Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
16/05/2024, 16:02 UTC
240516-thaqkacf53 816/05/2024, 15:21 UTC
240516-srd9nsaf9x 816/05/2024, 15:16 UTC
240516-snm3eaag66 8Analysis
-
max time kernel
9s -
max time network
11s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 16:02 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.angusj.com/resourcehacker/reshacker_setup.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://www.angusj.com/resourcehacker/reshacker_setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
https://www.angusj.com/resourcehacker/reshacker_setup.exe
Resource
win11-20240508-en
General
-
Target
https://www.angusj.com/resourcehacker/reshacker_setup.exe
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings firefox.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\reshacker_setup.exe:Zone.Identifier firefox.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 388 firefox.exe Token: SeDebugPrivilege 388 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 388 firefox.exe 388 firefox.exe 388 firefox.exe 388 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 388 firefox.exe 388 firefox.exe 388 firefox.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 388 firefox.exe 388 firefox.exe 388 firefox.exe 388 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 3964 wrote to memory of 388 3964 firefox.exe 81 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 4772 388 firefox.exe 82 PID 388 wrote to memory of 2416 388 firefox.exe 83 PID 388 wrote to memory of 2416 388 firefox.exe 83 PID 388 wrote to memory of 2416 388 firefox.exe 83 PID 388 wrote to memory of 2416 388 firefox.exe 83 PID 388 wrote to memory of 2416 388 firefox.exe 83 PID 388 wrote to memory of 2416 388 firefox.exe 83 PID 388 wrote to memory of 2416 388 firefox.exe 83 PID 388 wrote to memory of 2416 388 firefox.exe 83 PID 388 wrote to memory of 2416 388 firefox.exe 83 PID 388 wrote to memory of 2416 388 firefox.exe 83 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.angusj.com/resourcehacker/reshacker_setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3964 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.angusj.com/resourcehacker/reshacker_setup.exe2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:388 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.0.1004542317\1931822946" -parentBuildID 20230214051806 -prefsHandle 1816 -prefMapHandle 1812 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e08fdf78-a3f4-4d85-bcff-957aa97979d1} 388 "\\.\pipe\gecko-crash-server-pipe.388" 1892 1862340fe58 gpu3⤵PID:4772
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.1.2074557064\865863803" -parentBuildID 20230214051806 -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 23095 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54cab637-aa7e-4a49-b97f-9d739625ce3e} 388 "\\.\pipe\gecko-crash-server-pipe.388" 2488 1861668a858 socket3⤵PID:2416
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.2.421922996\1092934225" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2988 -prefsLen 23198 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b39c8d2d-8543-4dfd-834c-91e59cb5c225} 388 "\\.\pipe\gecko-crash-server-pipe.388" 3004 1862624ea58 tab3⤵PID:1880
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.3.1663468406\118521779" -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3560 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5514d4ab-f380-4b77-a03e-6b2f295a38f4} 388 "\\.\pipe\gecko-crash-server-pipe.388" 3668 18627ebe158 tab3⤵PID:4452
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.4.1505332724\2065870968" -childID 3 -isForBrowser -prefsHandle 5084 -prefMapHandle 5092 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ac420a-acc3-496b-b36a-c1c394043986} 388 "\\.\pipe\gecko-crash-server-pipe.388" 5108 1862695dd58 tab3⤵PID:4280
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.5.1090475920\1093996933" -childID 4 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a2b2dbf-5260-4ea4-ad56-06bcb3734729} 388 "\\.\pipe\gecko-crash-server-pipe.388" 5244 186297bde58 tab3⤵PID:2320
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.6.311649821\1045529264" -childID 5 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f1709ad-cc62-4d6e-a612-76525105a294} 388 "\\.\pipe\gecko-crash-server-pipe.388" 5432 1862a5a6f58 tab3⤵PID:1404
-
-
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.angusj.comIN AResponsewww.angusj.comIN CNAMEangusj.comangusj.comIN A203.170.87.121
-
Remote address:8.8.8.8:53Requestcontile.services.mozilla.comIN AResponsecontile.services.mozilla.comIN A34.117.188.166
-
Remote address:8.8.8.8:53Requestspocs.getpocket.comIN AResponsespocs.getpocket.comIN CNAMEprod.ads.prod.webservices.mozgcp.netprod.ads.prod.webservices.mozgcp.netIN A34.117.188.166
-
Remote address:8.8.8.8:53Requestgetpocket.cdn.mozilla.netIN AResponsegetpocket.cdn.mozilla.netIN CNAMEgetpocket-cdn.prod.mozaws.netgetpocket-cdn.prod.mozaws.netIN CNAMEprod.pocket.prod.cloudops.mozgcp.netprod.pocket.prod.cloudops.mozgcp.netIN A34.120.5.221
-
Remote address:8.8.8.8:53Requestcontent-signature-2.cdn.mozilla.netIN AResponsecontent-signature-2.cdn.mozilla.netIN CNAMEcontent-signature-chains.prod.autograph.services.mozaws.netcontent-signature-chains.prod.autograph.services.mozaws.netIN CNAMEprod.content-signature-chains.prod.webservices.mozgcp.netprod.content-signature-chains.prod.webservices.mozgcp.netIN A34.160.144.191
-
Remote address:8.8.8.8:53Requestshavar.services.mozilla.comIN AResponseshavar.services.mozilla.comIN CNAMEshavar.prod.mozaws.netshavar.prod.mozaws.netIN A35.164.250.149shavar.prod.mozaws.netIN A54.188.201.143shavar.prod.mozaws.netIN A44.233.67.78
-
Remote address:8.8.8.8:53Requestcontile.services.mozilla.comIN AResponsecontile.services.mozilla.comIN A34.117.188.166
-
GEThttps://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=GB&count=30firefox.exeRemote address:34.120.5.221:443RequestGET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=GB&count=30 HTTP/2.0
host: getpocket.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-none-match: W/"575e-ryk0NSC6+w0Nz2QA3OdX+aGN6oA"
te: trailers
-
Remote address:8.8.8.8:53Requestpush.services.mozilla.comIN AResponsepush.services.mozilla.comIN CNAMEautopush.prod.mozaws.netautopush.prod.mozaws.netIN A34.107.243.93
-
GEThttps://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-06-09-11-51-09.chainfirefox.exeRemote address:34.160.144.191:443RequestGET /chains/remote-settings.content-signature.mozilla.org-2024-06-09-11-51-09.chain HTTP/2.0
host: content-signature-2.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
if-modified-since: Sat, 20 Apr 2024 11:51:10 GMT
if-none-match: "b4944a0f4143c705f938452dfddd53cd"
te: trailers
-
Remote address:8.8.8.8:53Requestprod.pocket.prod.cloudops.mozgcp.netIN AResponseprod.pocket.prod.cloudops.mozgcp.netIN A34.120.5.221
-
Remote address:8.8.8.8:53Requestprod.content-signature-chains.prod.webservices.mozgcp.netIN AResponseprod.content-signature-chains.prod.webservices.mozgcp.netIN A34.160.144.191
-
Remote address:8.8.8.8:53Requestfirefox.settings.services.mozilla.comIN AResponsefirefox.settings.services.mozilla.comIN CNAMEprod.remote-settings.prod.webservices.mozgcp.netprod.remote-settings.prod.webservices.mozgcp.netIN A34.149.100.209
-
Remote address:8.8.8.8:53Requestcontile.services.mozilla.comIN AAAAResponse
-
Remote address:8.8.8.8:53Requestprod.content-signature-chains.prod.webservices.mozgcp.netIN AAAAResponseprod.content-signature-chains.prod.webservices.mozgcp.netIN AAAA2600:1901:0:92a9::
-
POSThttps://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=110.0&pver=2.2firefox.exeRemote address:35.164.250.149:443RequestPOST /downloads?client=navclient-auto-ffox&appver=110.0&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 582
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Date: Thu, 16 May 2024 16:03:12 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
-
Remote address:8.8.8.8:53Requestprod.pocket.prod.cloudops.mozgcp.netIN AAAAResponseprod.pocket.prod.cloudops.mozgcp.netIN AAAA2600:1901:0:524c::
-
Remote address:8.8.8.8:53Request82.90.14.23.in-addr.arpaIN PTRResponse82.90.14.23.in-addr.arpaIN PTRa23-14-90-82deploystaticakamaitechnologiescom
-
GEThttps://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-USfirefox.exeRemote address:34.149.100.209:443RequestGET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-modified-since: Fri, 25 Mar 2022 17:45:46 GMT
if-none-match: "1648230346554"
te: trailers
-
Remote address:8.8.8.8:53Requestprod.ads.prod.webservices.mozgcp.netIN AResponseprod.ads.prod.webservices.mozgcp.netIN A34.117.188.166
-
Remote address:8.8.8.8:53Requestshavar.prod.mozaws.netIN AResponseshavar.prod.mozaws.netIN A35.164.250.149shavar.prod.mozaws.netIN A44.233.67.78shavar.prod.mozaws.netIN A54.188.201.143
-
Remote address:8.8.8.8:53Requestautopush.prod.mozaws.netIN AResponseautopush.prod.mozaws.netIN A34.107.243.93
-
Remote address:8.8.8.8:53Requestprod.ads.prod.webservices.mozgcp.netIN AAAAResponse
-
Remote address:8.8.8.8:53Requestautopush.prod.mozaws.netIN AAAAResponse
-
Remote address:8.8.8.8:53Requestshavar.prod.mozaws.netIN AAAAResponse
-
Remote address:34.107.243.93:443RequestGET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8Xj4DF5RGcMGCWuKOd/w8A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
ResponseHTTP/1.1 101 Switching Protocols
upgrade: websocket
sec-websocket-accept: 9QnuiYAbWkUCFLsvw/1f5SD4P0g=
date: Thu, 16 May 2024 16:03:10 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestprod.remote-settings.prod.webservices.mozgcp.netIN AResponseprod.remote-settings.prod.webservices.mozgcp.netIN A34.149.100.209
-
Remote address:8.8.8.8:53Requestprod.remote-settings.prod.webservices.mozgcp.netIN AAAAResponse
-
Remote address:203.170.87.121:443RequestGET /resourcehacker/reshacker_setup.exe HTTP/2.0
host: www.angusj.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
ResponseHTTP/2.0 200
date: Thu, 16 May 2024 16:03:12 GMT
content-type: application/x-msdownload
content-length: 4268933
last-modified: Sun, 19 Nov 2023 10:21:19 GMT
accept-ranges: bytes
-
Remote address:8.8.8.8:53Requestangusj.comIN AResponseangusj.comIN A203.170.87.121
-
Remote address:8.8.8.8:53Requestangusj.comIN AAAAResponseangusj.comIN AAAA2404:8280:a222:bbbb:bba1:7:ffff:ffff
-
Remote address:8.8.8.8:53Request149.250.164.35.in-addr.arpaIN PTRResponse149.250.164.35.in-addr.arpaIN PTRec2-35-164-250-149 us-west-2compute amazonawscom
-
Remote address:8.8.8.8:53Request121.87.170.203.in-addr.arpaIN PTRResponse121.87.170.203.in-addr.arpaIN PTRipcbaa5779ipv4syd02dsnetwork
-
Remote address:8.8.8.8:53Request71.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
-
34.120.5.221:443https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=GB&count=30tls, http2firefox.exe1.6kB 13.5kB 11 17
HTTP Request
GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=GB&count=30 -
34.160.144.191:443https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-06-09-11-51-09.chaintls, http2firefox.exe1.4kB 4.0kB 11 11
HTTP Request
GET https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-06-09-11-51-09.chain -
35.164.250.149:443https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=110.0&pver=2.2tls, httpfirefox.exe2.2kB 3.9kB 10 13
HTTP Request
POST https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=110.0&pver=2.2HTTP Response
200 -
1.1kB 4.0kB 8 8
-
34.149.100.209:443https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-UStls, http2firefox.exe1.6kB 4.3kB 10 9
HTTP Request
GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US -
1.8kB 4.4kB 8 9
HTTP Request
GET https://push.services.mozilla.com/HTTP Response
101 -
104.5kB 4.4MB 1789 3163
HTTP Request
GET https://www.angusj.com/resourcehacker/reshacker_setup.exeHTTP Response
200 -
1.2kB 4.6kB 10 10
-
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
232.168.11.51.in-addr.arpa
-
60 B 90 B 1 1
DNS Request
www.angusj.com
DNS Response
203.170.87.121
-
74 B 90 B 1 1
DNS Request
contile.services.mozilla.com
DNS Response
34.117.188.166
-
65 B 131 B 1 1
DNS Request
spocs.getpocket.com
DNS Response
34.117.188.166
-
71 B 174 B 1 1
DNS Request
getpocket.cdn.mozilla.net
DNS Response
34.120.5.221
-
81 B 235 B 1 1
DNS Request
content-signature-2.cdn.mozilla.net
DNS Response
34.160.144.191
-
73 B 157 B 1 1
DNS Request
shavar.services.mozilla.com
DNS Response
35.164.250.14954.188.201.14344.233.67.78
-
2.1kB 8.0kB 8 10
-
74 B 90 B 1 1
DNS Request
contile.services.mozilla.com
DNS Response
34.117.188.166
-
71 B 125 B 1 1
DNS Request
push.services.mozilla.com
DNS Response
34.107.243.93
-
82 B 98 B 1 1
DNS Request
prod.pocket.prod.cloudops.mozgcp.net
DNS Response
34.120.5.221
-
2.3kB 5.6kB 8 8
-
103 B 119 B 1 1
DNS Request
prod.content-signature-chains.prod.webservices.mozgcp.net
DNS Response
34.160.144.191
-
83 B 161 B 1 1
DNS Request
firefox.settings.services.mozilla.com
DNS Response
34.149.100.209
-
74 B 155 B 1 1
DNS Request
contile.services.mozilla.com
-
103 B 131 B 1 1
DNS Request
prod.content-signature-chains.prod.webservices.mozgcp.net
DNS Response
2600:1901:0:92a9::
-
82 B 110 B 1 1
DNS Request
prod.pocket.prod.cloudops.mozgcp.net
DNS Response
2600:1901:0:524c::
-
70 B 133 B 1 1
DNS Request
82.90.14.23.in-addr.arpa
-
82 B 98 B 1 1
DNS Request
prod.ads.prod.webservices.mozgcp.net
DNS Response
34.117.188.166
-
68 B 116 B 1 1
DNS Request
shavar.prod.mozaws.net
DNS Response
35.164.250.14944.233.67.7854.188.201.143
-
70 B 86 B 1 1
DNS Request
autopush.prod.mozaws.net
DNS Response
34.107.243.93
-
82 B 175 B 1 1
DNS Request
prod.ads.prod.webservices.mozgcp.net
-
70 B 155 B 1 1
DNS Request
autopush.prod.mozaws.net
-
68 B 153 B 1 1
DNS Request
shavar.prod.mozaws.net
-
94 B 110 B 1 1
DNS Request
prod.remote-settings.prod.webservices.mozgcp.net
DNS Response
34.149.100.209
-
94 B 187 B 1 1
DNS Request
prod.remote-settings.prod.webservices.mozgcp.net
-
56 B 72 B 1 1
DNS Request
angusj.com
DNS Response
203.170.87.121
-
56 B 84 B 1 1
DNS Request
angusj.com
DNS Response
2404:8280:a222:bbbb:bba1:7:ffff:ffff
-
73 B 137 B 1 1
DNS Request
149.250.164.35.in-addr.arpa
-
73 B 119 B 1 1
DNS Request
121.87.170.203.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
71.31.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\activity-stream.discovery_stream.json.tmp
Filesize24KB
MD50dde86cb559d24d2abb38a5338b8d0ca
SHA1dfbb1b537c0e019757716797b552c571d03f215f
SHA25670df25cae1031c34845b7446d76d4b651939dfb59c0aba59e31ab35969f55f76
SHA51297d5aa124ba71160384452aacd51904591c180e5129fd57f5bfb423df550cf32df9f7ee503ee2f741201ed26cefa9a64f5986a7b88e2d1310afae76c28d2273b
-
Filesize
7KB
MD5da4217e7e1212dbd974c37103b0f082d
SHA13434e728a9ac81003dc2ecdf1e613f6ee696cfef
SHA256ace32d47a3d2d0c3576bcbd8f7c54abdf30895f40962bed98ffea904afe75a43
SHA512b55a165a0df7f592e8b1cc0f1c64945f1896fbe901ba744af70cc58a5090bc90bbf28418efbadcc6d24af6a9704218aa3ab7d3b1eed0eb860b8810718b825006