File name:

Bontago.exe

Full analysis: https://app.any.run/tasks/9be2e054-3a89-4af8-a5e7-fa607a12e302
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 15, 2024, 17:47:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
loader
evasion
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

29FEEAD43B0F6C2045FB3027D7CF0401

SHA1:

7AA5530ED1CFC988408E342640FF8C42FBD6E036

SHA256:

9320CF4FA4FA5627A5A8B76FE83924629D0C73ED0F6587ED35156C58EB2E09BC

SSDEEP:

49152:18xXNDmf1KWXVKwXvBDOtP3py5azrLINnnEcQiWQ3LZ6ALzZnVdBVcGZCkkkkkkh:SNsVKwpMP3py5azQtnrWa8i89Ctv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Bontago.exe (PID: 3700)
      • Bontago.exe (PID: 3972)
      • Bontago.exe (PID: 1624)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Bontago.exe (PID: 3972)
      • Bontago.exe (PID: 1624)

    • Potential Corporate Privacy Violation

      • firefox.exe (PID: 3204)

    • Creates a software uninstall entry

      • Bontago.exe (PID: 3972)

    • Reads the Internet Settings

      • Bontago.exe (PID: 448)
      • Bontago.exe (PID: 2528)
      • Bontago.exe (PID: 2468)

    • Reads security settings of Internet Explorer

      • Bontago.exe (PID: 448)
      • Bontago.exe (PID: 2528)
      • Bontago.exe (PID: 2468)

    • Checks for external IP

      • Bontago.exe (PID: 448)
      • Bontago.exe (PID: 2528)
      • Bontago.exe (PID: 2468)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 3200)
      • firefox.exe (PID: 3204)

    • Manual execution by a user

      • firefox.exe (PID: 3200)
      • Bontago.exe (PID: 3972)
      • Bontago.exe (PID: 4040)
      • Bontago.exe (PID: 3516)
      • Bontago.exe (PID: 1624)
      • Bontago.exe (PID: 2528)
      • Bontago.exe (PID: 2468)
      • notepad.exe (PID: 1568)

    • Checks supported languages

      • Bontago.exe (PID: 3972)
      • Bontago.exe (PID: 448)
      • Bontago.exe (PID: 1624)
      • Bontago.exe (PID: 2528)
      • Bontago.exe (PID: 2468)

    • Creates files in the program directory

      • Bontago.exe (PID: 3972)
      • Bontago.exe (PID: 448)

    • Reads the computer name

      • Bontago.exe (PID: 3972)
      • Bontago.exe (PID: 448)
      • Bontago.exe (PID: 1624)
      • Bontago.exe (PID: 2528)
      • Bontago.exe (PID: 2468)

    • Create files in a temporary directory

      • Bontago.exe (PID: 3972)
      • Bontago.exe (PID: 1624)

    • Drops the executable file immediately after the start

      • firefox.exe (PID: 3204)

    • The process uses the downloaded file

      • firefox.exe (PID: 3204)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 3204)

    • Reads the machine GUID from the registry

      • Bontago.exe (PID: 448)
      • Bontago.exe (PID: 2528)
      • Bontago.exe (PID: 2468)

    • Checks proxy server information

      • Bontago.exe (PID: 448)
      • Bontago.exe (PID: 2528)
      • Bontago.exe (PID: 2468)

    • Creates files or folders in the user directory

      • Bontago.exe (PID: 448)
      • Bontago.exe (PID: 2528)
      • Bontago.exe (PID: 2468)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2004:03:08 20:06:15+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 7.1
CodeSize: 1622016
InitializedDataSize: 1572864
UninitializedDataSize: -
EntryPoint: 0x7fc29
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
76
Monitored processes
22
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start bontago.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs bontago.exe no specs bontago.exe bontago.exe bontago.exe no specs bontago.exe bontago.exe Elevatable Shortcut no specs bontago.exe notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Program Files\Bontago\Bontago.exe"C:\Program Files\Bontago\Bontago.exe
Bontago.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\bontago\bontago.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
828"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.8.1835027882\2096101481" -childID 7 -isForBrowser -prefsHandle 3764 -prefMapHandle 3668 -prefsLen 31278 -prefMapSize 244195 -jsInitHandle 888 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea8e67ff-b11d-4f37-9295-78edbde1c4bb} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 3780 1b7386d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1180"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.3.1668612021\1497461130" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 34225 -prefMapSize 244195 -jsInitHandle 888 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a345170-1fbf-4357-b868-312a7553fb3d} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 2912 162d5280 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1568"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Bontago\User.iniC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1624"C:\Users\admin\Downloads\Bontago.exe" C:\Users\admin\Downloads\Bontago.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\downloads\bontago.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1832"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.6.1222960006\1135831545" -childID 5 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 29163 -prefMapSize 244195 -jsInitHandle 888 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8ae7f4a-e26b-4809-a2de-dfd32dd6fee1} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 3996 1781b280 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1980"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.1.1438969671\120431523" -parentBuildID 20230710165010 -prefsHandle 1412 -prefMapHandle 1408 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53963513-6f25-4f74-b832-3b36a9da66bd} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 1424 ef6eb60 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2068"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.4.677799707\1273101293" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3644 -prefsLen 29163 -prefMapSize 244195 -jsInitHandle 888 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39e4637c-e38c-4570-915f-22418be42d65} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 3720 153d7c90 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2396"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3204.7.1133266957\223270597" -childID 6 -isForBrowser -prefsHandle 4420 -prefMapHandle 4416 -prefsLen 29947 -prefMapSize 244195 -jsInitHandle 888 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96f1cc52-8fe6-4436-b57d-12bc069e23b3} 3204 "\\.\pipe\gecko-crash-server-pipe.3204" 4432 1b7383f0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2468"C:\Program Files\Bontago\Bontago.exe" /debugC:\Program Files\Bontago\Bontago.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\program files\bontago\bontago.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
21 039
Read events
20 822
Write events
183
Delete events
34

Modification events

(PID) Process:(3200) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
6AFAE74900000000
(PID) Process:(3204) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
D7FBE94900000000
(PID) Process:(3204) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Installer\308046B0AF4A39CB
Operation:delete valueName:installer.taskbarpin.win10.enabled
Value:
(PID) Process:(3204) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(3204) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3204) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Theme
Value:
1
(PID) Process:(3204) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Enabled
Value:
1
(PID) Process:(3204) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
(PID) Process:(3204) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
Value:
0
(PID) Process:(3204) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|SetDefaultBrowserUserChoice
Value:
1
Executable files
12
Suspicious files
175
Text files
95
Unknown types
3

Dropped files

PID
Process
Filename
Type
3204firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
3204firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.binbinary
MD5:04BADC0A17F546BBD91CC2404D2776D9
SHA256:54CD83D3031D15EA1F5B1C5D73416C0B2F9151F93E130DD525DDA488A8EB9110
3204firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3204firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.jstext
MD5:A4C0253717519EB0B07D5D8DD14F5D02
SHA256:115B88AA451EA9D5CD010C60DB4B97759E55ECE806CF6C4EBA737C6290C0D044
3204firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\glean\db\data.safe.binbinary
MD5:7FBA44CB533472C1E260D1F28892D86B
SHA256:14FB5CDA1708000576F35C39C15F80A0C653AFAF42ED137A3D31678F94B6E8BF
3204firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3204firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.jstext
MD5:A4C0253717519EB0B07D5D8DD14F5D02
SHA256:115B88AA451EA9D5CD010C60DB4B97759E55ECE806CF6C4EBA737C6290C0D044
3204firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3204firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3204firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-walbinary
MD5:E14F07534B3DA84A8F35AAC26C7BF071
SHA256:EDA28FCEA4478CFC365DA48AC3B054E9AE30E17AA94A58142DDD6DA04D342629
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
108
DNS requests
223
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3204
firefox.exe
POST
200
195.138.255.24:80
http://r3.o.lencr.org/
unknown
unknown
3204
firefox.exe
POST
200
172.217.16.131:80
http://o.pki.goog/wr2
unknown
unknown
3204
firefox.exe
POST
195.138.255.24:80
http://r10.o.lencr.org/
unknown
unknown
3204
firefox.exe
POST
200
195.138.255.18:80
http://r11.o.lencr.org/
unknown
unknown
3204
firefox.exe
POST
200
195.138.255.24:80
http://r10.o.lencr.org/
unknown
unknown
3204
firefox.exe
POST
172.217.16.131:80
http://o.pki.goog/wr2
unknown
unknown
3204
firefox.exe
POST
200
195.138.255.24:80
http://r10.o.lencr.org/
unknown
unknown
3204
firefox.exe
POST
200
195.138.255.18:80
http://r11.o.lencr.org/
unknown
unknown
3204
firefox.exe
POST
200
195.138.255.24:80
http://r10.o.lencr.org/
unknown
unknown
3204
firefox.exe
POST
200
172.217.16.131:80
http://o.pki.goog/wr2
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1372
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1372
svchost.exe
23.50.131.216:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
3204
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.216
  • 23.50.131.200
  • 23.50.131.196
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 93.184.215.14
whitelisted
ipv4only.arpa
  • 192.0.0.171
  • 192.0.0.170
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted

Threats

PID
Process
Class
Message
1060
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
3204
firefox.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3204
firefox.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1060
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
448
Bontago.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup - checkip.dyndns.org
448
Bontago.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup - checkip.dyndns.org
2528
Bontago.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup - checkip.dyndns.org
2528
Bontago.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup - checkip.dyndns.org
2468
Bontago.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup - checkip.dyndns.org
2468
Bontago.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup - checkip.dyndns.org
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Bontago.exe