c6a54cf57a5f7eaae857848b15f9367cf89f1892787d11daf0c982a40f2d8e8b

Analysis

max time kernel
84s
max time network
92s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
13/01/2024, 17:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FortniteSpoofer.html
Size

401B
MD5

4aa110024e461a0b9ee1d050a0b8a2a0
SHA1

7d23b81689da63898d12aaf3bab6096f8a58929f
SHA256

c6a54cf57a5f7eaae857848b15f9367cf89f1892787d11daf0c982a40f2d8e8b
SHA512

c28b9bc6619993ac18348936261e525a8ea9587daecc0b98a6ab2c9e6ecb95fd227482df6f8f2181657c22e8cab11e0f487fd19efe0e58879bc09b1159e12371

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3632047111-1948211978-3010235048-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2004	firefox.exe
Token: SeDebugPrivilege	2004	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 5108 wrote to memory of 2004	5108	firefox.exe	80
PID 2004 wrote to memory of 3532	2004	firefox.exe	81
PID 2004 wrote to memory of 3532	2004	firefox.exe	81
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 1740	2004	firefox.exe	83
PID 2004 wrote to memory of 3812	2004	firefox.exe	84
PID 2004 wrote to memory of 3812	2004	firefox.exe	84
PID 2004 wrote to memory of 3812	2004	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FortniteSpoofer.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\FortniteSpoofer.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.0.1336742309\1722760379" -parentBuildID 20221007134813 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96dd0826-abb9-4e28-a489-cc996dba3365} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 1884 24b11407458 gpu
    3⤵
    PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.1.219050064\1616584455" -parentBuildID 20221007134813 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc76cd7b-baa1-457c-97eb-05316de2a3bb} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 2284 24b100e6258 socket
    3⤵
    - Checks processor information in registry
    PID:1740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.2.1391171431\277704138" -childID 1 -isForBrowser -prefsHandle 3356 -prefMapHandle 3352 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb1a1239-72a0-404c-936f-a64a1a5e183e} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 3368 24b15747858 tab
    3⤵
    PID:3812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.3.1367716299\1807133374" -childID 2 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {debfe1b3-5073-438b-8732-d4e85bf66718} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 3060 24b04162858 tab
    3⤵
    PID:1760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.6.1157841344\236033979" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20d50cce-a380-43df-a141-6fc95f97a504} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 5316 24b17dfad58 tab
    3⤵
    PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.5.744733791\141179101" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4888 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4d0bc7d-7d46-452e-b686-fe7817f1bcd7} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 4920 24b17dfa458 tab
    3⤵
    PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.4.1981842086\27243376" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83e83fbc-eb7d-4af6-a295-94258b7baec0} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 4956 24b17cbf658 tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.7.1310976825\1970442951" -childID 6 -isForBrowser -prefsHandle 4700 -prefMapHandle 5656 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b30fa81-abb3-4adb-8ef0-84a8fab30e8f} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 4648 24b150bca58 tab
    3⤵
    PID:2748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.8.864915483\99511974" -childID 7 -isForBrowser -prefsHandle 4876 -prefMapHandle 4128 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36104e26-c5e0-48b2-b6d5-dd950b0399f4} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 5044 24b10391558 tab
    3⤵
    PID:4856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2920

Network

DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

52.24.152.80

shavar.prod.mozaws.net

IN A

44.239.151.67

shavar.prod.mozaws.net

IN A

34.213.155.5
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

34.213.155.5

shavar.prod.mozaws.net

IN A

44.239.151.67

shavar.prod.mozaws.net

IN A

52.24.152.80
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

8.8.8.8.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A

Response

support.mozilla.org

IN CNAME

prod.sumo.prod.webservices.mozgcp.net

prod.sumo.prod.webservices.mozgcp.net

IN CNAME

us-west1.prod.sumo.prod.webservices.mozgcp.net

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN A

34.149.128.2
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

80.152.24.52.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

80.152.24.52.in-addr.arpa

IN PTR

Response

80.152.24.52.in-addr.arpa

IN PTR

ec2-52-24-152-80 us-west-2compute amazonawscom
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

us-west1.prod.sumo.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN A

Response

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN A

34.149.128.2
DNS

us-west1.prod.sumo.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

nexusrules.officeapps.live.com

firefox.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.229.19
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.237.239:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-modified-since: Fri, 25 Mar 2022 17:45:46 GMT
if-none-match: "1648230346554"
te: trailers
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.107.243.93:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rGLEd5rOElE5b3r75QNBGA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

sec-websocket-accept: UUmkMC+jOkKCIuX6gUh8BAPZWJc=
date: Sat, 13 Jan 2024 17:15:30 GMT
Via: 1.1 google
Upgrade: websocket
Connection: Upgrade
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

52.24.152.80:443

shavar.services.mozilla.com

tls

firefox.exe

5.5kB
4.1kB
14
9
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

1.6kB
5.6kB
15
15
34.117.237.239:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

1.8kB
7.4kB
15
16

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

tls, http2

firefox.exe

3.5kB
5.8kB
17
12

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.107.243.93:443

https://push.services.mozilla.com/

tls, http

firefox.exe

2.1kB
6.1kB
17
16

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
127.0.0.1:49731

firefox.exe
127.0.0.1:49737

firefox.exe

8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

329 B
383 B
4
3

DNS Request

shavar.services.mozilla.com

DNS Response

52.24.152.80

44.239.151.67

34.213.155.5

DNS Request

shavar.prod.mozaws.net

DNS Response

34.213.155.5

44.239.151.67

52.24.152.80

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

719 B
909 B
10
6

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191

DNS Request

contile.services.mozilla.com

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

autopush.prod.mozaws.net

DNS Request

support.mozilla.org

DNS Request

support.mozilla.org

DNS Request

support.mozilla.org

DNS Request

support.mozilla.org

DNS Request

support.mozilla.org

DNS Response

34.149.128.2
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

288 B
266 B
4
3

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239

DNS Request

autopush.prod.mozaws.net

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

599 B
1.0kB
7
7

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::

DNS Request

80.152.24.52.in-addr.arpa

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

DNS Response

34.149.128.2

DNS Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.229.19
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

219 B
314 B
3
2

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209

DNS Request

shavar.prod.mozaws.net

DNS Request

shavar.prod.mozaws.net

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2df822836986e4e0b2813e41d41b0178

SHA1
b8b63b872f269091cf09426a2690730564f88dfd

SHA256
744deeb8d3b551d6387b31db5eeff1e802ded0b3399d5405ef53743a813f19c2

SHA512
1e48a8996e2647689a39c69161ff54f65f675e2f90fafce003a13b35cd5de7d5397775081fb60959fa25babaac46a7bfadd25bef3fdcf243b46a35c62c3462c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\datareporting\glean\pending_pings\a36ae672-3ae6-4be7-b9d1-7c51f4bf8f12

Filesize
11KB

MD5
c0890945f78383b47c89f850dd8ebcfc

SHA1
ffb91d38e8a3cbfbc01907fd12556d1cb537e106

SHA256
44985fb639684f75e5683681f5f6be7b5db943007bccd06889bfdc0c9d698846

SHA512
3c2f2ca4c5538cd39cd4726e1c0ca11ba90905360cd9c759e14243c00546a0cb5fdfb17b8fe4c31531a6a1fb9917ac86c0d498e698c51f55109ac458b6f62a32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\datareporting\glean\pending_pings\e0def735-a25c-4798-8742-3d003373a402

Filesize
746B

MD5
a540e3363002da795bb9c25fc23f8a2f

SHA1
d4c6f9407df4a4c5e57a4af4e72e932c3999ceee

SHA256
339fa742ffb3117a91219b131b396acdc9abcfcd728dc9459fbe689befd0a978

SHA512
a8624b0dfacab1eae13c6d79cb4f994c6fc1724b062773114069143a9049119e774ba8fd2ab66dcff098e9260a1c0e4c8164e3d83449b49a92bb2cdfb778cb31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\prefs-1.js

Filesize
6KB

MD5
7453181cbbd01c5cd1f81384b591023d

SHA1
ac8a687201d4526e7ff18f13c0157bbf92d1d2e7

SHA256
b81951768fef32943d09b9373d990a4ea0c1b7aec377ffdee96501240bc48bb3

SHA512
eed60965858752a887c2d01b84bb69b214882a2b08de25dbe9dd2596295d3c95e3067f55edb8f18e4a83bad22fca3785a6625e673c50d054cefe48777942d4c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
992B

MD5
50677de7a8ac31731d24d7ceed7c62b0

SHA1
83db0442ef895cee538a104d35de292b253564be

SHA256
44111b42cf598b3897df7df2a1be676b681f83ef6dd282ce8dc52e6cf188dd49

SHA512
f3ebfebc1f01ed9e50668d6a1944f0682bea758b386b8f31896806453170e28f6ff29b7cbcf8dd6d45d4b567db5d2edf0bab6d83deb44dd64aca08c57548fc9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
869be10503022f9a28a33bfef8599af8

SHA1
cc7f37e41441bc1ecd4100f2e9a28be0857e5d36

SHA256
746b051fdc05712bf7112d6465bc138426fced6b791b28295bbd973486962239

SHA512
24d9fbd190d1fc8faf24ef728b8243878601b4272afa574817a055fff8842454466585b82e3f39bbd36b3db25b9613a84859794cb93035797bc85f2f0a26da8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
327b29236f5de2ef44320cc813820d25

SHA1
c7b51f62f4018849b390bf73365310ba13fc8a47

SHA256
5cc14179df7f88d0e8bda689a6609b37490269fc81db526019865b0e5663ef13

SHA512
45f50ea6dd9a974469ecc461c169af75bb9ff525517d969e2078f6839bc8c1cda5d31662ae2508b5f765e1ba3507038f6e301390e33d7147b37559ab3bccdbc0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.