hxxps://www[.]angusj[.]com/resourcehacker/reshacker_setup[.]exe

Resubmissions

16/05/2024, 16:02 UTC

240516-thaqkacf53 8

16/05/2024, 15:21 UTC

240516-srd9nsaf9x 8

16/05/2024, 15:16 UTC

240516-snm3eaag66 8

Analysis

max time kernel
148s
max time network
149s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/05/2024, 15:16 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.angusj.com/resourcehacker/reshacker_setup.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4580	reshacker_setup.exe
4472	reshacker_setup.tmp

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\reshacker_setup.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1968	firefox.exe
Token: SeDebugPrivilege	1968	firefox.exe
Token: SeDebugPrivilege	4472	reshacker_setup.tmp
Token: SeDebugPrivilege	4472	reshacker_setup.tmp
Token: SeDebugPrivilege	4472	reshacker_setup.tmp
Token: SeDebugPrivilege	1968	firefox.exe
Token: SeDebugPrivilege	1968	firefox.exe
Token: SeDebugPrivilege	1968	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1968	firefox.exe
1968	firefox.exe
1968	firefox.exe
1968	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1968	firefox.exe
1968	firefox.exe
1968	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1968	firefox.exe
1968	firefox.exe
1968	firefox.exe
1968	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 2192 wrote to memory of 1968	2192	firefox.exe	73
PID 1968 wrote to memory of 4756	1968	firefox.exe	74
PID 1968 wrote to memory of 4756	1968	firefox.exe	74
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4960	1968	firefox.exe	75
PID 1968 wrote to memory of 4136	1968	firefox.exe	76
PID 1968 wrote to memory of 4136	1968	firefox.exe	76
PID 1968 wrote to memory of 4136	1968	firefox.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.angusj.com/resourcehacker/reshacker_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.angusj.com/resourcehacker/reshacker_setup.exe
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.0.1081943306\1681970942" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ad2fb4b-2622-4223-ac50-c1b31047b703} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 1796 207e6ed8858 gpu
    3⤵
    PID:4756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.1.1362644404\2014324709" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df7eaf01-22e4-43e2-b447-f9c64c41f3d3} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 2172 207e6dfb958 socket
    3⤵
    PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.2.1766128338\1486728081" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2828 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {461047f9-2976-44b2-b26a-9d6e3b37e8c8} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 2716 207eaed9b58 tab
    3⤵
    PID:4136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.3.1327699639\1692452946" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b54a2a20-b075-4ed1-8100-0bc0f56f9131} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 3652 207ec533e58 tab
    3⤵
    PID:4128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.4.1808650207\1985605800" -childID 3 -isForBrowser -prefsHandle 4696 -prefMapHandle 4692 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe62fff6-cade-469e-b60c-cbc553911972} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 4708 207ec818f58 tab
    3⤵
    PID:1704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.5.1578681392\954857727" -childID 4 -isForBrowser -prefsHandle 4828 -prefMapHandle 4832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c17623ea-ef37-40a7-96a5-878ba982b823} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 4724 207ed38b558 tab
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.6.672167982\2124384474" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8088276c-f688-4f15-8616-d7f409a22797} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 5012 207edf6dc58 tab
    3⤵
    PID:632
- - C:\Users\Admin\Downloads\reshacker_setup.exe
    "C:\Users\Admin\Downloads\reshacker_setup.exe"
    3⤵
    - Executes dropped EXE
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\is-R46MI.tmp\reshacker_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-R46MI.tmp\reshacker_setup.tmp" /SL5="$50204,3504386,870400,C:\Users\Admin\Downloads\reshacker_setup.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4472

Network

DNS

www.angusj.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.angusj.com

IN A

Response

www.angusj.com

IN CNAME

angusj.com

angusj.com

IN A

203.170.87.121
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.188.166:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

54.188.201.143

shavar.prod.mozaws.net

IN A

35.164.250.149

shavar.prod.mozaws.net

IN A

44.233.67.78
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

54.188.201.143

shavar.prod.mozaws.net

IN A

44.233.67.78

shavar.prod.mozaws.net

IN A

35.164.250.149
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-modified-since: Fri, 25 Mar 2022 17:45:46 GMT
if-none-match: "1648230346554"
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 27107
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Backoff, Retry-After, Alert
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Thu, 16 May 2024 14:30:03 GMT
age: 2863
last-modified: Thu, 16 May 2024 14:28:11 GMT
content-type: application/json
last-modified: Thu, 16 May 2024 14:28:11 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221715869691048%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221715869691048%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/public-suffix-list/changeset?_expected=1575468539758

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/public-suffix-list/changeset?_expected=1575468539758 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1715861164430

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1715861164430 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/devtools-compatibility-browsers/changeset?_expected=1715839095932&_since=%221662648201700%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/devtools-compatibility-browsers/changeset?_expected=1715839095932&_since=%221662648201700%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1713187389066&_since=%221661199890666%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1713187389066&_since=%221661199890666%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/sites-classification?_expected=1544035467383

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/sites-classification?_expected=1544035467383 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/pioneer-study-addons-v1/changeset?_expected=1607042143590

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/pioneer-study-addons-v1/changeset?_expected=1607042143590 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/top-sites?_expected=1647020600359

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/top-sites?_expected=1647020600359 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/doh-providers/changeset?_expected=1647549722107&_since=%221621943542621%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/doh-providers/changeset?_expected=1647549722107&_since=%221621943542621%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/doh-config/changeset?_expected=1651753780606&_since=%221621943462970%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/doh-config/changeset?_expected=1651753780606&_since=%221621943462970%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/devtools-devices?_expected=1653469171354

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/devtools-devices?_expected=1653469171354 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends?_expected=1659924446436

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/websites-with-shared-credential-backends?_expected=1659924446436 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules/changeset?_expected=1679600032742&_since=%221659924409785%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/password-rules/changeset?_expected=1679600032742&_since=%221659924409785%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1683667257606

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1683667257606 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/addons-manager-settings/changeset?_expected=1688747728721

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/addons-manager-settings/changeset?_expected=1688747728721 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1701090424142&_since=%221606870304609%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1701090424142&_since=%221606870304609%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-default-override-allowlist/changeset?_expected=1710168995103&_since=%221595254618540%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/search-default-override-allowlist/changeset?_expected=1710168995103&_since=%221595254618540%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1710766850143&_since=%221661199949574%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/search-config/changeset?_expected=1710766850143&_since=%221661199949574%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/cert-revocations/changeset?_expected=1715853430420

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/security-state/collections/cert-revocations/changeset?_expected=1715853430420 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/intermediates/changeset?_expected=1715637423088&_since=%221664891823141%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/security-state/collections/intermediates/changeset?_expected=1715637423088&_since=%221664891823141%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/onecrl/changeset?_expected=1710189695302&_since=%221658781354245%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/security-state/collections/onecrl/changeset?_expected=1710189695302&_since=%221658781354245%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.107.243.93:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ynG/DLxM9ym4eY9y4cw1Xw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

connection: upgrade
sec-websocket-accept: odiPrWw6Qy3Hpe2dEN6ajVeN0XY=
upgrade: websocket
date: Thu, 16 May 2024 15:16:52 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

angusj.com

firefox.exe

Remote address:

8.8.8.8:53

Request

angusj.com

IN A

Response

angusj.com

IN A

203.170.87.121
GET

https://www.angusj.com/resourcehacker/reshacker_setup.exe

firefox.exe

Remote address:

203.170.87.121:443

Request

GET /resourcehacker/reshacker_setup.exe HTTP/2.0
host: www.angusj.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 200

server: nginx
date: Thu, 16 May 2024 15:16:53 GMT
content-type: application/x-msdownload
content-length: 4268933
last-modified: Sun, 19 Nov 2023 10:21:19 GMT
accept-ranges: bytes
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

angusj.com

firefox.exe

Remote address:

8.8.8.8:53

Request

angusj.com

IN AAAA

Response

angusj.com

IN AAAA

2404:8280:a222:bbbb:bba1:7:ffff:ffff
DNS

166.188.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.188.117.34.in-addr.arpa

IN PTR

Response

166.188.117.34.in-addr.arpa

IN PTR

16618811734bcgoogleusercontentcom
DNS

143.201.188.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

143.201.188.54.in-addr.arpa

IN PTR

Response

143.201.188.54.in-addr.arpa

IN PTR

ec2-54-188-201-143 us-west-2compute amazonawscom
DNS

121.87.170.203.in-addr.arpa

Remote address:

8.8.8.8:53

Request

121.87.170.203.in-addr.arpa

IN PTR

Response

121.87.170.203.in-addr.arpa

IN PTR

ipcbaa5779ipv4syd02dsnetwork
DNS

aus5.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

23.53.40.162

a19.dscg10.akamai.net

IN A

23.53.40.129
GET

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

firefox.exe

Remote address:

23.53.40.162:80

Request

GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

X-Trans-Id: tx8595e4897e4e4f68bbe2c-006641e6e4dfw1
Last-Modified: Wed, 10 Apr 2024 18:44:28 GMT
ETag: 85430baed3398695717b0263807cf97c
Content-Length: 453023
Accept-Ranges: bytes
X-Timestamp: 1712774667.41880
Content-Type: application/zip
Cache-Control: public, max-age=233540
Expires: Sun, 19 May 2024 08:10:07 GMT
Date: Thu, 16 May 2024 15:17:47 GMT
Connection: keep-alive
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

23.53.40.162

a19.dscg10.akamai.net

IN A

23.53.40.129
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:82::17c8:56fb

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:82::17c8:570c
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.187.206
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.187.206
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4007:819::200e
DNS

r1---sn-aigl6ney.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1---sn-aigl6ney.gvt1.com

IN A

Response

r1---sn-aigl6ney.gvt1.com

IN CNAME

r1.sn-aigl6ney.gvt1.com

r1.sn-aigl6ney.gvt1.com

IN A

173.194.183.166
DNS

r1.sn-aigl6ney.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-aigl6ney.gvt1.com

IN A

Response

r1.sn-aigl6ney.gvt1.com

IN A

173.194.183.166
DNS

r1.sn-aigl6ney.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-aigl6ney.gvt1.com

IN AAAA

Response

r1.sn-aigl6ney.gvt1.com

IN AAAA

2a00:1450:4009:11::6
DNS

162.40.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.40.53.23.in-addr.arpa

IN PTR

Response

162.40.53.23.in-addr.arpa

IN PTR

a23-53-40-162deploystaticakamaitechnologiescom
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

166.183.194.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.183.194.173.in-addr.arpa

IN PTR

Response

166.183.194.173.in-addr.arpa

IN PTR

lhr25s19-in-f61e100net
DNS

firefox-settings-attachments.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-settings-attachments.cdn.mozilla.net

IN A

Response

firefox-settings-attachments.cdn.mozilla.net

IN CNAME

attachments.prod.remote-settings.prod.webservices.mozgcp.net

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.117.121.53
DNS

attachments.prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.117.121.53
DNS

attachments.prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

6.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.173.189.20.in-addr.arpa

IN PTR

Response
DNS

91.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.90.14.23.in-addr.arpa

IN PTR

Response

91.90.14.23.in-addr.arpa

IN PTR

a23-14-90-91deploystaticakamaitechnologiescom

127.0.0.1:49756

firefox.exe
34.117.188.166:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

1.8kB
8.2kB
15
17

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
54.188.201.143:443

shavar.services.mozilla.com

tls

firefox.exe

2.2kB
3.8kB
10
9
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

3.3kB
28.5kB
35
45
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/

tls, http2

firefox.exe

43.9kB
1.5MB
771
1175

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221715869691048%22

HTTP Response

200

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/public-suffix-list/changeset?_expected=1575468539758

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1715861164430

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/devtools-compatibility-browsers/changeset?_expected=1715839095932&_since=%221662648201700%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1713187389066&_since=%221661199890666%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/sites-classification?_expected=1544035467383

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/pioneer-study-addons-v1/changeset?_expected=1607042143590

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/top-sites?_expected=1647020600359

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/doh-providers/changeset?_expected=1647549722107&_since=%221621943542621%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/doh-config/changeset?_expected=1651753780606&_since=%221621943462970%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/devtools-devices?_expected=1653469171354

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends?_expected=1659924446436

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules/changeset?_expected=1679600032742&_since=%221659924409785%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1683667257606

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/addons-manager-settings/changeset?_expected=1688747728721

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1701090424142&_since=%221606870304609%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-default-override-allowlist/changeset?_expected=1710168995103&_since=%221595254618540%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1710766850143&_since=%221661199949574%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/cert-revocations/changeset?_expected=1715853430420

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/intermediates/changeset?_expected=1715637423088&_since=%221664891823141%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/onecrl/changeset?_expected=1710189695302&_since=%221658781354245%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/
34.107.243.93:443

https://push.services.mozilla.com/

tls, http

firefox.exe

1.9kB
4.5kB
10
10

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
203.170.87.121:443

https://www.angusj.com/resourcehacker/reshacker_setup.exe

tls, http2

firefox.exe

73.6kB
4.4MB
1450
3171

HTTP Request

GET https://www.angusj.com/resourcehacker/reshacker_setup.exe

HTTP Response

200
203.170.87.121:443

www.angusj.com

tls, http2

firefox.exe

1.2kB
4.6kB
10
10
127.0.0.1:49762

firefox.exe
35.244.181.201:443

aus5.mozilla.org

tls

firefox.exe

1.6kB
5.5kB
14
15
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

firefox.exe

978 B
3.9kB
10
9
23.53.40.162:80

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

http

firefox.exe

8.2kB
467.4kB
171
346

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

HTTP Response

200
142.250.187.206:443

redirector.gvt1.com

tls

firefox.exe

1.6kB
9.0kB
17
19
173.194.183.166:443

r1---sn-aigl6ney.gvt1.com

tls

firefox.exe

126.0kB
8.7MB
2492
6256
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.0kB
3.8kB
11
9
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.0kB
3.9kB
11
10
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.0kB
3.8kB
11
9
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

373.4kB
3.9MB
3364
5040
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.0kB
3.9kB
11
10
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.0kB
3.9kB
11
10

8.8.8.8:53

www.angusj.com

dns

firefox.exe

60 B
90 B
1
1

DNS Request

www.angusj.com

DNS Response

203.170.87.121
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
157 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

54.188.201.143

35.164.250.149

44.233.67.78
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
116 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

54.188.201.143

44.233.67.78

35.164.250.149
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
161 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
110 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

angusj.com

dns

firefox.exe

56 B
72 B
1
1

DNS Request

angusj.com

DNS Response

203.170.87.121
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
34.117.188.166:443

contile.services.mozilla.com

https

firefox.exe

1.8kB
4.2kB
5
6
8.8.8.8:53

angusj.com

dns

firefox.exe

56 B
84 B
1
1

DNS Request

angusj.com

DNS Response

2404:8280:a222:bbbb:bba1:7:ffff:ffff
8.8.8.8:53

166.188.117.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

166.188.117.34.in-addr.arpa
8.8.8.8:53

143.201.188.54.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

143.201.188.54.in-addr.arpa
8.8.8.8:53

121.87.170.203.in-addr.arpa

dns

73 B
119 B
1
1

DNS Request

121.87.170.203.in-addr.arpa
8.8.8.8:53

aus5.mozilla.org

dns

firefox.exe

62 B
180 B
1
1

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
175 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net
8.8.8.8:53

201.181.244.35.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

201.181.244.35.in-addr.arpa
8.8.8.8:53

ciscobinary.openh264.org

dns

firefox.exe

70 B
286 B
1
1

DNS Request

ciscobinary.openh264.org

DNS Response

23.53.40.162

23.53.40.129
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
99 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

23.53.40.162

23.53.40.129
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
123 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:82::17c8:56fb

2a02:26f0:82::17c8:570c
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

142.250.187.206
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

142.250.187.206
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
93 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

2a00:1450:4007:819::200e
142.250.187.206:443

redirector.gvt1.com

https

firefox.exe

3.3kB
9.6kB
9
10
8.8.8.8:53

r1---sn-aigl6ney.gvt1.com

dns

firefox.exe

71 B
116 B
1
1

DNS Request

r1---sn-aigl6ney.gvt1.com

DNS Response

173.194.183.166
8.8.8.8:53

r1.sn-aigl6ney.gvt1.com

dns

firefox.exe

69 B
85 B
1
1

DNS Request

r1.sn-aigl6ney.gvt1.com

DNS Response

173.194.183.166
8.8.8.8:53

r1.sn-aigl6ney.gvt1.com

dns

firefox.exe

69 B
97 B
1
1

DNS Request

r1.sn-aigl6ney.gvt1.com

DNS Response

2a00:1450:4009:11::6
8.8.8.8:53

162.40.53.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

162.40.53.23.in-addr.arpa
8.8.8.8:53

206.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.187.250.142.in-addr.arpa
173.194.183.166:443

r1.sn-aigl6ney.gvt1.com

https

firefox.exe

1.9kB
6.5kB
6
8
8.8.8.8:53

166.183.194.173.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

166.183.194.173.in-addr.arpa
8.8.8.8:53

firefox-settings-attachments.cdn.mozilla.net

dns

firefox.exe

90 B
177 B
1
1

DNS Request

firefox-settings-attachments.cdn.mozilla.net

DNS Response

34.117.121.53
8.8.8.8:53

attachments.prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

106 B
122 B
1
1

DNS Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.117.121.53
8.8.8.8:53

attachments.prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

106 B
199 B
1
1

DNS Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

6.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

6.173.189.20.in-addr.arpa
8.8.8.8:53

91.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

91.90.14.23.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

Filesize
13KB

MD5
5747f8bf6dff283848c80fa51798f7e5

SHA1
54c78b97904a8a72feab1ff877b9c17dc51ba087

SHA256
bf85544513bc137a468be1df44c32cedf7d0e689c5052243bdb75b1d4632a625

SHA512
786591397ff1e2da437424100b9344ed8523531f602ec1b9d3df2036268270f6cd8722a5dab3e170adb4d60d96289322ccbc65319b78094197a4893d282bb2eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
58f0d17d80f7806823f4870b2d4313b7

SHA1
4770aa2e63579349bac8e6b37b047462ec2812c1

SHA256
402d2e223f0a0dde7da52e5e05396be952f38e828b4f534b8824c4ce39b51511

SHA512
556fee19c0ca097869ec8187d8605762f221b77036e50de2b967e103e0a096ebec08d505342ae08a56dade3aeadb3452af3419b1eb038a86364e45a959f8d031

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R46MI.tmp\reshacker_setup.tmp

Filesize
2.5MB

MD5
c5cac19a48b63987b767c8ce36a09282

SHA1
899834cb9faa1a04029403085a761c5a2aae0045

SHA256
9aec7890b56a86f175957b7a99fe57ce6234d16995e019d3008a5d599fdf8e28

SHA512
a796cdec441c82353fc160d92af14ade268172b7d232c8f1bcdd5c807b7dce3c4c4cb877b467446b54f058b0bc4219f82ee99df2851d83d121ced2b3674ab1a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
845513e0e45eb1371041d0efc6ed30a8

SHA1
d8026607459592258abc13f5033971915a69b6eb

SHA256
5c956de9def4faa5557a456b7f966eb44f6adf57e48e3a247d8b0458711d0a1a

SHA512
818b638e834f5f45bb808b2aa9cfb0ebdcaf03a8800927448e7d6ad73838ae5ca7bce60de53e00a9c6831e032626196e5f161b75bff7099ccbfd0ef008b5459f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\132ad6b0-dc01-4bdc-bbec-f728055a042a

Filesize
746B

MD5
2c60ed12ad20989edb7b935632141764

SHA1
023607659b915d2eb6a140cacd67495d5e827149

SHA256
5397cf3d2c57c72a51e86af7d559a5a4ad1bca34d4d4f93cda78d30fbdfaecda

SHA512
6155173120370633975ac0f92499692822a34576be524f639774e59a186141855ca2fc536a705665fba14829074f87084d6f09135a2cf3c044f5d3e084ce64e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\f727f294-bfac-480e-97d9-8d058e01b136

Filesize
9KB

MD5
87c7ccb7f9642790074b2617a8b951e3

SHA1
fdc9b9fb7796f9a9b008a0bfa1cc2085a6f0f267

SHA256
a6b9e5b33ff0466de9fab50c28ab253ac25f8152b241852f03c5a5374bd65933

SHA512
fba2849a9ee7535f155401f4f9db207b056661bae7c3b2639c7b4409189d30fa1afe77b74723bb5081fd172092ece8bab16d42009d53730c8a66588a36bc177e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
7KB

MD5
506d021d94f45d89470e51984a5cd02c

SHA1
a03e87e360b75e70e713ce128178ca111989be46

SHA256
57630be987ad910adea9ac3b26d4a843262cfea8e4f61bceb26b4eb4ab566b66

SHA512
0e06d2441b737b30cd25aea80c952079c5f4f0b64accac6c1bf843272d7a9da3d7650a83edeae85fe97f3157a74bf0d8b01e692d17ec56abd13335f81855db67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
990B

MD5
dc1339b5cec1434288854ab5b16571d4

SHA1
35bdfa74a485f3c16a708bf885a6532de6219d86

SHA256
ea5bf3beeb94e06b8790beba0000cde08e18c27c7ce41c80e155b2dc07349830

SHA512
f9fb04ac2bf2331f4dd79ce0b6694218dc9656572e196bc2d23c7d60331c82b7cbbf7711288b5b5c1b50340f04efdcbc21cd879ed3efd979eac31e2b30bfb325

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
995B

MD5
0e15aefb01dee73ffb8484a13c57ff96

SHA1
79f8bb9e868163ae58955e6cc753ae0f51aaeb93

SHA256
dd7d2f57246dccfb5ca708b57991e7475bfdbbd157f0928ce83032cd206b6681

SHA512
d8e830a26d37f41e57df1c6111c90287971c8fafeff6f4429f8cc4cc107c536ec19f69456cd10409d4c81e9f2cc2fe34d53e7b006c7921ec9e9806c7876fb6cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.6MB

MD5
f6f63bf7295ee536d255d0f7d054fa51

SHA1
5f55a49c248d803e2124ad459db1515b0ad4bef7

SHA256
9e028d92e6bff285149b038502e89e2536ac13d4a4ca5e496f080e7342d4a548

SHA512
a50df8ab6579015742873a7ec2cabea92133e2d981739ecf35a2ed9cf7e8c56a2d532dd43b298361c67d51b01a4bc639ebf4892d8f6ee960f95d0b12ede4588b

Download Submit
C:\Users\Admin\Downloads\reshacker_setup.GRpK6cK8.exe.part

Filesize
30KB

MD5
8d44a9335d8814ae709b3bc57895ad37

SHA1
57dfa9bb0840aa3fba447b783dabeccc0819f8fa

SHA256
2731c01f88ed047ff70b66c60aaffd07d4705f6225fcf535ec028056cbd75f32

SHA512
678dca1578759fdc45c069efb452ed24ff1ea60e84be2d62d56f4f21e691f1bacd96ba5cddd5fe450006cef14425b0129e9cd007a550dfc5edf5eb0e24c782f1

Download Submit
C:\Users\Admin\Downloads\reshacker_setup.exe

Filesize
4.1MB

MD5
02eb693dcfb90a696d191badbcf314ce

SHA1
b1d0352c35d7da251e2fa19ecbe8c1e5286f898f

SHA256
246457363396dcea4cc3d19ce2a431897bac948ae1694d3e87cc0ebaf2ea39f5

SHA512
17b6a5f2446459c058bd035df784adad0e58aa7438a56e02fd75c593eb6bae82719b6293de6b1504e1089cade44b5e137771991816d616c08f92eb2c249cc159

Download Submit
memory/4472-142-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/4472-137-0x00007FFE943D0000-0x00007FFE945AB000-memory.dmp

Filesize
1.9MB

Download
memory/4580-141-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/4580-133-0x00007FFE943D0000-0x00007FFE945AB000-memory.dmp

Filesize
1.9MB

Download
memory/4580-130-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request