URL:

ptoszek.pl

Full analysis: https://app.any.run/tasks/e7c0f8fd-77a1-447c-b18f-5fdb05770136
Verdict: Malicious activity
Analysis date: March 16, 2024, 14:04:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C17E271BF4DABFC72D6827E06008087B

SHA1:

105D48790A361E379C4806A1C1653638B40EB59C

SHA256:

C97AFE6C9999B51C0E7D3A567A3F57321A60F8DCF9A633EE6D29C4C0632BB8DB

SSDEEP:

3:2kj:x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Manual execution by a user

      • firefox.exe (PID: 880)

    • Application launched itself

      • iexplore.exe (PID: 2124)
      • firefox.exe (PID: 1556)
      • firefox.exe (PID: 880)

    • The process uses the downloaded file

      • firefox.exe (PID: 1556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
61
Monitored processes
21
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
848"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.11.253001618\374919386" -parentBuildID 20230710165010 -sandboxingKind 1 -prefsHandle 3908 -prefMapHandle 3500 -prefsLen 36453 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00445dbc-3e5a-4ed4-957d-1c970cf7ad17} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 4160 d013d50 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
880"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
984"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.2.971495064\1157346340" -childID 1 -isForBrowser -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 28712 -prefMapSize 244195 -jsInitHandle 920 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d66e11f-0a9d-435d-86da-d907bec8caff} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 2072 1b0436d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1556"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1736"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.3.1980773122\1478352886" -childID 2 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 34225 -prefMapSize 244195 -jsInitHandle 920 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5ed0336-d50e-425e-9556-95d49d72b3d0} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 2848 1f1f9280 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1768"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.16.1555804335\303599537" -childID 13 -isForBrowser -prefsHandle 3556 -prefMapHandle 4256 -prefsLen 31194 -prefMapSize 244195 -jsInitHandle 920 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac210279-c3a3-4464-853d-c749f15cc104} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 7496 1ae98280 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1852"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.15.1231933935\1226916235" -childID 12 -isForBrowser -prefsHandle 7728 -prefMapHandle 9028 -prefsLen 31122 -prefMapSize 244195 -jsInitHandle 920 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aee53c7b-8048-48fa-b8f0-e36b83a59774} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 7796 25d4a110 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1932"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.4.2125726985\1346626799" -childID 3 -isForBrowser -prefsHandle 3512 -prefMapHandle 3528 -prefsLen 29156 -prefMapSize 244195 -jsInitHandle 920 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fed75d1e-1a3b-46f2-9e2d-3f2a4353d515} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 3508 220af840 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2092"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.8.2021593568\1923083479" -childID 7 -isForBrowser -prefsHandle 4708 -prefMapHandle 4728 -prefsLen 31001 -prefMapSize 244195 -jsInitHandle 920 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2938bef1-7820-40f0-a154-cad99c07e65e} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 4696 1bc97110 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2124"C:\Program Files\Internet Explorer\iexplore.exe" "ptoszek.pl"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
52 707
Read events
47 087
Write events
5 495
Delete events
125

Modification events

(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31094698
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31094698
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
0
Suspicious files
104
Text files
180
Unknown types
67

Dropped files

PID
Process
Filename
Type
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:7D37268F7B10ADEE91DC8CE38A0F5F7D
SHA256:FB6B6356D29A6851B1C3312F0D67C5F6B4A756B2A15BB9160603093649A7EFF1
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
2860iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UBRG4AJ.txttext
MD5:D40A73502DABDBD6587AD8A1FD5EC2E7
SHA256:E3EBDF276DE9AA437EEBA51C1BC7D4FFB76D248FC71DD21BED7DBE381973E2E3
2124iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:AD55BD80EE59AB8391FA9E5E43F56B30
SHA256:1D0CEFA75DFDA6ED48F90F66719D2BDAFAFD5CC6BF81185F5069364D50AFD40E
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177binary
MD5:49C8369BECF9DE5495C4E60F36AFA36A
SHA256:A03E7AEDEF9C3805B73A6ADDBFA5E6F40C02A145CBBF14F3DEFD764CFE2C6873
2860iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3SU6RS8Q.txttext
MD5:88E127F369B6A7B05D8AEEECE1750B43
SHA256:1F8E8673085BAF28F0EBF74DD04FE1A9A81329D24BC18D9061EC8A444D20C707
2860iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LPR9C9NW.txttext
MD5:AF54F843B6AB26015F0AE6A1D3330AB4
SHA256:BCE441589432BE4570968613AD86E21F80637FE3F5AC707DEF715542444D0DF0
2860iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\LRATZLB3.txttext
MD5:A53D8053CAD35F456F718A799BA5C00A
SHA256:07F072D93688077F7888AB1AF1DBA7B27403FF2A58DC48A8401F6C50773C26CC
2860iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\RFTSHPQY.txttext
MD5:A880EC4991C984FEC7C0DFD12351B4B7
SHA256:4FFE7E44E69ADBDAA17A2C11E37D0BA329BC62DE9BD8481275AAD1D1F691574C
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177binary
MD5:572215F319F48E5A43D5FCD5B79AAE29
SHA256:1F6884918055480A564E2219960509BB123574FC64CA8BDE9CC7290EFE3B4EAD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
45
TCP/UDP connections
172
DNS requests
291
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2860
iexplore.exe
GET
301
172.67.138.144:80
http://ptoszek.pl/
unknown
unknown
2860
iexplore.exe
GET
304
2.16.100.160:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4a9ffd2bb8e04402
unknown
unknown
2860
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2860
iexplore.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
binary
724 b
unknown
GET
304
2.16.100.160:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?aeb32cb922858c96
unknown
unknown
GET
304
2.16.100.160:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?dca56d26e7d9ce15
unknown
unknown
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
312 b
unknown
2860
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
unknown
binary
471 b
unknown
2860
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
1556
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
text
90 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2860
iexplore.exe
172.67.138.144:80
ptoszek.pl
CLOUDFLARENET
US
unknown
2860
iexplore.exe
172.67.138.144:443
ptoszek.pl
CLOUDFLARENET
US
unknown
2860
iexplore.exe
2.16.100.160:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
whitelisted
2860
iexplore.exe
142.250.185.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2124
iexplore.exe
104.126.37.171:443
www.bing.com
Akamai International B.V.
DE
unknown
2124
iexplore.exe
2.16.100.160:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
whitelisted
2124
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
ptoszek.pl
  • 172.67.138.144
  • 104.21.40.200
  • 2606:4700:3035::ac43:8a90
  • 2606:4700:3032::6815:28c8
unknown
ctldl.windowsupdate.com
  • 2.16.100.160
  • 88.221.110.113
  • 88.221.110.120
  • 88.221.110.106
  • 88.221.110.107
  • 2.16.100.152
  • 88.221.110.114
  • 2.16.100.161
  • 88.221.110.104
  • 88.221.110.65
  • 2.16.100.138
  • 88.221.110.72
  • 88.221.110.96
  • 88.221.110.66
  • 88.221.110.91
  • 2.16.100.155
  • 88.221.110.121
whitelisted
ocsp.pki.goog
  • 142.250.185.131
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 104.126.37.137
  • 104.126.37.153
  • 104.126.37.185
  • 104.126.37.171
  • 104.126.37.161
  • 104.126.37.154
  • 104.126.37.170
  • 104.126.37.139
  • 104.126.37.177
  • 104.126.37.162
  • 104.126.37.179
  • 104.126.37.130
  • 104.126.37.136
  • 104.126.37.160
  • 104.126.37.163
  • 2.23.209.149
  • 2.23.209.133
  • 2.23.209.177
  • 2.23.209.140
  • 2.23.209.148
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.176
  • 2.23.209.189
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
r.bing.com
  • 104.126.37.161
  • 104.126.37.153
  • 104.126.37.171
  • 104.126.37.130
  • 104.126.37.179
  • 104.126.37.163
  • 104.126.37.136
  • 104.126.37.160
  • 104.126.37.162
whitelisted
th.bing.com
  • 104.126.37.136
  • 104.126.37.130
  • 104.126.37.162
  • 104.126.37.171
  • 104.126.37.160
  • 104.126.37.153
  • 104.126.37.161
  • 104.126.37.163
  • 104.126.37.179
whitelisted
www.youtube.com
  • 142.250.185.238
  • 142.250.186.78
  • 172.217.18.14
  • 142.250.186.110
  • 142.250.186.174
  • 172.217.23.110
  • 142.250.185.78
  • 142.250.185.174
  • 216.58.206.46
  • 142.250.74.206
  • 142.250.184.238
  • 142.250.186.142
  • 142.250.185.142
  • 142.250.185.206
  • 172.217.16.206
  • 216.58.206.78
whitelisted
login.microsoftonline.com
  • 40.126.32.140
  • 40.126.32.133
  • 40.126.32.134
  • 40.126.32.74
  • 20.190.160.14
  • 40.126.32.68
  • 20.190.160.22
  • 40.126.32.138
whitelisted

Threats

PID
Process
Class
Message
1556
firefox.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
1556
firefox.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
1080
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
1080
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
1080
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
1556
firefox.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
1556
firefox.exe
Potential Corporate Privacy Violation
ET POLICY Dropbox.com Offsite File Backup in Use
1080
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
1080
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ptoszek.pl