exe (PID: 4020)
      • slui.exe (PID: 4888)
      • stremio.exe (PID: 7400)

    • Reads CPU info

      • stremio-runtime.exe (PID: 7216)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 3948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
224
Monitored processes
76
Malicious processes
2
Suspicious processes
3

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs stremio+4.4.168.exe slui.exe stremio.exe stremio-runtime.exe conhost.exe no specs qtwebengineprocess.exe qtwebengineprocess.exe no specs ffprobe.exe no specs ffmpeg.exe no specs cmd.exe no specs ffmpeg.exe no specs taskkill.exe no specs cmd.exe no specs ffmpeg.exe no specs taskkill.exe no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs svchost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
592"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3188 -prefsLen 31090 -prefMapHandle 3192 -prefMapSize 272997 -jsInitHandle 3196 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 3204 -initialChannelId {04b03ec4-576f-44af-b5fa-2a1e1452dffe} -parentPid 3756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140_1.dll
756"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2208,i,12301311109230572845,12858654568437690453,262144 --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.stremio.com/warning#https%3A%2F%2Fplay.max.com%2Fvideo%2Fwatch%2Fdae9e532-3714-4f2e-b758-fb9a13def902%3Futm_source%3Duniversal_searchC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exestremio.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1296"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 1888 -prefsLen 36520 -prefMapHandle 1892 -prefMapSize 272997 -ipcHandle 1952 -initialChannelId {9722c0b1-6f47-49ff-b03d-5f9573f9c0b3} -parentPid 3756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3756" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\crypt32.dll
1560"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4788 -prefsLen 44957 -prefMapHandle 4792 -prefMapSize 272997 -jsInitHandle 4796 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 4764 -initialChannelId {e002d5b8-b32a-44ff-9db6-d5305dcc3d4c} -parentPid 3756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1568wmic logicaldisk where drivetype=3 get caption,size,freespaceC:\Windows\SysWOW64\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4852,i,11855325126477122095,17060189562772193368,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1580"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3680,i,12301311109230572845,12858654568437690453,262144 --variations-seed-version --mojo-platform-channel-handle=1496 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1704C:\WINDOWS\system32\cmd.exe /d /s /c "taskkill /pid 7028 /T /F"C:\Windows\SysWOW64\cmd.exestremio-runtime.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1760"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 2112 -prefsLen 36520 -prefMapHandle 2116 -prefMapSize 272997 -ipcHandle 2124 -initialChannelId {5984d5c5-bb62-46cb-a9ca-1a073bb57200} -parentPid 3756 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3756" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
45 707
Read events
45 646
Write events
61
Delete events
0

Modification events

(PID) Process:(3756) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:EstimatedSize
Value:
370119
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:DisplayName
Value:
Stremio
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:DisplayVersion
Value:
4.4.168
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\LNV\Stremio-4\stremio.exe
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:Publisher
Value:
Smart Code Ltd
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Local\Programs\LNV\Stremio-4\Uninstall.exe
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:InstallString
Value:
C:\Users\admin\AppData\Local\Programs\LNV\Stremio-4
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:URLInfoAbout
Value:
https://www.stremio.com
(PID) Process:(8156) Stremio+4.4.168.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stremio
Operation:writeName:NoModify
Value:
1
Executable files
124
Suspicious files
769
Text files
863
Unknown types
292

Dropped files

PID
Process
Filename
Type
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:C2D18FD307FDA16146495584D1E9CA22
SHA256:602DD03482239787B53E2A79072A33D6CB044A4A56D3068659042D4D418B480F
3756firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\activity-stream.contile.json.tmpbinary
MD5:38347117111DECBD14FD4A764FBE03C1
SHA256:CAB9100CBD7D95ED254DA7D20E2AA483C1511035CB8EA09CC64A3938506CB5DE
3756firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:3134ED3F12E4F4F8643DB90043B0FD7B
SHA256:26E4F122034D7A03F6DA0E707799B09CBEEBDAF8D7A3133A1F7BD894AC72EEA1
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3756firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\activity-stream.contile.jsonbinary
MD5:38347117111DECBD14FD4A764FBE03C1
SHA256:CAB9100CBD7D95ED254DA7D20E2AA483C1511035CB8EA09CC64A3938506CB5DE
3756firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:C2D18FD307FDA16146495584D1E9CA22
SHA256:602DD03482239787B53E2A79072A33D6CB044A4A56D3068659042D4D418B480F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
86
TCP/UDP connections
359
DNS requests
414
Threats
31

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3756
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
3756
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
3756
firefox.exe
GET
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
3756
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
420
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3756
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted
3756
firefox.exe
104.16.203.97:443
www.stremio.com
CLOUDFLARENET
whitelisted
3756
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3756
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
3756
firefox.exe
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted
content-signature-chains.prod.autograph.services.mozaws.net
  • 34.160.144.191
  • 2600:1901:0:92a9::
whitelisted
www.stremio.com
  • 104.16.203.97
  • 104.16.204.97
  • 2606:4700::6810:cb61
  • 2606:4700::6810:cc61
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted
mc.prod.ads.prod.webservices.mozgcp.net
  • 34.36.137.203
whitelisted
example.org
  • 96.7.128.192
  • 23.215.0.132
  • 23.215.0.133
  • 96.7.128.186
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Process
Message
stremio.exe
WebEngineContext used before QtWebEngine::initialize() or OpenGL context creation failed.
stremio.exe
qml: Loading web UI from URL: https://app.strem.io/shell-v4.4/#?loginFlow=desktop
stremio.exe
qml: Stremio Shell version: 4.4.168
stremio.exe
qml: **** Completed. Loading Autoupdater ***
stremio.exe
qml: Auto-updater: checking for new version
stremio.exe
qml: Auto-updater: up to date
stremio.exe
js: A cookie associated with a cross-site resource at http://bit.ly/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.stremio.com/