70237f97e78fa67a7cf63ff983658ddcc83584c622fe4b168f9a8297db4de7cd

Analysis

max time kernel
160s
max time network
215s
platform
windows10-2004_x64
resource
win10v2004-20240226-de
resource tags

arch:x64arch:x86image:win10v2004-20240226-delocale:de-deos:windows10-2004-x64systemwindows
submitted
27/02/2024, 20:47 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GOTOBED (64bit)/Go To Bed_Data/Managed/Assembly-CSharp.dll
Size

66KB
MD5

3af8a54899e814e355dec2ee7faa578f
SHA1

498c864ffb7788358044766004ea3e0a4dd7780b
SHA256

1e56549c59169ca7caae6cb773b7da1380f515db7c5fa936216c0e3d0338cb55
SHA512

1bd4fef6b08b4ad9abc377cdb548fdde17fd661fd405dfcb668ca345e8e076497b5cdc5d94c6b1a143144caece9d6dd88b1e4cec4b16f30267c7339a84d05d2b
SSDEEP

1536:qtLDM25PA/ajACq+5/S2pTCnRT45+4CD:qVlAoJqC/S2xCnRT45+46

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\GOTOBED (64bit)\Go To Bed_Data\Managed\Assembly-CSharp.dll",#1
1⤵
PID:1256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.1.1017085493\674460569" -parentBuildID 20221007134813 -prefsHandle 1944 -prefMapHandle 1904 -prefsLen 17556 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae4bf0ff-7252-428a-8219-ddaf06641c4b} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 1956 21d353f7958 socket
1⤵
PID:952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.3.1654890969\366998242" -childID 2 -isForBrowser -prefsHandle 1336 -prefMapHandle 1684 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33cc54af-d874-4c60-a921-7d446a97ed3a} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 1340 280c4671b58 tab
1⤵
PID:1880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.4.1268595646\778639462" -childID 3 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d67c6a2a-37f8-4c2a-9f39-0c61f9ea0ffd} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 3484 280c4661558 tab
1⤵
PID:1652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.5.1333852396\1651616625" -childID 4 -isForBrowser -prefsHandle 4740 -prefMapHandle 4748 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3de51ee-421b-4fe9-9f47-39cd1223180d} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 4720 280d1f45e58 tab
1⤵
PID:5132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.6.138545846\1792710197" -childID 5 -isForBrowser -prefsHandle 4896 -prefMapHandle 4900 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {353ce7e6-77a8-48fc-ae99-b66c42e0c9a3} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 4880 280d6258a58 tab
1⤵
PID:5160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.7.694481857\574356671" -childID 6 -isForBrowser -prefsHandle 5136 -prefMapHandle 4988 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d8f2c40-58a5-46f0-a917-7b2cb2c0cb21} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 5124 280d6259058 tab
1⤵
PID:5172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1596.8.1284396081\1760956094" -childID 7 -isForBrowser -prefsHandle 5616 -prefMapHandle 5612 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f54d3b3-96c9-44f3-94f4-8e407be671ca} 1596 "\\.\pipe\gecko-crash-server-pipe.1596" 5624 280d80f6858 tab
1⤵
PID:6104

Network

DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

18.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.179.17.96.in-addr.arpa

IN PTR

Response

18.179.17.96.in-addr.arpa

IN PTR

a96-17-179-18deploystaticakamaitechnologiescom
DNS

11.2.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.2.37.23.in-addr.arpa

IN PTR

Response

11.2.37.23.in-addr.arpa

IN PTR

a23-37-2-11deploystaticakamaitechnologiescom
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

content-signature-2.cdn.mozilla.net

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

shavar.services.mozilla.com

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

34.211.173.98

shavar.prod.mozaws.net

IN A

44.237.149.213

shavar.prod.mozaws.net

IN A

44.239.242.57
DNS

push.services.mozilla.com

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

firefox.settings.services.mozilla.com

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

autopush.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

shavar.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

34.211.173.98

shavar.prod.mozaws.net

IN A

44.237.149.213

shavar.prod.mozaws.net

IN A

44.239.242.57
DNS

autopush.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

shavar.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

98.173.211.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.173.211.34.in-addr.arpa

IN PTR

Response

98.173.211.34.in-addr.arpa

IN PTR

ec2-34-211-173-98 us-west-2compute amazonawscom
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR

Response

134.71.91.104.in-addr.arpa

IN PTR

a104-91-71-134deploystaticakamaitechnologiescom
DNS

31.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.179.17.96.in-addr.arpa

IN PTR

Response

31.179.17.96.in-addr.arpa

IN PTR

a96-17-179-31deploystaticakamaitechnologiescom
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

74.125.193.147

www.google.com

IN A

74.125.193.106

www.google.com

IN A

74.125.193.105

www.google.com

IN A

74.125.193.103

www.google.com

IN A

74.125.193.99

www.google.com

IN A

74.125.193.104
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

74.125.193.147

www.google.com

IN A

74.125.193.106

www.google.com

IN A

74.125.193.105

www.google.com

IN A

74.125.193.103

www.google.com

IN A

74.125.193.99

www.google.com

IN A

74.125.193.104
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:400b:c01::63

www.google.com

IN AAAA

2a00:1450:400b:c01::68

www.google.com

IN AAAA

2a00:1450:400b:c01::67

www.google.com

IN AAAA

2a00:1450:400b:c01::93
DNS

147.193.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.193.125.74.in-addr.arpa

IN PTR

Response

147.193.125.74.in-addr.arpa

IN PTR

di-in-f1471e100net

147.193.125.74.in-addr.arpa

IN PTR

ig-in-f147�D
DNS

94.202.85.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

94.202.85.209.in-addr.arpa

IN PTR

Response

94.202.85.209.in-addr.arpa

IN PTR

dg-in-f941e100net
DNS

94.203.85.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

94.203.85.209.in-addr.arpa

IN PTR

Response

94.203.85.209.in-addr.arpa

IN PTR

dh-in-f941e100net
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response
DNS

detectportal.firefox.com

Remote address:

8.8.8.8:53

Request

detectportal.firefox.com

IN A

Response

detectportal.firefox.com

IN CNAME

detectportal.prod.mozaws.net

detectportal.prod.mozaws.net

IN CNAME

prod.detectportal.prod.cloudops.mozgcp.net

prod.detectportal.prod.cloudops.mozgcp.net

IN A

34.107.221.82
GET

http://detectportal.firefox.com/canonical.html

Remote address:

34.107.221.82:80

Request

GET /canonical.html HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive

Response

HTTP/1.1 200 OK

Server: nginx
Content-Length: 90
Via: 1.1 google
Date: Mon, 26 Feb 2024 21:03:30 GMT
Age: 85680
Content-Type: text/html
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
GET

http://detectportal.firefox.com/canonical.html

Remote address:

34.107.221.82:80

Request

GET /canonical.html HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive

Response

HTTP/1.1 200 OK

Server: nginx
Content-Length: 90
Via: 1.1 google
Date: Mon, 26 Feb 2024 21:03:30 GMT
Age: 85740
Content-Type: text/html
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
DNS

prod.detectportal.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.detectportal.prod.cloudops.mozgcp.net

IN A

Response

prod.detectportal.prod.cloudops.mozgcp.net

IN A

34.107.221.82
DNS

prod.detectportal.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.detectportal.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.detectportal.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:38d7::
DNS

prod.detectportal.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.detectportal.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.detectportal.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:38d7::
DNS

example.org

Remote address:

8.8.8.8:53

Request

example.org

IN A

Response

example.org

IN A

93.184.216.34
DNS

example.org

Remote address:

8.8.8.8:53

Request

example.org

IN A

Response

example.org

IN A

93.184.216.34
DNS

ipv4only.arpa

Remote address:

8.8.8.8:53

Request

ipv4only.arpa

IN A

Response

ipv4only.arpa

IN A

192.0.0.170

ipv4only.arpa

IN A

192.0.0.171
DNS

ipv4only.arpa

Remote address:

8.8.8.8:53

Request

ipv4only.arpa

IN A

Response

ipv4only.arpa

IN A

192.0.0.170

ipv4only.arpa

IN A

192.0.0.171
DNS

detectportal.firefox.com

Remote address:

8.8.8.8:53

Request

detectportal.firefox.com

IN A

Response

detectportal.firefox.com

IN CNAME

detectportal.prod.mozaws.net

detectportal.prod.mozaws.net

IN CNAME

prod.detectportal.prod.cloudops.mozgcp.net

prod.detectportal.prod.cloudops.mozgcp.net

IN A

34.107.221.82
DNS

detectportal.firefox.com

Remote address:

8.8.8.8:53

Request

detectportal.firefox.com

IN A

Response

detectportal.firefox.com

IN CNAME

detectportal.prod.mozaws.net

detectportal.prod.mozaws.net

IN CNAME

prod.detectportal.prod.cloudops.mozgcp.net

prod.detectportal.prod.cloudops.mozgcp.net

IN A

34.107.221.82
GET

http://detectportal.firefox.com/success.txt?ipv4

Remote address:

34.107.221.82:80

Request

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Tue, 27 Feb 2024 05:24:07 GMT
Age: 55644
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
GET

http://detectportal.firefox.com/success.txt?ipv4

Remote address:

34.107.221.82:80

Request

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Tue, 27 Feb 2024 05:24:07 GMT
Age: 55703
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
DNS

82.221.107.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.221.107.34.in-addr.arpa

IN PTR

Response

82.221.107.34.in-addr.arpa

IN PTR

8222110734bcgoogleusercontentcom
DNS

detectportal.firefox.com

Remote address:

8.8.8.8:53

Request

detectportal.firefox.com

IN A

Response

detectportal.firefox.com

IN CNAME

detectportal.prod.mozaws.net

detectportal.prod.mozaws.net

IN CNAME

prod.detectportal.prod.cloudops.mozgcp.net

prod.detectportal.prod.cloudops.mozgcp.net

IN A

34.107.221.82
DNS

detectportal.firefox.com

Remote address:

8.8.8.8:53

Request

detectportal.firefox.com

IN A

Response

detectportal.firefox.com

IN CNAME

detectportal.prod.mozaws.net

detectportal.prod.mozaws.net

IN CNAME

prod.detectportal.prod.cloudops.mozgcp.net

prod.detectportal.prod.cloudops.mozgcp.net

IN A

34.107.221.82

127.0.0.1:55552
34.117.237.239:443

contile.services.mozilla.com

tls

1.8kB
7.7kB
15
18
34.211.173.98:443

shavar.services.mozilla.com

tls

2.2kB
3.8kB
10
11
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

2.4kB
8.1kB
20
23
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

2.0kB
5.9kB
17
20
34.107.243.93:443

push.services.mozilla.com

tls

1.9kB
4.5kB
12
12
127.0.0.1:55550
127.0.0.1:55559

firefox.exe
74.125.193.147:443

www.google.com

tls

2.6kB
11.3kB
20
29
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

1.1kB
3.9kB
12
10
127.0.0.1:55554
34.107.221.82:80

http://detectportal.firefox.com/canonical.html

http

1.2kB
1.2kB
14
13

HTTP Request

GET http://detectportal.firefox.com/canonical.html

HTTP Response

200

HTTP Request

GET http://detectportal.firefox.com/canonical.html

HTTP Response

200
34.107.221.82:80

http://detectportal.firefox.com/success.txt?ipv4

http

1.2kB
1.1kB
14
13

HTTP Request

GET http://detectportal.firefox.com/success.txt?ipv4

HTTP Response

200

HTTP Request

GET http://detectportal.firefox.com/success.txt?ipv4

HTTP Response

200

8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

133.32.126.40.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

18.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

18.179.17.96.in-addr.arpa
8.8.8.8:53

11.2.37.23.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

11.2.37.23.in-addr.arpa
8.8.8.8:53

contile.services.mozilla.com

dns

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

shavar.services.mozilla.com

dns

73 B
157 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

34.211.173.98

44.237.149.213

44.239.242.57
8.8.8.8:53

push.services.mozilla.com

dns

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

83 B
161 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

contile.services.mozilla.com

dns

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

autopush.prod.mozaws.net

dns

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93
8.8.8.8:53

shavar.prod.mozaws.net

dns

68 B
116 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

34.211.173.98

44.237.149.213

44.239.242.57
8.8.8.8:53

autopush.prod.mozaws.net

dns

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

shavar.prod.mozaws.net

dns

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

contile.services.mozilla.com

dns

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

94 B
110 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

98.173.211.34.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

98.173.211.34.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

134.71.91.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

134.71.91.104.in-addr.arpa
8.8.8.8:53

31.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

31.179.17.96.in-addr.arpa
8.8.8.8:53

www.google.com

dns

60 B
156 B
1
1

DNS Request

www.google.com

DNS Response

74.125.193.147

74.125.193.106

74.125.193.105

74.125.193.103

74.125.193.99

74.125.193.104
8.8.8.8:53

www.google.com

dns

60 B
156 B
1
1

DNS Request

www.google.com

DNS Response

74.125.193.147

74.125.193.106

74.125.193.105

74.125.193.103

74.125.193.99

74.125.193.104
8.8.8.8:53

www.google.com

dns

60 B
172 B
1
1

DNS Request

www.google.com

DNS Response

2a00:1450:400b:c01::63

2a00:1450:400b:c01::68

2a00:1450:400b:c01::67

2a00:1450:400b:c01::93
8.8.8.8:53

147.193.125.74.in-addr.arpa

dns

73 B
132 B
1
1

DNS Request

147.193.125.74.in-addr.arpa
74.125.193.147:443

www.google.com

https

7.3kB
54.9kB
26
66
8.8.8.8:53

94.202.85.209.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

94.202.85.209.in-addr.arpa
8.8.8.8:53

94.203.85.209.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

94.203.85.209.in-addr.arpa
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

29.243.111.52.in-addr.arpa
8.8.8.8:53

detectportal.firefox.com

dns

70 B
181 B
1
1

DNS Request

detectportal.firefox.com

DNS Response

34.107.221.82
8.8.8.8:53

prod.detectportal.prod.cloudops.mozgcp.net

dns

88 B
104 B
1
1

DNS Request

prod.detectportal.prod.cloudops.mozgcp.net

DNS Response

34.107.221.82
8.8.8.8:53

prod.detectportal.prod.cloudops.mozgcp.net

dns

176 B
232 B
2
2

DNS Request

prod.detectportal.prod.cloudops.mozgcp.net

DNS Request

prod.detectportal.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:38d7::

DNS Response

2600:1901:0:38d7::
8.8.8.8:53

example.org

dns

114 B
146 B
2
2

DNS Request

example.org

DNS Response

93.184.216.34

DNS Request

example.org

DNS Response

93.184.216.34
8.8.8.8:53

ipv4only.arpa

dns

118 B
182 B
2
2

DNS Request

ipv4only.arpa

DNS Request

ipv4only.arpa

DNS Response

192.0.0.170

192.0.0.171

DNS Response

192.0.0.170

192.0.0.171
8.8.8.8:53

detectportal.firefox.com

dns

140 B
362 B
2
2

DNS Request

detectportal.firefox.com

DNS Response

34.107.221.82

DNS Request

detectportal.firefox.com

DNS Response

34.107.221.82
8.8.8.8:53

82.221.107.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

82.221.107.34.in-addr.arpa
8.8.8.8:53

detectportal.firefox.com

dns

140 B
362 B
2
2

DNS Request

detectportal.firefox.com

DNS Request

detectportal.firefox.com

DNS Response

34.107.221.82

DNS Response

34.107.221.82

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
379KB

MD5
8c68828370e4b2a19f59c52087cacc4a

SHA1
2d35805b5114bb90bed4b4b15b6cecd9292a1fbb

SHA256
360cc8e77e1cba5e54dcb8c0695c03f02ba741af7ddc7489f07231cbf114312f

SHA512
571c0dc1df0e9005ebafbe4a86bd652e95b75da9d3a5095225e96f59253dde90f75843ac28191449bd07d28cfb02e7015353db0fcac966159f969e2ef6dab7e0

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
1fb689a5b044640c3d3dde285e47fea5

SHA1
be190dada98dc770b3622daa39b865c7ebab85e2

SHA256
cb9ca84d176cfea4cb0fe45ffc7f8d53bcff9e1d28cdf2d76ce32cb454206fa0

SHA512
2428b5a1e9f0af3569c18d37099962ee934b61a00a8e0b44d6e9664be7c8a5a2bb92b1ad866d8391993f02c916b91124529a6cf16b148293c194ee36b496e656

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
396KB

MD5
e78af6833c4f7d8107d86f4342acf031

SHA1
c934574aff020875e829ade2d45497e9c937df0b

SHA256
832078c755b5291505a311643e033287e8f9872fe16f6e3523487d7dd3d8c5e5

SHA512
20b69ee8026536134c4f789274d2e3d494024bce8bc33825f4db85df7e22ea6a30eef63a1b7f8b147096aad00bbc55081ac02ed7c9a3026926c54be2956467c1

Download Submit
C:\vcredist2010_x86.log.html

Filesize
82KB

MD5
da3cf4db379428e2131256b684b9cde8

SHA1
cec87d8aaa81a07a7c7c7fc8b34c58f0f1ae1cbb

SHA256
8e502c20ade33205856c2b7ba19540e945340223858e292efade55ddbf0397f3

SHA512
ebdde710025c4462181306c68d4969eaa8d5080e633e1dc963666b0d82c802c7bdf74db35dda10a14a0c64d02fd3e1ab7b1ec808b6841dea5f0b4bdc76247635

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
168KB

MD5
efc74119a4daa24751bb122ba3b024b7

SHA1
c7395403e13a9ca857a0c71ee9da3da0d866078a

SHA256
7f671330c29a3272437189361e0c999282f184a6a9320a3e93c8ad5dc031dcab

SHA512
91d70927a6930ee9171a56191d2cf54cb656cee0f8f08a330920a65736007fcd04b6c85a391fb2c969def5e1b4af3146e71718b659903bbfa2c7e20647e2b54c

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
2254abffadddf7b8aac462d6dd837063

SHA1
5a94ae36ec34399e29d20957d2b9349042473c71

SHA256
88c9fdc2f2baedccf0a330da27d08a7fdc849a3f2fdd5e986306b826e591941c

SHA512
b5fc6e929edaf3c4863b5a71ab699083b0d485ff250372752ce125a1e0fd44c9443847044d99172cc0a7880c45c00f0666410425ec57f054643b46733ab37256

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
171KB

MD5
3c61d78cad6f40175423d31309b4a2c0

SHA1
14112d9f4329999d45a1c7ade009606d44738f64

SHA256
a3fc2eee5093ba80ee396c65960a6448690a790d60561d13244d5bf83dbcdc5b

SHA512
b93a33e12ae31c67278e58ee06506a78506e8a9bc7ac3e7056d4d33759d487e93e008c059b665e8696f51a988b88fbd2c31b4431c30338db248cffb98fe466b0

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
760cc152719aebab1d731d2799598b33

SHA1
91e2f50100e88f9ca4bb7e96df7f756fbe8842c3

SHA256
55fd4477690ed8a2bc3d5789109b19e164c2a3a23176c124519dad392e5c0361

SHA512
654b10d555255706def7542c714372f98b370b83d2bd07b3694412de9d91268c8355399a52673cff8eacfdf96751ee40ec615b335f9cd5c51ef2905192f922d8

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
170KB

MD5
0b4a6d73e7e0d264e6068a85439ac9d2

SHA1
7c1110d4bee2eda959b629fc565593ebb09d2e54

SHA256
10104d9a1ad430d05d4c708ca574f91db57f5f31532f09bb6148a8ff14e01cf7

SHA512
8db9c193771ff2df82156127bc2146193348612091593f4a8bb6234f69b08141d79c4e23dbec01ddd8f17091dbcd3381219b1d7e24b6667b9052732c71a87e9e

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
191KB

MD5
fca91faee6fdd3d2efcdb3a740c14d84

SHA1
c3fb21bb37f26d127913c8496528035b90b6e459

SHA256
becdccb07e2b0420923f8f4296d41c098b281d5b48d4dedc21ed57597f18e8a4

SHA512
3833af2cdca6044f9431a1d235cd085f88ffaa02c2ca81f3d2a7a8dc990362726feade52c004c6b3639e95bcfa924d0bc7d43dc4798c30962534f0b43433f20f

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
3b2296feeb1d49f4ff050b24c654d3aa

SHA1
24d47b6c94737a45d6c7554d14ec989572cd0387

SHA256
bb52b17a5702f607e698e43f9cdeed53f39ff0a3af2ce42455ed8ba151512518

SHA512
ccb2bc93f8de97e3bdd5e79dfdfd24489efcc6cc127d281e83da22b53f523b5ce4d7df50751da26bb737b231640cf1678d0942d40917735056c628e8e6a0245f

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
198KB

MD5
39ea7c1866d65b881ddac7a0424cb975

SHA1
13885c716a5ff1be38f0dfb9d1d4c3a4949b23a1

SHA256
5c954c34da4b5807198600f32077258e01d72ad55f152a16f360f713f7483463

SHA512
0cdd2e8b68d09e0700ec934044b44cd0ae933ecb8a68378e4f40d9fc5301162d44e5f2a0c45f35890fd490bd8e00ec8befaa483a1dcbdca93abd99fd80eafb1e

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
123KB

MD5
d82acfe1acf5490881d5b4c12842e54f

SHA1
384bc53a28db75867bbcafb9bd815d45ab2a71fd

SHA256
1dd73aa81761a4e3b465a4337d52772441a0496b765d08f7fce9da61baa11a31

SHA512
c0bd719709cbcf0c6cf3dab6249811c9cc7ebad40389a09f281cd10e75fca8c5d50ae32c4a4a9cd88c2deec5eadfbcd8532d2a9dc841e0b2c4b64e736416784c

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
129KB

MD5
d289d94f38ca3fb551ad1fe6ade48aad

SHA1
c112d3045203a32dbb4b4d5e1498bb18a3caf202

SHA256
9ec27a9617687d85aa1a8c5dbfb04efc1fbf40f2799b1686238c4061d4ee929f

SHA512
b50a92a8812eda1f970506b11308cd63031fffd2c1b5c09bf4aa7fbfd1f3a371a83f965e15991fd138d7da960acf37b33cd82bfe6657be49a59aec40b2f5eb98

Download Submit
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

Filesize
123KB

MD5
8abccb88d679b2385ece4268098c49ae

SHA1
a6c6425277dbe289808f47439eaeedc575ac40b0

SHA256
e4c1de90273b3f9501980f747481d3c198e0ee1f1e1ebdf858e425a43605015d

SHA512
a602f852b9c1358b2c91b70d692bd6342fcb732c717d6d913255034f240f990f4f3f3a6f5eea1a940ddaba5c8fdbb2e569c15cf6be03c051471338c72b787843

Download Submit
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log

Filesize
135KB

MD5
e9d5da7570d08cfe07cc0115822da295

SHA1
a64a40fc2450e31dfa96712dfc6c8d24e57b4792

SHA256
ae4a75e32794dbd6e4951c5ac54f960812148a2a39bb1584e2da7125f0852ea8

SHA512
1e5ff4b4f3c132acd55641da30e4774caadc298473df2eb5293ef0e2c116b3d85819397a22b0f68aca088de51f27b70618d3f5fd20ff775960ee309b88f471dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response