6ec15af1bc5b6d5c960a01769eac364ec3a219e5391b4f82ed7e97ed29665322

Resubmissions

15/05/2023, 17:14 UTC

230515-vsctcafa81 6

15/05/2023, 17:11 UTC

230515-vqmkrsgf24 1

15/05/2023, 17:10 UTC

230515-vp4gwsfa7z 1

Analysis

max time kernel
67s
max time network
129s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
15/05/2023, 17:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

16KB
MD5

97d64f3958d236e4b24ad96be8aed5ed
SHA1

87eb717af41b5c189f7e5022abb284fb87c62820
SHA256

6ec15af1bc5b6d5c960a01769eac364ec3a219e5391b4f82ed7e97ed29665322
SHA512

787b827e39c4637043fa2cb3d2f78a5180b2f836c79826fe3514aefdfbb51356fac9e40e2a6d0de9c1036e6bd6e3e38a2fae32e5c9479468f9b9d427485e98e7
SSDEEP

384:ry1ajhn8DpmRgVoOsKKElKeGMmU8HhhbPUf7628B2dBJCBXQL:rqUSfVoOsKNI1MsBhbsTE+JQQL

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10cb2ab86187d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31033185"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3063411741"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3063411741"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e356a5b32a00045a8a80319a7d3098d00000000020000000000106600000001000020000000a92dc9f24c89ab32ca94fcaf3001196d51e4d9440b52c9d586697a7f07fa5e64000000000e800000000200002000000030cd7a14aca0024c9ebaff7bc1612c5937d1b788fa88d495163b5219133358de200000007dcda9672ed289b76363b9c099ef8973307008127066ea9b41f8d236f64f248b40000000e4cf398bf1220cf71a0fbe36777ef3bd800e74f36f17ee745f090cd8cc9ea7e04da7577803ebca65120a45a66b37538e77ffa316510424281962ea60eb62fb4d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31033185"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b817b86187d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E213D7B0-F354-11ED-B673-EA2BA4E38CBA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e356a5b32a00045a8a80319a7d3098d00000000020000000000106600000001000020000000dfe1bb9554dd6330b49496bebafe21875e44a8c1573f4d45a70bcc5f2fd6eeaa000000000e800000000200002000000077df414336456d1b25401bc41f4145ac4b193a9305f9758767745f654990166220000000eee3b2411549d1c16fe3064407dcd2874801adbb163b69f409f9b24d4d34e68140000000aeb1d8af6d47ab88e7edf88b3d4a36ebf18ccc178a2f2b0706c0034b2c6514ffe48fc11599ba41dca6693e7ec96f43f215f4a76b8f7b6e213d46df5749065bb1	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4548	firefox.exe
Token: SeDebugPrivilege	4548	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4048	iexplore.exe
4548	firefox.exe
4548	firefox.exe
4548	firefox.exe
4548	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4548	firefox.exe
4548	firefox.exe
4548	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4048	iexplore.exe
4048	iexplore.exe
4596	IEXPLORE.EXE
4596	IEXPLORE.EXE
4596	IEXPLORE.EXE
4596	IEXPLORE.EXE
4548	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 4596	4048	iexplore.exe	66
PID 4048 wrote to memory of 4596	4048	iexplore.exe	66
PID 4048 wrote to memory of 4596	4048	iexplore.exe	66
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4928 wrote to memory of 4548	4928	firefox.exe	69
PID 4548 wrote to memory of 1756	4548	firefox.exe	70
PID 4548 wrote to memory of 1756	4548	firefox.exe	70
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71
PID 4548 wrote to memory of 3572	4548	firefox.exe	71

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4048 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.0.1739185082\1605752847" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1664 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b93cc950-e6ae-4566-a844-b1c5c5ad0320} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 1752 18c42518658 gpu
    3⤵
    PID:1756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.1.2007611967\1145942126" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfbc1b0c-d0bb-4b0a-9108-ac3278f0eaa3} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 2104 18c41443c58 socket
    3⤵
    - Checks processor information in registry
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.2.1828876774\1150425975" -childID 1 -isForBrowser -prefsHandle 2760 -prefMapHandle 2736 -prefsLen 21117 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {027bdc99-afbc-43aa-8dc5-70634afd6a5e} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 2500 18c45e54158 tab
    3⤵
    PID:784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.3.662230385\634913736" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ab14bb2-42bf-40e4-afbd-2ddade51ad75} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 3564 18c2f562258 tab
    3⤵
    PID:1132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.4.1913691529\419336297" -childID 3 -isForBrowser -prefsHandle 4352 -prefMapHandle 4348 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67f19204-5386-45ef-9ad0-8ce719bbdec7} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 4360 18c47f0ee58 tab
    3⤵
    PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.5.546942559\879009229" -childID 4 -isForBrowser -prefsHandle 4592 -prefMapHandle 4620 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1c0f82e-d41e-4b87-91f9-ee1d73fedf5e} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 4600 18c4813a658 tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.7.394736181\731088625" -childID 6 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e717801f-3c3e-4a7b-91ae-bc2f1bab250b} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 5204 18c48525058 tab
    3⤵
    PID:4224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.6.1442014830\1024926794" -childID 5 -isForBrowser -prefsHandle 4892 -prefMapHandle 4348 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf1b9b0b-2416-4721-be9c-17c9574b244a} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 5032 18c48524158 tab
    3⤵
    PID:3772

Network

DNS

58.250.217.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.250.217.23.in-addr.arpa

IN PTR

Response

58.250.217.23.in-addr.arpa

IN PTR

a23-217-250-58deploystaticakamaitechnologiescom
GET

https://ieonline.microsoft.com/ie/known_providers_download_v1.xml

iexplore.exe

Remote address:

204.79.197.200:443

Request

GET /ie/known_providers_download_v1.xml HTTP/2.0
host: ieonline.microsoft.com
accept: */*
accept-language: en-US
ua-cpu: AMD64
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
cookie: MUID=36DE710B6B5E6BBB21D963B56A096A7D; _EDGE_V=1; MUIDB=36DE710B6B5E6BBB21D963B56A096A7D

Response

HTTP/2.0 200

cache-control: public, max-age=15552000
content-length: 90518
content-type: text/xml
last-modified: Thu, 20 Feb 2020 01:30:24 GMT
set-cookie: SUID=M; domain=.microsoft.com; expires=Tue, 16-May-2023 05:15:51 GMT; path=/; HttpOnly
set-cookie: _EDGE_S=SID=0EF3D07C47C86F970D37C36E46626E6D; domain=.microsoft.com; path=/; HttpOnly
set-cookie: MUIDB=36DE710B6B5E6BBB21D963B56A096A7D; expires=Sat, 08-Jun-2024 17:15:51 GMT; path=/; HttpOnly
x-eventid: 646268c7b7b54d388cf6c06a705d4424
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BBFEF1D0E8374473A230BB45EE60401D Ref B: DUS30EDGE0920 Ref C: 2023-05-15T17:15:51Z
date: Mon, 15 May 2023 17:15:50 GMT
GET

http://www.bing.com/favicon.ico

iexplore.exe

Remote address:

204.79.197.200:80

Request

GET /favicon.ico HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: www.bing.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: public, max-age=15552000
Content-Length: 4286
Content-Type: image/x-icon
Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
X-Cache: TCP_HIT
X-EventID: 645820d325c446d784be220c933c6533
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
X-MSEdge-Ref: Ref A: E983E72D54E842E5A3E735AAB436315D Ref B: AMS04EDGE2615 Ref C: 2023-05-15T17:15:51Z
Date: Mon, 15 May 2023 17:15:50 GMT
DNS

76.38.195.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.38.195.152.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

getpocket.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

getpocket.cdn.mozilla.net

IN A

Response

getpocket.cdn.mozilla.net

IN CNAME

getpocket-cdn.prod.mozaws.net

getpocket-cdn.prod.mozaws.net

IN CNAME

prod.pocket.prod.cloudops.mozgcp.net

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

34.149.100.209
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.117.65.55
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

54.212.210.58

shavar.prod.mozaws.net

IN A

52.89.245.71

shavar.prod.mozaws.net

IN A

44.225.227.241

shavar.prod.mozaws.net

IN A

54.149.33.35

shavar.prod.mozaws.net

IN A

44.226.253.107

shavar.prod.mozaws.net

IN A

52.88.229.135
GET

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

firefox.exe

Remote address:

34.120.5.221:443

Request

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30 HTTP/2.0
host: getpocket.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-modified-since: Fri, 25 Mar 2022 17:45:46 GMT
if-none-match: "1648230346554"
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 225
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Content-Length, Content-Type, Alert
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 15 May 2023 17:01:58 GMT
last-modified: Mon, 15 May 2023 16:27:42 GMT
content-type: application/json
age: 839
content-type: application/json
age: 839
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=hijack-blocklists&bucket=main&_expected=0

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/monitor/collections/changes/changeset?collection=hijack-blocklists&bucket=main&_expected=0 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 225
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Content-Length, Content-Type, Alert
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 15 May 2023 17:01:58 GMT
last-modified: Mon, 15 May 2023 16:27:42 GMT
content-type: application/json
age: 839
content-type: application/json
age: 839
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 225
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Content-Length, Content-Type, Alert
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 15 May 2023 17:01:58 GMT
last-modified: Mon, 15 May 2023 16:27:42 GMT
content-type: application/json
age: 839
content-type: application/json
age: 839
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 681
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Last-Modified, ETag, Cache-Control, Backoff, Alert, Content-Type, Pragma
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 15 May 2023 16:30:15 GMT
age: 2742
last-modified: Wed, 10 May 2023 00:00:12 GMT
etag: "1683676812118"
content-type: application/json
content-type: application/json
age: 839
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.237.239:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.117.65.55
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

34.149.100.209
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:524c::
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN AAAA

Response
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.117.65.55:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NfkGbseu6Jf3y0Ckppwxqg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VZDVz82HNkTR6DtW/i//EjPnwmw=
Date: Mon, 15 May 2023 17:15:57 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

44.226.253.107

shavar.prod.mozaws.net

IN A

44.225.227.241

shavar.prod.mozaws.net

IN A

54.212.210.58

shavar.prod.mozaws.net

IN A

54.149.33.35

shavar.prod.mozaws.net

IN A

52.89.245.71

shavar.prod.mozaws.net

IN A

52.88.229.135
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

221.5.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

221.5.120.34.in-addr.arpa

IN PTR

Response

221.5.120.34.in-addr.arpa

IN PTR

221512034bcgoogleusercontentcom
DNS

209.100.149.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.100.149.34.in-addr.arpa

IN PTR

Response

209.100.149.34.in-addr.arpa

IN PTR

20910014934bcgoogleusercontentcom
DNS

239.237.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.237.117.34.in-addr.arpa

IN PTR

Response

239.237.117.34.in-addr.arpa

IN PTR

23923711734bcgoogleusercontentcom
DNS

58.210.212.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.210.212.54.in-addr.arpa

IN PTR

Response

58.210.212.54.in-addr.arpa

IN PTR

ec2-54-212-210-58 us-west-2compute amazonawscom
DNS

55.65.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.65.117.34.in-addr.arpa

IN PTR

Response

55.65.117.34.in-addr.arpa

IN PTR

556511734bcgoogleusercontentcom
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

191.144.160.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

191.144.160.34.in-addr.arpa

IN PTR

Response

191.144.160.34.in-addr.arpa

IN PTR

19114416034bcgoogleusercontentcom
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

62.13.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.13.109.52.in-addr.arpa

IN PTR

Response

204.79.197.200:443

https://ieonline.microsoft.com/ie/known_providers_download_v1.xml

tls, http2

iexplore.exe

5.1kB
103.5kB
96
93

HTTP Request

GET https://ieonline.microsoft.com/ie/known_providers_download_v1.xml

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.2kB
8.1kB
16
14
204.79.197.200:80

www.bing.com

iexplore.exe

144 B
52 B
3
1
204.79.197.200:80

http://www.bing.com/favicon.ico

http

iexplore.exe

589 B
5.5kB
8
6

HTTP Request

GET http://www.bing.com/favicon.ico

HTTP Response

200
127.0.0.1:49743

firefox.exe
34.120.5.221:443

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

tls, http2

firefox.exe

2.2kB
52.7kB
22
47

HTTP Request

GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

firefox.exe

1.0kB
5.3kB
11
10
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

tls, http2

firefox.exe

2.4kB
8.3kB
20
21

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=hijack-blocklists&bucket=main&_expected=0

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
34.117.237.239:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

1.8kB
7.9kB
16
19

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
54.212.210.58:443

shavar.services.mozilla.com

tls

firefox.exe

2.2kB
4.1kB
10
9
34.117.65.55:443

https://push.services.mozilla.com/

tls, http

firefox.exe

1.9kB
6.1kB
12
15

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

1.9kB
11.8kB
17
23
127.0.0.1:49751

firefox.exe
13.69.239.73:443

322 B
7
93.184.221.240:80

322 B
7

8.8.8.8:53

58.250.217.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

58.250.217.23.in-addr.arpa
8.8.8.8:53

76.38.195.152.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

76.38.195.152.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

getpocket.cdn.mozilla.net

dns

firefox.exe

71 B
174 B
1
1

DNS Request

getpocket.cdn.mozilla.net

DNS Response

34.120.5.221
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
99 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.117.65.55
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
205 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

54.212.210.58

52.89.245.71

44.225.227.241

54.149.33.35

44.226.253.107

52.88.229.135
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.120.5.221
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.117.65.55
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
99 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
110 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:524c::
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
167 B
1
1

DNS Request

firefox.settings.services.mozilla.com
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
164 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

44.226.253.107

44.225.227.241

54.212.210.58

54.149.33.35

52.89.245.71

52.88.229.135
34.149.100.209:443

firefox.settings.services.mozilla.com

https

firefox.exe

1.9kB
5.8kB
6
7
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

221.5.120.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

221.5.120.34.in-addr.arpa
8.8.8.8:53

209.100.149.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

209.100.149.34.in-addr.arpa
8.8.8.8:53

239.237.117.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

239.237.117.34.in-addr.arpa
8.8.8.8:53

58.210.212.54.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

58.210.212.54.in-addr.arpa
8.8.8.8:53

55.65.117.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

55.65.117.34.in-addr.arpa
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

191.144.160.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

191.144.160.34.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

62.13.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

62.13.109.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp

Filesize
153KB

MD5
f4cff622b3112e682a7a25d7487d0039

SHA1
e61560535d47f846ecd51c12b8e0bc5865dc8e47

SHA256
03f6834cb35fced7c3f44f2494def45073d107ddd50fed82f7b610d6cf47ab76

SHA512
7c54905e23e255f425ad7c22ee057580c1f0159915afc09066f437a74eba3e1bee6d7f54a57872a4cc166e01713d449d6868ec1cde175a4d378e04ebee75ca10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kno6508.tmp

Filesize
88KB

MD5
002d5646771d31d1e7c57990cc020150

SHA1
a28ec731f9106c252f313cca349a68ef94ee3de9

SHA256
1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

SHA512
689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js

Filesize
6KB

MD5
f843fc3b858888d342076c7199266348

SHA1
97dea7b7d8486f03cc085ef488fda80fe53515a0

SHA256
19b6e95d7e0e109333b648d994d42f1f8552467f8f43a4570f84dc5c5e2189a4

SHA512
9b25cfb2a279bda5827e7d4c3446c75cb5057e7a886e23b7f3eb44d3a2fbb04d19249ff423c821cc41ea7a6d8585fafb0b4f9ae8d54274883250c4a4a1c7c1f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore.jsonlz4

Filesize
882B

MD5
d9684487ab94e74143549f306e0c0d51

SHA1
72c41c09d2a26adae32765faf28de0af7434e9ad

SHA256
f6f4d98ce244b94cf43b876ff713363dc9f734fb2cdbb56a97c5ccbc5cd383fd

SHA512
da17992eaa985c66d28348d87a0fb7448bcbf3e63e6b8d38095a9beeb3adae9d0d4c82c26e5c9b1c53ef532c75162eb68e7c344d14f75d829ad05b8975a21332

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.