File name:

plugmimier.exe

Full analysis: https://app.any.run/tasks/35322fde-c42d-4ed7-83e7-cc176cfe8b12
Verdict: Malicious activity
Threats:

A keylogger is a type of spyware that infects a system and has the ability to record every keystroke made on the device. This lets attackers collect personal information of victims, which may include their online banking credentials, as well as personal conversations. The most widespread vector of attack leading to a keylogger infection begins with a phishing email or link. Keylogging is also often present in remote access trojans as part of an extended set of malicious tools.

Malware Trends Tracker     >>>
Analysis date: December 02, 2023, 11:20:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
keylogger
remcos
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

C47D7C6A2152F8920827706ED1792B44

SHA1:

0BD18BA2B49CAB8B9F86A301047E4909F3F080FE

SHA256:

EE6213DBB899250662C38091974BAC9E7DFE549A969AFAF5E79ECE10EBABA2B8

SSDEEP:

12288:sSwC6DC6lOTyVK5pEeHCyTYXHcXQKN0ygnfD+d670RR+JD1u0tEc24w3nBKGhL:xaiTyWtHTtf0ygf90y1ubSw3noGhL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • REMCOS has been detected (YARA)

      • plugmimier.exe (PID: 1420)

  • SUSPICIOUS

    • Application launched itself

      • plugmimier.exe (PID: 2144)

    • Connects to unusual port

      • plugmimier.exe (PID: 1420)

    • Writes files like Keylogger logs

      • plugmimier.exe (PID: 1420)

  • INFO

    • Reads the computer name

      • plugmimier.exe (PID: 2144)
      • plugmimier.exe (PID: 1420)
      • wmpnscfg.exe (PID: 292)

    • Checks supported languages

      • plugmimier.exe (PID: 2144)
      • plugmimier.exe (PID: 1420)
      • wmpnscfg.exe (PID: 292)

    • Manual execution by a user

      • firefox.exe (PID: 2964)
      • WINWORD.EXE (PID: 3816)
      • wmpnscfg.exe (PID: 292)

    • Reads the machine GUID from the registry

      • plugmimier.exe (PID: 2144)

    • Application launched itself

      • firefox.exe (PID: 2964)
      • firefox.exe (PID: 604)

    • Reads Environment values

      • plugmimier.exe (PID: 1420)

    • Reads product name

      • plugmimier.exe (PID: 1420)

    • Creates files in the program directory

      • plugmimier.exe (PID: 1420)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Remcos

(PID) Process(1420) plugmimier.exe
C2 (1)seanblacin.sytes.net:6110
BotnetHtfruning
Options
Connect_interval1
Install_flagFalse
Install_HKCU\RunTrue
Install_HKLM\RunTrue
Install_HKLM\Explorer\Run1
Install_HKLM\Winlogon\Shell100000
Setup_path%LOCALAPPDATA%
Copy_filehtfruning.exe
Startup_valueFalse
Hide_fileFalse
Mutex_nameRmc-BIDEV2
Keylog_flag1
Keylog_path%LOCALAPPDATA%
Keylog_filelogs.dat
Keylog_cryptFalse
Hide_keylogFalse
Screenshot_flagFalse
Screenshot_time5
Take_ScreenshotFalse
Screenshot_path%APPDATA%
Screenshot_fileScreenshots
Screenshot_cryptFalse
Mouse_optionFalse
Delete_fileFalse
Audio_record_time5
Audio_path%ProgramFiles%
Audio_dirMicRecords
Connect_delay0
Copy_dirHtfruning
Keylog_dirhtfruning
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (63.1)
.exe | Win64 Executable (generic) (23.8)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)
.exe | Generic Win/DOS Executable (1.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2046:06:02 13:16:39+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 48
CodeSize: 997376
InitializedDataSize: 2048
UninitializedDataSize: -
EntryPoint: 0xf572a
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: QL-NhaSachMini
FileVersion: 1.0.0.0
InternalName: SsKu.exe
LegalCopyright: Copyright © 2020
LegalTrademarks: -
OriginalFileName: SsKu.exe
ProductName: QL-NhaSachMini
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
14
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start plugmimier.exe no specs winword.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs #REMCOS plugmimier.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs wmpnscfg.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
292"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
604"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1420"C:\Users\admin\AppData\Local\Temp\plugmimier.exe"C:\Users\admin\AppData\Local\Temp\plugmimier.exe
plugmimier.exe
User:
admin
Integrity Level:
MEDIUM
Description:
QL-NhaSachMini
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\plugmimier.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Remcos
(PID) Process(1420) plugmimier.exe
C2 (1)seanblacin.sytes.net:6110
BotnetHtfruning
Options
Connect_interval1
Install_flagFalse
Install_HKCU\RunTrue
Install_HKLM\RunTrue
Install_HKLM\Explorer\Run1
Install_HKLM\Winlogon\Shell100000
Setup_path%LOCALAPPDATA%
Copy_filehtfruning.exe
Startup_valueFalse
Hide_fileFalse
Mutex_nameRmc-BIDEV2
Keylog_flag1
Keylog_path%LOCALAPPDATA%
Keylog_filelogs.dat
Keylog_cryptFalse
Hide_keylogFalse
Screenshot_flagFalse
Screenshot_time5
Take_ScreenshotFalse
Screenshot_path%APPDATA%
Screenshot_fileScreenshots
Screenshot_cryptFalse
Mouse_optionFalse
Delete_fileFalse
Audio_record_time5
Audio_path%ProgramFiles%
Audio_dirMicRecords
Connect_delay0
Copy_dirHtfruning
Keylog_dirhtfruning
1992"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="604.4.1482125591\215599117" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 892 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f93939a-aaf7-488c-80e3-ff4775d14ec1} 604 "\\.\pipe\gecko-crash-server-pipe.604" 3744 176f7840 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2144"C:\Users\admin\AppData\Local\Temp\plugmimier.exe" C:\Users\admin\AppData\Local\Temp\plugmimier.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
QL-NhaSachMini
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\plugmimier.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2316"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="604.1.417989672\802355290" -parentBuildID 20230710165010 -prefsHandle 1396 -prefMapHandle 1392 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c183037b-4ba7-410e-82c0-50b17f0960bb} 604 "\\.\pipe\gecko-crash-server-pipe.604" 1408 d317cf0 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2860"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="604.0.179365084\223036097" -parentBuildID 20230710165010 -prefsHandle 1100 -prefMapHandle 1092 -prefsLen 28523 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebc1f6d7-d5d9-4c27-9e3c-c1e8ac833cf1} 604 "\\.\pipe\gecko-crash-server-pipe.604" 1172 d3a9000 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2964"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
3316"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="604.2.134381919\925967982" -childID 1 -isForBrowser -prefsHandle 2040 -prefMapHandle 2036 -prefsLen 28777 -prefMapSize 244195 -jsInitHandle 892 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {beb18809-ba76-40d2-ba25-b91ecbc95341} 604 "\\.\pipe\gecko-crash-server-pipe.604" 2056 127c3560 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
3740"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="604.6.374665841\153513377" -childID 5 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 892 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c9b261e-f019-40dd-9585-618af3c937de} 604 "\\.\pipe\gecko-crash-server-pipe.604" 4044 176f79b0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
Total events
12 368
Read events
12 148
Write events
69
Delete events
151

Modification events

(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1033
Value:
On
(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1041
Value:
On
(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1046
Value:
On
(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1036
Value:
On
(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1031
Value:
On
(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1040
Value:
On
(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1049
Value:
On
(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:3082
Value:
On
(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1042
Value:
On
(PID) Process:(3816) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1055
Value:
On
Executable files
1
Suspicious files
161
Text files
27
Unknown types
0

Dropped files

PID
Process
Filename
Type
3816WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVRA0C8.tmp.cvr
MD5:
SHA256:
3816WINWORD.EXEC:\Users\admin\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xmlxml
MD5:6B7A472A22FBDBFF4B2B08DDB4F43735
SHA256:65F3CDBC4390C81B94FA960B7362917443FC1E6A51E3F81E4CB4C4DFA09DA4BE
3816WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dattext
MD5:2AB7E66A2D902162885E5BEA14F8EA9C
SHA256:A2E492507B576503114C6292DCA5720496CF9467B5DD52F638EDAECB2F0C8A97
3816WINWORD.EXEC:\Users\admin\Desktop\~$tteroverview.rtfbinary
MD5:A6326F1C1A5581D689255D07F0AF88AA
SHA256:F95F75A0FF25E7E9C30D8D6D74C96CC3B7C6C6F84EACD6D6D14B0806EECDDFF4
3816WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~$RD0000.docxbinary
MD5:B04C9D4DF2D675909D6F497EE416D9E7
SHA256:5F8AC337A797D2AC806F9C22E4739111B728FEA85CD82232ED1EEA22EBA7C466
3816WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0000.docxdocument
MD5:435BEEACE0E2A1DAE18689587DECFFF6
SHA256:C80ABCFB39464892C9BB8159443E4D71BA01515C938AB56F38D24AADDCA83124
3816WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D2ED53AD-C946-4593-BF2A-E46118752725}.tmpbinary
MD5:64388ADA4FFE54E4C2A1A395FB6E006A
SHA256:0DF1FE05AF199325C3F9807E8D2F905C8DFC73F445E5613A965375C60A391D66
604firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.binbinary
MD5:B7A3C61D0C144CC5E166B1E769CA8F8C
SHA256:7FADCB77FFACA6B9E9F15C6F1CD3AAD4C20DCD90FA92429A627A3A7110CA2644
3816WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\matteroverview.rtf.LNKbinary
MD5:4BFF860B16AB11AFD5E817DD04A9B14F
SHA256:B2FE3DE4208DD05341916DBF67B6E3453746A254CD43D9732AE9BB1CD3DD1054
3816WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0002.docxdocument
MD5:B85D076C43DED12FD348676B268CA741
SHA256:B253CF0F7FF1E937B05144D8950AEFC184E7B11CFC0DEB77D564D9C5632AEADB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
92
DNS requests
119
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
604
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
text
90 b
unknown
604
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
text
8 b
unknown
604
firefox.exe
POST
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
unknown
604
firefox.exe
POST
200
184.24.77.62:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
604
firefox.exe
POST
200
184.24.77.62:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
604
firefox.exe
POST
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3
unknown
binary
472 b
unknown
604
firefox.exe
POST
200
18.245.65.219:80
http://ocsp.r2m02.amazontrust.com/
unknown
binary
471 b
unknown
604
firefox.exe
POST
200
184.24.77.62:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
604
firefox.exe
POST
200
184.24.77.62:80
http://r3.o.lencr.org/
unknown
binary
503 b
unknown
604
firefox.exe
POST
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
604
firefox.exe
142.250.184.234:443
safebrowsing.googleapis.com
whitelisted
604
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
604
firefox.exe
34.120.115.102:443
contile-images.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
604
firefox.exe
34.117.237.239:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
unknown
604
firefox.exe
142.250.186.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
604
firefox.exe
34.233.191.125:443
spocs.getpocket.com
AMAZON-AES
US
unknown

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 93.184.216.34
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
contile.services.mozilla.com
  • 34.117.237.239
whitelisted
spocs.getpocket.com
  • 34.233.191.125
  • 54.81.250.249
  • 52.70.65.106
  • 34.204.4.120
shared
proxyserverecs-1736642167.us-east-1.elb.amazonaws.com
  • 52.70.65.106
  • 34.204.4.120
  • 54.81.250.249
  • 34.233.191.125
shared
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted
prod.remote-settings.prod.webservices.mozgcp.net
  • 34.149.100.209
whitelisted
r3.o.lencr.org
  • 184.24.77.62
  • 184.24.77.54
  • 184.24.77.46
shared

Threats

PID
Process
Class
Message
1080
svchost.exe
Potentially Bad Traffic
ET INFO DYNAMIC_DNS Query to a *.sytes.net Domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
plugmimier.exe