URL:

HTTPS://BAGS.AMADEUS.COM?R=JLRPTD&N=DOTSON

Full analysis: https://app.any.run/tasks/b3fa25be-60f7-4e8b-9e90-4f048d5a2a3b
Verdict: No threats detected
Analysis date: June 12, 2019, 08:14:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

BE4C6F9AD3B96A0D9081B651AE2F4F5F

SHA1:

C007EB44988E73A2AB250F6ED12A50B063B6491D

SHA256:

1E4AD5C0A084B0644E7AC84405E7C22DF2B579803815D9414F83CA1BBDD1F89F

SSDEEP:

3:nKnr2LytqoayZ1n8qfr:nKnr2LyFhgqD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the program directory

      • firefox.exe (PID: 3324)

  • INFO

    • Reads CPU info

      • firefox.exe (PID: 3324)

    • Creates files in the user directory

      • firefox.exe (PID: 3324)

    • Application launched itself

      • firefox.exe (PID: 3324)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
1680"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.6.1960698376\707033108" -childID 1 -isForBrowser -prefsHandle 1300 -prefMapHandle 1296 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 1720 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2172"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.13.1868498957\860061705" -childID 2 -isForBrowser -prefsHandle 2660 -prefMapHandle 2664 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 2676 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
2352"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.20.1917241552\1176443855" -childID 3 -isForBrowser -prefsHandle 2972 -prefMapHandle 3392 -prefsLen 5824 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 3408 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3324"C:\Program Files\Mozilla Firefox\firefox.exe" HTTPS://BAGS.AMADEUS.COM?R=JLRPTD&N=DOTSONC:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3756"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.0.127679456\1524193629" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 1152 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
Total events
611
Read events
609
Write events
2
Delete events
0

Modification events

(PID) Process:(3324) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3324) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
Executable files
0
Suspicious files
58
Text files
17
Unknown types
34

Dropped files

PID
Process
Filename
Type
3324firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
3324firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\trash3350
MD5:
SHA256:
3324firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
3324firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journal
MD5:
SHA256:
3324firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
MD5:
SHA256:
3324firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5479911C648669770E8D3CCD83642ED72A60BD55der
MD5:
SHA256:
3324firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.binbinary
MD5:
SHA256:
3324firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.jstext
MD5:
SHA256:
3324firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.dbsqlite
MD5:
SHA256:
3324firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstorebinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
17
DNS requests
37
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3324
firefox.exe
POST
200
172.217.21.227:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3324
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3324
firefox.exe
POST
200
172.217.21.227:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3324
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3324
firefox.exe
GET
200
88.221.144.128:80
http://detectportal.firefox.com/success.txt
IT
text
8 b
whitelisted
3324
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3324
firefox.exe
173.252.176.67:443
bags.amadeus.com
SunGard Availability Services LP
US
unknown
3324
firefox.exe
52.40.226.98:443
aus5.mozilla.org
Amazon.com, Inc.
US
unknown
3324
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3324
firefox.exe
52.35.96.157:443
tiles.services.mozilla.com
Amazon.com, Inc.
US
unknown
3324
firefox.exe
216.58.206.10:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
3324
firefox.exe
13.32.166.75:443
snippets.cdn.mozilla.net
Amazon.com, Inc.
US
unknown
3324
firefox.exe
172.217.21.227:80
ocsp.pki.goog
Google Inc.
US
whitelisted
3324
firefox.exe
172.217.18.104:443
ssl.google-analytics.com
Google Inc.
US
suspicious
3324
firefox.exe
54.187.176.55:443
shavar.services.mozilla.com
Amazon.com, Inc.
US
unknown
172.217.21.227:80
ocsp.pki.goog
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
bags.amadeus.com
  • 173.252.176.67
suspicious
detectportal.firefox.com
  • 88.221.144.128
  • 88.221.144.105
whitelisted
a1089.dscd.akamai.net
  • 88.221.144.105
  • 88.221.144.128
whitelisted
aus5.mozilla.org
  • 52.40.226.98
  • 35.161.58.143
  • 54.213.5.202
  • 52.34.120.127
  • 52.34.127.169
  • 52.43.79.30
  • 34.218.159.169
  • 35.165.116.96
whitelisted
balrog-aus5.r53-2.services.mozilla.com
  • 35.165.116.96
  • 34.218.159.169
  • 52.43.79.30
  • 52.34.127.169
  • 52.34.120.127
  • 54.213.5.202
  • 35.161.58.143
  • 52.40.226.98
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
search.services.mozilla.com
  • 54.190.222.97
  • 34.215.70.240
  • 52.11.30.237
whitelisted
search.r53-2.services.mozilla.com
  • 52.11.30.237
  • 34.215.70.240
  • 54.190.222.97
whitelisted
cs9.wac.phicdn.net
  • 93.184.220.29
whitelisted
tiles.services.mozilla.com
  • 52.35.96.157
  • 34.213.89.114
  • 52.27.87.181
  • 52.26.103.165
  • 52.26.166.58
  • 52.25.71.236
  • 52.34.132.219
  • 35.164.130.113
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HTTPS://BAGS.AMADEUS.COM?R=JLRPTD&N=DOTSON