URL:

http://url4659.orders.vanillagift.com/ls/click?upn=u001.4gSefN7qGt7uZc-2BljvSfDuK9c6f7zz-2BRDdNLkOmxp-2BfCpVRV4q5JSM05F18NmhW9aTh4D-2B-2FvKc3l62XSGdMxHFJbFXgzJEKT0hVTtDizqEyIjpaZNelQN-2FgZXIJ2PCNcXi3P0gj9VUFYr-2F5jRl4FtEdya2QT0Mr6bx4ECF7mIbIEfVy1W3Riuld0ZbWpiEZnTvgal-2FKw8wXfFueScc-2FwwZBZgO020KEupe00xWLgVO22-2F6fwLzClVS7hHq1-2BFFKSE2Q4OozXsZPFvO5HIMeA7o1PWDIhqonzCfXLSFyZ6uCTr7BtKxsaqzAYEdBjkKIu-2BodCaVUIyO0iyC3l-2F1pxtV6n6P8oSiFoCNW5MWoPJDJqWDRuHeaPoOSzJLm2PWC1FxLxzjevcoGw5k9lU17qIw-3D-3Dgp3D_Yp4ydSxZWNatis3HtI6bBpbU1Z1hmMBopz8tIlj64wHOfIwcJ0N0LrZQv8ixMLvk9GN1vZEz8jcNf1WzXocuyg8hpbR15eqmxLU-2Fju-2BXcH75Tmcr6zh5f4lOzN7qL8Qh1mirFD9czzwPoMHBgnbtxfQvl14H8XwBSx08G-2FG9UtR6Wr3WpMRUppx34f7GmKSfLz-2B-2FX5YgE2aQ56VobOPQAs409Zef9HUznMfyifk-2FtVTbRyBeAN6Db0Ne4VO9oeJOIUejErTVgMVAsNXCrll-2Bl-2B1ZWtQRxUsQVjydREgRsuw-3D

Full analysis: https://app.any.run/tasks/888a012f-9d18-4085-a70c-c93dbba8241b
Verdict: Malicious activity
Analysis date: June 27, 2024, 17:42:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

E67D88A34DB133E474EAA1286C7CE987

SHA1:

B0CA4075707296521E625CE91F8984E636686466

SHA256:

EDA30FE41E4242DD8878B5936B93BC7DBBBE6D816B53DC7D813BC00920FD805B

SSDEEP:

24:Y3tsGXoKJxAXfeJTxuUSzsZ2LWmT/MHfYK1Czey:SDXnxqfJfso5TcfP1Cx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • firefox.exe (PID: 3400)
      • firefox.exe (PID: 3332)

    • Connects to unusual port

      • firefox.exe (PID: 3332)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
52
Monitored processes
15
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
368"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.8.1647495023\1196528157" -childID 7 -isForBrowser -prefsHandle 4240 -prefMapHandle 4084 -prefsLen 29313 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cee67a58-7818-4bf3-9827-fe989353f559} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 4008 218e9c90 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
540"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.1.542972165\941864743" -parentBuildID 20230710165010 -prefsHandle 1408 -prefMapHandle 1404 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9c2476d-b31a-441e-9ac3-167861ce2799} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 1420 d42a010 socketC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1168"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.6.690201816\1175208139" -childID 5 -isForBrowser -prefsHandle 3928 -prefMapHandle 3868 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {147a3f9b-933a-4111-9e32-07a5c91ee309} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 3904 216c49b0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2016"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.5.1382647774\18002969" -childID 4 -isForBrowser -prefsHandle 1968 -prefMapHandle 3320 -prefsLen 29209 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {036c381b-241e-43ab-afc7-43d9ca0cddd6} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 1988 21688e00 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2300"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.0.1736020339\2070372092" -parentBuildID 20230710165010 -prefsHandle 1112 -prefMapHandle 1104 -prefsLen 28523 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66c32492-5de3-4eb6-864d-0e880edf1f3a} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 1184 d4ab510 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2672"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.11.995975599\1001974844" -parentBuildID 20230710165010 -sandboxingKind 1 -prefsHandle 3136 -prefMapHandle 8352 -prefsLen 34566 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59141120-1dbc-4c63-8843-69e1a657bb06} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 8240 20f375e0 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2680"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.10.1065512982\1071146175" -parentBuildID 20230710165010 -prefsHandle 4244 -prefMapHandle 3116 -prefsLen 34566 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4293a0e2-8a22-458b-9364-7dde2b75f0ca} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 3124 23003120 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2864"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.12.490789623\521531443" -childID 9 -isForBrowser -prefsHandle 3776 -prefMapHandle 2228 -prefsLen 31122 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34daa445-499c-45f7-bbd5-61c4684645af} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 3792 1fff2b20 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2872"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.9.1221520815\1040330835" -childID 8 -isForBrowser -prefsHandle 8344 -prefMapHandle 4392 -prefsLen 29313 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef92484d-e923-4f55-b92e-9a4dbdf0dd8a} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 8336 23ad0280 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
3072"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3332.2.1939442154\1055425716" -childID 1 -isForBrowser -prefsHandle 1960 -prefMapHandle 1956 -prefsLen 24491 -prefMapSize 244195 -jsInitHandle 924 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b06320d3-1d1e-414a-b9db-2af39c549bc8} 3332 "\\.\pipe\gecko-crash-server-pipe.3332" 1844 12b75e00 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
Total events
17 892
Read events
17 849
Write events
38
Delete events
5

Modification events

(PID) Process:(3400) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
7546564400000000
(PID) Process:(3332) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
9833584400000000
(PID) Process:(3332) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Installer\308046B0AF4A39CB
Operation:delete valueName:installer.taskbarpin.win10.enabled
Value:
(PID) Process:(3332) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(3332) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3332) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Theme
Value:
1
(PID) Process:(3332) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Enabled
Value:
1
(PID) Process:(3332) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
(PID) Process:(3332) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
Value:
0
(PID) Process:(3332) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|SetDefaultBrowserUserChoice
Value:
1
Executable files
0
Suspicious files
150
Text files
30
Unknown types
1

Dropped files

PID
Process
Filename
Type
3332firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
3332firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3332firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.jstext
MD5:A4C0253717519EB0B07D5D8DD14F5D02
SHA256:115B88AA451EA9D5CD010C60DB4B97759E55ECE806CF6C4EBA737C6290C0D044
3332firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3332firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3332firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db-journalbinary
MD5:812B38E3DA4777C4A82BBDF96E939005
SHA256:84A9336845BC981746EDD7AD368B2C8FE0CF5BC04935014D5847ABD6CA53DD72
3332firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\activity-stream.discovery_stream.json.tmpbinary
MD5:A52894E89F994B5B65D34C280A2C6625
SHA256:1933DDF07DB5CF0E87324C745BD33F663569EAF42921A4861382E0147934F2E9
3332firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3332firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\glean\db\data.safe.bindbf
MD5:C58234A092F9D899F0A623E28A4AB9DB
SHA256:EAEC709A98B57CD9C054A205F9BFA76C7424DB2845C077822804F31E16AC134C
3332firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite-journalbinary
MD5:F1EE626C7C145CA882B8F229D6337C12
SHA256:60650D11B0AD4E73F2E5A02784F25043317077E514A4E02B7B6CE2851381A252
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
115
DNS requests
211
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3332
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
unknown
3332
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
unknown
3332
firefox.exe
GET
302
167.89.123.124:80
http://url4659.orders.vanillagift.com/ls/click?upn=u001.4gSefN7qGt7uZc-2BljvSfDuK9c6f7zz-2BRDdNLkOmxp-2BfCpVRV4q5JSM05F18NmhW9aTh4D-2B-2FvKc3l62XSGdMxHFJbFXgzJEKT0hVTtDizqEyIjpaZNelQN-2FgZXIJ2PCNcXi3P0gj9VUFYr-2F5jRl4FtEdya2QT0Mr6bx4ECF7mIbIEfVy1W3Riuld0ZbWpiEZnTvgal-2FKw8wXfFueScc-2FwwZBZgO020KEupe00xWLgVO22-2F6fwLzClVS7hHq1-2BFFKSE2Q4OozXsZPFvO5HIMeA7o1PWDIhqonzCfXLSFyZ6uCTr7BtKxsaqzAYEdBjkKIu-2BodCaVUIyO0iyC3l-2F1pxtV6n6P8oSiFoCNW5MWoPJDJqWDRuHeaPoOSzJLm2PWC1FxLxzjevcoGw5k9lU17qIw-3D-3Dgp3D_Yp4ydSxZWNatis3HtI6bBpbU1Z1hmMBopz8tIlj64wHOfIwcJ0N0LrZQv8ixMLvk9GN1vZEz8jcNf1WzXocuyg8hpbR15eqmxLU-2Fju-2BXcH75Tmcr6zh5f4lOzN7qL8Qh1mirFD9czzwPoMHBgnbtxfQvl14H8XwBSx08G-2FG9UtR6Wr3WpMRUppx34f7GmKSfLz-2B-2FX5YgE2aQ56VobOPQAs409Zef9HUznMfyifk-2FtVTbRyBeAN6Db0Ne4VO9oeJOIUejErTVgMVAsNXCrll-2Bl-2B1ZWtQRxUsQVjydREgRsuw-3D
unknown
unknown
3332
firefox.exe
POST
200
184.24.77.62:80
http://r3.o.lencr.org/
unknown
unknown
3332
firefox.exe
POST
200
184.24.77.62:80
http://r10.o.lencr.org/
unknown
unknown
3332
firefox.exe
POST
200
184.24.77.62:80
http://r10.o.lencr.org/
unknown
unknown
3332
firefox.exe
POST
200
216.58.206.35:80
http://o.pki.goog/wr2
unknown
unknown
3332
firefox.exe
POST
200
184.24.77.62:80
http://r3.o.lencr.org/
unknown
unknown
3332
firefox.exe
POST
200
104.18.38.233:80
http://ocsp.sectigo.com/
unknown
unknown
3332
firefox.exe
POST
200
184.24.77.52:80
http://r3.o.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
2564
svchost.exe
239.255.255.250:3702
whitelisted
1372
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3332
firefox.exe
34.117.188.166:443
contile.services.mozilla.com
unknown
3332
firefox.exe
142.250.186.106:443
safebrowsing.googleapis.com
whitelisted
3332
firefox.exe
167.89.123.124:80
url4659.orders.vanillagift.com
SENDGRID
US
unknown
3332
firefox.exe
34.107.243.93:443
push.services.mozilla.com
GOOGLE
US
unknown
3332
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 34.107.221.82
whitelisted
url4659.orders.vanillagift.com
  • 167.89.123.124
  • 167.89.123.204
  • 167.89.118.120
  • 167.89.118.52
  • 167.89.123.54
  • 167.89.118.83
unknown
sendgrid.net
  • 167.89.118.52
  • 167.89.123.124
  • 167.89.118.83
  • 167.89.123.54
  • 167.89.118.120
  • 167.89.123.204
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 93.184.215.14
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
spocs.getpocket.com
  • 34.117.188.166
shared
prod.ads.prod.webservices.mozgcp.net
  • 34.117.188.166
unknown
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted

Threats

PID
Process
Class
Message
540
firefox.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
540
firefox.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
540
firefox.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://url4659.orders.vanillagift.com/ls/click?upn=u001.4gSefN7qGt7uZc-2BljvSfDuK9c6f7zz-2BRDdNLkOmxp-2BfCpVRV4q5JSM05F18NmhW9aTh4D-2B-2FvKc3l62XSGdMxHFJbFXgzJEKT0hVTtDizqEyIjpaZNelQN-2FgZXIJ2PCNcXi3P0gj9VUFYr-2F5jRl4FtEdya2QT0Mr6bx4ECF7mIbIEfVy1W3Riuld0ZbWpiEZnTvgal-2FKw8wXfFueScc-2FwwZBZgO020KEupe00xWLgVO22-2F6fwLzClVS7hHq1-2BFFKSE2Q4OozXsZPFvO5HIMeA7o1PWDIhqonzCfXLSFyZ6uCTr7BtKxsaqzAYEdBjkKIu-2BodCaVUIyO0iyC3l-2F1pxtV6n6P8oSiFoCNW5MWoPJDJqWDRuHeaPoOSzJLm2PWC1FxLxzjevcoGw5k9lU17qIw-3D-3Dgp3D_Yp4ydSxZWNatis3HtI6bBpbU1Z1hmMBopz8tIlj64wHOfIwcJ0N0LrZQv8ixMLvk9GN1vZEz8jcNf1WzXocuyg8hpbR15eqmxLU-2Fju-2BXcH75Tmcr6zh5f4lOzN7qL8Qh1mirFD9czzwPoMHBgnbtxfQvl14H8XwBSx08G-2FG9UtR6Wr3WpMRUppx34f7GmKSfLz-2B-2FX5YgE2aQ56VobOPQAs409Zef9HUznMfyifk-2FtVTbRyBeAN6Db0Ne4VO9oeJOIUejErTVgMVAsNXCrll-2Bl-2B1ZWtQRxUsQVjydREgRsuw-3D