URL:

https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmandrillapp.com%2Ftrack%2Fclick%2F30476375%2Fwww.nasgp.org.uk%3Fp%3DeyJzIjoicTJ2S1FVNzFqNmVhRkJYdnBEMG1hZk9HZk1nIiwidiI6MSwicCI6IntcInVcIjozMDQ3NjM3NSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3d3dy5uYXNncC5vcmcudWtcXFwvZXNwaXBcXFwvbWFuYWdlX2ludm9pY2VzLnBocFwiLFwiaWRcIjpcIjBmYTA5Y2Y5NjdlODQ2N2RhMzg4YmFlYzlmMzBiOGQ4XCIsXCJ1cmxfaWRzXCI6W1wiYzk0NTZjODJlNGE4OThjM2RjMzg1MTY3OWIzOTYyYmFhNjA0MDdiM1wiXX0ifQ&data=05%7C01%7Cp.manager3%40nhs.net%7Cf145e54fab564d990da608db3fd85ede%7C37c354b285b047f5b22207b48d774ee3%7C0%7C1%7C638173970768515601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=HAAdfZ1lOFYt2ieo%2FdE0OFrzrvfLQmyFQyr9g4GGWo4%3D&reserved=0

Full analysis: https://app.any.run/tasks/d6e048c7-4522-4981-8e59-6f6b15c406c3
Verdict: Malicious activity
Analysis date: April 27, 2023, 11:11:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MD5:

B2ABE181CFC03AA3BA07E66161E1A228

SHA1:

18C0E0A84CD838EF69350E85C7D010C26BE633CE

SHA256:

29F1BAA4C6B920200668C0FED83B9201078514733B94C837D5DCBBB1DA1DFDEA

SSDEEP:

12:23qxDRWTjE+E91cPYMhYnw9y5Y63UwHZT56ek887rxKP7RPCkpPdf/:23qZoTjE1cPl591VwLt8fwP75pPdf/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 3788)

    • The process checks LSA protection

      • slui.exe (PID: 508)

    • Application launched itself

      • firefox.exe (PID: 5000)
      • firefox.exe (PID: 3788)

    • Create files in a temporary directory

      • firefox.exe (PID: 3788)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
23
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
5000"C:\Program Files\Mozilla Firefox\firefox.exe" "https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmandrillapp.com%2Ftrack%2Fclick%2F30476375%2Fwww.nasgp.org.uk%3Fp%3DeyJzIjoicTJ2S1FVNzFqNmVhRkJYdnBEMG1hZk9HZk1nIiwidiI6MSwicCI6IntcInVcIjozMDQ3NjM3NSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3d3dy5uYXNncC5vcmcudWtcXFwvZXNwaXBcXFwvbWFuYWdlX2ludm9pY2VzLnBocFwiLFwiaWRcIjpcIjBmYTA5Y2Y5NjdlODQ2N2RhMzg4YmFlYzlmMzBiOGQ4XCIsXCJ1cmxfaWRzXCI6W1wiYzk0NTZjODJlNGE4OThjM2RjMzg1MTY3OWIzOTYyYmFhNjA0MDdiM1wiXX0ifQ&data=05%7C01%7Cp.manager3%40nhs.net%7Cf145e54fab564d990da608db3fd85ede%7C37c354b285b047f5b22207b48d774ee3%7C0%7C1%7C638173970768515601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=HAAdfZ1lOFYt2ieo%2FdE0OFrzrvfLQmyFQyr9g4GGWo4%3D&reserved=0"C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
111.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
3788"C:\Program Files\Mozilla Firefox\firefox.exe" https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmandrillapp.com%2Ftrack%2Fclick%2F30476375%2Fwww.nasgp.org.uk%3Fp%3DeyJzIjoicTJ2S1FVNzFqNmVhRkJYdnBEMG1hZk9HZk1nIiwidiI6MSwicCI6IntcInVcIjozMDQ3NjM3NSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3d3dy5uYXNncC5vcmcudWtcXFwvZXNwaXBcXFwvbWFuYWdlX2ludm9pY2VzLnBocFwiLFwiaWRcIjpcIjBmYTA5Y2Y5NjdlODQ2N2RhMzg4YmFlYzlmMzBiOGQ4XCIsXCJ1cmxfaWRzXCI6W1wiYzk0NTZjODJlNGE4OThjM2RjMzg1MTY3OWIzOTYyYmFhNjA0MDdiM1wiXX0ifQ&data=05%7C01%7Cp.manager3%40nhs.net%7Cf145e54fab564d990da608db3fd85ede%7C37c354b285b047f5b22207b48d774ee3%7C0%7C1%7C638173970768515601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=HAAdfZ1lOFYt2ieo%2FdE0OFrzrvfLQmyFQyr9g4GGWo4%3D&reserved=0C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
111.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
7012"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3788.0.1144317701\1138454327" -parentBuildID 20230321111920 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 23639 -prefMapSize 237145 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d25496d-d0ef-4bdf-a3bd-787662ee9b60} 3788 "\\.\pipe\gecko-crash-server-pipe.3788" 1836 2157e899958 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
111.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
6368"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3788.1.1112149889\62628815" -parentBuildID 20230321111920 -prefsHandle 2196 -prefMapHandle 2192 -prefsLen 23639 -prefMapSize 237145 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {765dba68-7176-4e42-a94b-e92de66aa2ca} 3788 "\\.\pipe\gecko-crash-server-pipe.3788" 2208 2157eed4e58 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
111.0.1
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2812"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3788.2.1222680548\394181234" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 22811 -prefMapSize 237145 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbda1850-ce33-4871-8fa0-8ddb59662629} 3788 "\\.\pipe\gecko-crash-server-pipe.3788" 3140 21572f96758 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
111.0.1
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
4324"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3788.3.1412587891\623530145" -childID 2 -isForBrowser -prefsHandle 3248 -prefMapHandle 3416 -prefsLen 25333 -prefMapSize 237145 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dfd455b-ff2a-4936-9314-d462b796d180} 3788 "\\.\pipe\gecko-crash-server-pipe.3788" 3492 21572f91258 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
111.0.1
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
6584"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3788.4.2121352047\456915830" -childID 3 -isForBrowser -prefsHandle 3644 -prefMapHandle 3648 -prefsLen 22986 -prefMapSize 237145 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49be1c10-2e96-4653-a012-e159e81019ff} 3788 "\\.\pipe\gecko-crash-server-pipe.3788" 3632 21584e72b58 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
111.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
4812"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3788.5.308518039\876968022" -parentBuildID 20230321111920 -prefsHandle 3944 -prefMapHandle 3932 -prefsLen 25552 -prefMapSize 237145 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33ad875c-e3f8-44a5-9925-535426704181} 3788 "\\.\pipe\gecko-crash-server-pipe.3788" 3952 21584eedf58 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
111.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
5036"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3788.6.1129307137\2018404987" -childID 4 -isForBrowser -prefsHandle 5000 -prefMapHandle 4936 -prefsLen 30810 -prefMapSize 237145 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {341f19db-9cfb-493b-bc51-b3b541c78e17} 3788 "\\.\pipe\gecko-crash-server-pipe.3788" 5048 21588dcc158 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
111.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
4072"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3788.7.802266343\280993221" -parentBuildID 20230321111920 -sandboxingKind 0 -prefsHandle 5300 -prefMapHandle 5400 -prefsLen 31028 -prefMapSize 237145 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1961f3c-b6d7-4e50-b2a5-87559120ac42} 3788 "\\.\pipe\gecko-crash-server-pipe.3788" 5412 2158a615c58 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
111.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
36 930
Read events
36 916
Write events
10
Delete events
4

Modification events

(PID) Process:(5000) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
Operation:delete valueName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
3B0DF08701000000
(PID) Process:(5000) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
Operation:delete valueName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
1B70F08701000000
(PID) Process:(3788) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Progress
Value:
0
(PID) Process:(3788) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
1
(PID) Process:(3788) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3788) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
(PID) Process:(3788) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
Value:
0
Executable files
2
Suspicious files
457
Text files
118
Unknown types
15

Dropped files

PID
Process
Filename
Type
3788firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\webappsstore.sqlite-wal
MD5:
SHA256:
3788firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3788firefox.exeC:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\profile_count_308046B0AF4A39CB.jsonbinary
MD5:58728D2E9D553BB2369BDB4A618ACAE5
SHA256:7EBC652A4B5B43608F61AC1057C51EC2EC1C8E33BBEB130794E15AF72BEB42E8
3788firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20230321111920text
MD5:5C0F02406ABD1A7F9400EA8E0B731E72
SHA256:D9818E768B325DA54F231E7EE66376B01E6F81DCB43809BFB50AC463455D210A
3788firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3788firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\compatibility.initext
MD5:DEBA18A64D02347AC44475F260DA8294
SHA256:31CC635079DBD141E22E7A5ABF23B339B8FE923258FDBEFACE9511CFA809142C
3788firefox.exeC:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.jsonbinary
MD5:73FB7EE28411CA10ABCF6CBA977D101E
SHA256:849D46105AEB4CAFCF5E3B9ED655D08AFDCC82E60AF3460FE316792292AAE1AA
3788firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:374790A733B5C083A3CABB939B8DD823
SHA256:A1CE417F44E8833D9583634C095B2D65869B4D6B34EB85DBDAAC83779456031B
3788firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:374790A733B5C083A3CABB939B8DD823
SHA256:A1CE417F44E8833D9583634C095B2D65869B4D6B34EB85DBDAAC83779456031B
3788firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\permissions.sqlite-journalbinary
MD5:B9FAD2099472D85952BAE986988F7F69
SHA256:BFB184E92A02345C74D37996BE275B29652B4549D360D98F4F64FDA4E2F62BB2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
37
TCP/UDP connections
147
DNS requests
222
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3788
firefox.exe
POST
200
2.16.241.8:80
http://r3.o.lencr.org/
unknown
der
503 b
shared
3788
firefox.exe
POST
200
2.16.241.8:80
http://r3.o.lencr.org/
unknown
der
503 b
shared
3788
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
US
text
90 b
whitelisted
3788
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
3788
firefox.exe
POST
200
2.16.241.8:80
http://r3.o.lencr.org/
unknown
der
503 b
shared
3788
firefox.exe
POST
200
2.16.241.8:80
http://r3.o.lencr.org/
unknown
der
503 b
shared
3788
firefox.exe
POST
200
2.16.241.8:80
http://r3.o.lencr.org/
unknown
der
503 b
shared
3788
firefox.exe
POST
200
172.217.18.3:80
http://ocsp.pki.goog/gts1c3
US
binary
472 b
whitelisted
3788
firefox.exe
POST
200
172.217.18.3:80
http://ocsp.pki.goog/gts1c3
US
der
471 b
whitelisted
3788
firefox.exe
POST
200
172.217.18.3:80
http://ocsp.pki.goog/gts1c3
US
binary
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3788
firefox.exe
35.241.9.150:443
firefox.settings.services.mozilla.com
GOOGLE
US
suspicious
3788
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3788
firefox.exe
34.98.75.36:443
classify-client.services.mozilla.com
GOOGLE
US
suspicious
5952
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
suspicious
3788
firefox.exe
35.201.103.21:443
normandy.cdn.mozilla.net
GOOGLE
US
unknown
5756
svchost.exe
40.126.32.76:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3788
firefox.exe
142.250.186.42:443
safebrowsing.googleapis.com
GOOGLE
US
whitelisted
3788
firefox.exe
2.16.241.8:80
r3.o.lencr.org
Akamai International B.V.
DE
suspicious
3788
firefox.exe
52.44.135.59:443
spocs.getpocket.com
AMAZON-AES
US
unknown
3788
firefox.exe
192.229.221.95:80
status.thawte.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
gbr01.safelinks.protection.outlook.com
  • 104.47.20.28
  • 104.47.21.28
  • 2a01:111:f400:7e15::1a
  • 2a01:111:f400:7e14::1a
whitelisted
contile.services.mozilla.com
  • 34.117.237.239
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
example.org
  • 93.184.216.34
whitelisted
spocs.getpocket.com
  • 52.44.135.59
  • 54.166.225.128
  • 3.210.193.78
  • 54.152.110.245
  • 54.165.39.203
  • 3.218.246.95
  • 3.226.113.135
  • 50.16.121.128
shared
proxyserverecs-1736642167.us-east-1.elb.amazonaws.com
  • 50.16.121.128
  • 3.226.113.135
  • 3.218.246.95
  • 54.165.39.203
  • 54.152.110.245
  • 3.210.193.78
  • 54.166.225.128
  • 52.44.135.59
shared
firefox.settings.services.mozilla.com
  • 35.241.9.150
whitelisted
normandy.cdn.mozilla.net
  • 35.201.103.21
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://gbr01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmandrillapp.com%2Ftrack%2Fclick%2F30476375%2Fwww.nasgp.org.uk%3Fp%3DeyJzIjoicTJ2S1FVNzFqNmVhRkJYdnBEMG1hZk9HZk1nIiwidiI6MSwicCI6IntcInVcIjozMDQ3NjM3NSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3d3dy5uYXNncC5vcmcudWtcXFwvZXNwaXBcXFwvbWFuYWdlX2ludm9pY2VzLnBocFwiLFwiaWRcIjpcIjBmYTA5Y2Y5NjdlODQ2N2RhMzg4YmFlYzlmMzBiOGQ4XCIsXCJ1cmxfaWRzXCI6W1wiYzk0NTZjODJlNGE4OThjM2RjMzg1MTY3OWIzOTYyYmFhNjA0MDdiM1wiXX0ifQ&data=05%7C01%7Cp.manager3%40nhs.net%7Cf145e54fab564d990da608db3fd85ede%7C37c354b285b047f5b22207b48d774ee3%7C0%7C1%7C638173970768515601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=HAAdfZ1lOFYt2ieo%2FdE0OFrzrvfLQmyFQyr9g4GGWo4%3D&reserved=0