| URL: | https://public.bn.files.1drv.com/y4mYQr-EzOhsvWIH26zfY6kHwIdaRYe2isLswf0e3-hipRX1hV0UVZtFvMefWm11mSyFoNUhWsp3AuiHVz3FFKHSjv1PN3G3rBxjIYbaaG7SNkkJAVOJLwhzhza8qQ21XSH8bCP-2wmnTtzUrz_XE40w7CAeAcfWd6UHtmTHWfzgYmTHZC9Q8lRyXt8CplnJ3is8Jimr54l2WdwhpewW-0kxLxFJdlBr-7sbRw0t7slg20?access_token=EwAAA61DBAAUzl/nWKUlBg14ZGcybuC4/OHFdfEAAW/WiJAWjYD2gSaypNa8vETC2ThQAZsuRhyyptJRFPwlrYVCwN46e%2bFFrbGZPEG95w8EuFWrkweURuN/BCnlf/IPPBanJmaQ4nXMP1/JnT6uFAz4nUWX7FoW4g/hGvg8OdBfdBFwP6VpwPIHaL4XF4y4TSVx3EeP4mhWNuv1tTrdve%2bRrypvbF8UGRY3IFL4xUBO0fW5b2gdACUFFdmAKIBiAXSgIjRKFd/%2b26h1c5526Ewf4Pzk%2b0Lcrz1vRNJ%2bzfMmeolCSu6rD/a26mHlP7t/wmsvC28YuvTWVg99hWBr/5fMVsdLI0Kc3lOc1kjUCSD0tZFymLW89pmu0xiyd34DZgAACEhbREy/BqQS0AGgvuKB4s6XjIu9T1A1eyDmRb7tAt7D9wDc3kuQdC6kgxsQJ7Sho8tjKAVN%2bNkUmmeJ0Ayph6TbluZfJcDcM6wwQjSvXnvTvPEec3I3o%2b3g9MoMViErtET6hpTXdDnZij6VI9HRugA44AFYhnwJFtmO1lJcWDiI2Mao7IKueHyubIFqxRFlnSDnbnkvozxa3x7yLil%2bsnTBznjVXLPi32uMVH0EHzdXYGazlv41qku5gXxb/pJI60sguNXstyHcwuLWwlqQFEZmtQEHrAqII/4nQJhuhLJ6fquS8nYXzPLNbqnw2toyhkTKZ5aELkl1PuX |
| Full analysis: | https://app.any.run/tasks/54a76438-bdc6-4ba5-b509-810e1c013b41 |
| Verdict: | Malicious activity |
| Analysis date: | September 28, 2020, 19:33:12 |
| OS: | Windows 10 Professional (build: 16299, 32 bit) |
| Indicators: | |
| MD5: | 6DBB55BC075F64EFB67D777816DA3F1B |
| SHA1: | 910830644FEC9C4DC03FB799CC7786BF35BC778E |
| SHA256: | 5EEF81CD8F1109C4C306BD38D795B4DACB515621DB57E3EEBBD7A23B7AF2DC02 |
| SSDEEP: | 24:2K2jPWcoknR2DUzhJw1UkPXeIEkYGSIxlTLs+ksHesM5PZ:aLWlkRkIJRkPupIxlklsHesQ |
MALICIOUS
No malicious indicators.SUSPICIOUS
Creates files in the program directory
- firefox.exe (PID: 2776)
Executed via COM
- RuntimeBroker.exe (PID: 6084)
- MicrosoftEdgeCP.exe (PID: 5024)
- MicrosoftEdgeCP.exe (PID: 5792)
- wuapihost.exe (PID: 5120)
- MicrosoftEdge.exe (PID: 5732)
- browser_broker.exe (PID: 5044)
- MicrosoftEdgeCP.exe (PID: 5288)
- MicrosoftEdgeCP.exe (PID: 4868)
- DllHost.exe (PID: 1788)
- MicrosoftEdgeCP.exe (PID: 5436)
- MicrosoftEdgeCP.exe (PID: 4388)
- MicrosoftEdgeCP.exe (PID: 5284)
- MicrosoftEdgeCP.exe (PID: 5384)
Creates files in the user directory
- RuntimeBroker.exe (PID: 6084)
INFO
Application launched itself
- firefox.exe (PID: 2776)
Creates files in the user directory
- firefox.exe (PID: 2776)
Reads the software policy settings
- MicrosoftEdgeCP.exe (PID: 5024)
- MicrosoftEdgeCP.exe (PID: 4868)
- MicrosoftEdge.exe (PID: 5732)
- browser_broker.exe (PID: 5044)
- MicrosoftEdgeCP.exe (PID: 4388)
- MicrosoftEdgeCP.exe (PID: 5384)
Reads settings of System Certificates
- MicrosoftEdgeCP.exe (PID: 4868)
- MicrosoftEdgeCP.exe (PID: 5024)
- MicrosoftEdge.exe (PID: 5732)
- MicrosoftEdgeCP.exe (PID: 4388)
- MicrosoftEdgeCP.exe (PID: 5384)
Reads CPU info
- firefox.exe (PID: 2776)
Manual execution by user
- notepad.exe (PID: 5612)
Dropped object may contain Bitcoin addresses
- MicrosoftEdge.exe (PID: 5732)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
73
Monitored processes
19
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 380 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.6.1219235602\1309646668" -childID 1 -isForBrowser -prefsHandle 2216 -prefMapHandle 2396 -prefsLen 1 -prefMapSize 181073 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 2572 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | ||||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 65.0.2 Modules
| |||||||||||||||
| 900 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.20.1579777076\1696457236" -childID 3 -isForBrowser -prefsHandle 1560 -prefMapHandle 3016 -prefsLen 1 -prefMapSize 181073 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 3068 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | ||||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 65.0.2 Modules
| |||||||||||||||
| 1584 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.13.2146347839\85844618" -childID 2 -isForBrowser -prefsHandle 2348 -prefMapHandle 2508 -prefsLen 1 -prefMapSize 181073 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 2688 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | ||||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 65.0.2 Modules
| |||||||||||||||
| 1788 | C:\WINDOWS\system32\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251} | C:\WINDOWS\system32\DllHost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 10.0.16299.15 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2628 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.0.2068793324\569294714" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ca100fe7-9efb-4b30-9dae-2d42221607d9}" 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 1424 gpu | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 65.0.2 Modules
| |||||||||||||||
| 2776 | "C:\Program Files\Mozilla Firefox\firefox.exe" "https://public.bn.files.1drv.com/y4mYQr-EzOhsvWIH26zfY6kHwIdaRYe2isLswf0e3-hipRX1hV0UVZtFvMefWm11mSyFoNUhWsp3AuiHVz3FFKHSjv1PN3G3rBxjIYbaaG7SNkkJAVOJLwhzhza8qQ21XSH8bCP-2wmnTtzUrz_XE40w7CAeAcfWd6UHtmTHWfzgYmTHZC9Q8lRyXt8CplnJ3is8Jimr54l2WdwhpewW-0kxLxFJdlBr-7sbRw0t7slg20?access_token=EwAAA61DBAAUzl/nWKUlBg14ZGcybuC4/OHFdfEAAW/WiJAWjYD2gSaypNa8vETC2ThQAZsuRhyyptJRFPwlrYVCwN46e%2bFFrbGZPEG95w8EuFWrkweURuN/BCnlf/IPPBanJmaQ4nXMP1/JnT6uFAz4nUWX7FoW4g/hGvg8OdBfdBFwP6VpwPIHaL4XF4y4TSVx3EeP4mhWNuv1tTrdve%2bRrypvbF8UGRY3IFL4xUBO0fW5b2gdACUFFdmAKIBiAXSgIjRKFd/%2b26h1c5526Ewf4Pzk%2b0Lcrz1vRNJ%2bzfMmeolCSu6rD/a26mHlP7t/wmsvC28YuvTWVg99hWBr/5fMVsdLI0Kc3lOc1kjUCSD0tZFymLW89pmu0xiyd34DZgAACEhbREy/BqQS0AGgvuKB4s6XjIu9T1A1eyDmRb7tAt7D9wDc3kuQdC6kgxsQJ7Sho8tjKAVN%2bNkUmmeJ0Ayph6TbluZfJcDcM6wwQjSvXnvTvPEec3I3o%2b3g9MoMViErtET6hpTXdDnZij6VI9HRugA44AFYhnwJFtmO1lJcWDiI2Mao7IKueHyubIFqxRFlnSDnbnkvozxa3x7yLil%2bsnTBznjVXLPi32uMVH0EHzdXYGazlv41qku5gXxb/pJI60sguNXstyHcwuLWwlqQFEZmtQEHrAqII/4nQJhuhLJ6fquS8nYXzPLNbqnw2toyhkTKZ5aELkl1PuX" | C:\Program Files\Mozilla Firefox\firefox.exe | explorer.exe | ||||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 65.0.2 Modules
| |||||||||||||||
| 4388 | "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Content Process Exit code: 0 Version: 11.00.16299.15 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 4868 | "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Content Process Exit code: 0 Version: 11.00.16299.15 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 5024 | "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Content Process Exit code: 0 Version: 11.00.16299.15 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 5044 | C:\WINDOWS\system32\browser_broker.exe -Embedding | C:\WINDOWS\system32\browser_broker.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Browser_Broker Exit code: 0 Version: 11.00.16299.15 (WinBuild.160101.0800) Modules
| |||||||||||||||
Total events
3 959
Read events
3 480
Write events
470
Delete events
9
Modification events
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus |
| Operation: | write | Name: | CIStatusTimestamp |
Value: 313AF65ECE95D601 | |||
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus |
| Operation: | write | Name: | EnablementState |
Value: 1 | |||
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus |
| Operation: | write | Name: | CIPolicyState |
Value: 1 | |||
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus |
| Operation: | write | Name: | SignaturePolicy |
Value: 02000000 | |||
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\ACGStatus |
| Operation: | write | Name: | ACGPolicyState |
Value: 8 | |||
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\ACGStatus |
| Operation: | write | Name: | DynamicCodePolicy |
Value: 05000000 | |||
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath |
| Operation: | write | Name: | dummySetting |
Value: 1 | |||
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (5732) MicrosoftEdge.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
Executable files
0
Suspicious files
52
Text files
271
Unknown types
42
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\cookies.sqlite-wal | — | |
MD5:— | SHA256:— | |||
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\extensions.json.tmp | — | |
MD5:— | SHA256:— | |||
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\prefs-1.js | — | |
MD5:— | SHA256:— | |||
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\pluginreg.dat.tmp | — | |
MD5:— | SHA256:— | |||
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\sessionCheckpoints.json.tmp | — | |
MD5:— | SHA256:— | |||
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\cert9.db-journal | — | |
MD5:— | SHA256:— | |||
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\key4.db-journal | — | |
MD5:— | SHA256:— | |||
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\addonStartup.json.lz4.tmp | — | |
MD5:— | SHA256:— | |||
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\storage.sqlite-journal | — | |
MD5:— | SHA256:— | |||
| 2776 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymgarh1v.default\compatibility.ini | ini | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
316
TCP/UDP connections
170
DNS requests
110
Threats
2
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2776 | firefox.exe | GET | 404 | 13.107.42.12:443 | https://public.bn.files.1drv.com/y4mYQr-EzOhsvWIH26zfY6kHwIdaRYe2isLswf0e3-hipRX1hV0UVZtFvMefWm11mSyFoNUhWsp3AuiHVz3FFKHSjv1PN3G3rBxjIYbaaG7SNkkJAVOJLwhzhza8qQ21XSH8bCP-2wmnTtzUrz_XE40w7CAeAcfWd6UHtmTHWfzgYmTHZC9Q8lRyXt8CplnJ3is8Jimr54l2WdwhpewW-0kxLxFJdlBr-7sbRw0t7slg20?access_token=EwAAA61DBAAUzl/nWKUlBg14ZGcybuC4/OHFdfEAAW/WiJAWjYD2gSaypNa8vETC2ThQAZsuRhyyptJRFPwlrYVCwN46e%2bFFrbGZPEG95w8EuFWrkweURuN/BCnlf/IPPBanJmaQ4nXMP1/JnT6uFAz4nUWX7FoW4g/hGvg8OdBfdBFwP6VpwPIHaL4XF4y4TSVx3EeP4mhWNuv1tTrdve%2bRrypvbF8UGRY3IFL4xUBO0fW5b2gdACUFFdmAKIBiAXSgIjRKFd/%2b26h1c5526Ewf4Pzk%2b0Lcrz1vRNJ%2bzfMmeolCSu6rD/a26mHlP7t/wmsvC28YuvTWVg99hWBr/5fMVsdLI0Kc3lOc1kjUCSD0tZFymLW89pmu0xiyd34DZgAACEhbREy/BqQS0AGgvuKB4s6XjIu9T1A1eyDmRb7tAt7D9wDc3kuQdC6kgxsQJ7Sho8tjKAVN%2bNkUmmeJ0Ayph6TbluZfJcDcM6wwQjSvXnvTvPEec3I3o%2b3g9MoMViErtET6hpTXdDnZij6VI9HRugA44AFYhnwJFtmO1lJcWDiI2Mao7IKueHyubIFqxRFlnSDnbnkvozxa3x7yLil%2bsnTBznjVXLPi32uMVH0EHzdXYGazlv41qku5gXxb/pJI60sguNXstyHcwuLWwlqQFEZmtQEHrAqII/4nQJhuhLJ6fquS8nYXzPLNbqnw2toyhkTKZ5aELkl1PuX | US | — | — | whitelisted |
2776 | firefox.exe | GET | 404 | 13.107.42.12:443 | https://public.bn.files.1drv.com/y4mYQr-EzOhsvWIH26zfY6kHwIdaRYe2isLswf0e3-hipRX1hV0UVZtFvMefWm11mSyFoNUhWsp3AuiHVz3FFKHSjv1PN3G3rBxjIYbaaG7SNkkJAVOJLwhzhza8qQ21XSH8bCP-2wmnTtzUrz_XE40w7CAeAcfWd6UHtmTHWfzgYmTHZC9Q8lRyXt8CplnJ3is8Jimr54l2WdwhpewW-0kxLxFJdlBr-7sbRw0t7slg20?access_token=EwAAA61DBAAUzl/nWKUlBg14ZGcybuC4/OHFdfEAAW/WiJAWjYD2gSaypNa8vETC2ThQAZsuRhyyptJRFPwlrYVCwN46e%2bFFrbGZPEG95w8EuFWrkweURuN/BCnlf/IPPBanJmaQ4nXMP1/JnT6uFAz4nUWX7FoW4g/hGvg8OdBfdBFwP6VpwPIHaL4XF4y4TSVx3EeP4mhWNuv1tTrdve%2bRrypvbF8UGRY3IFL4xUBO0fW5b2gdACUFFdmAKIBiAXSgIjRKFd/%2b26h1c5526Ewf4Pzk%2b0Lcrz1vRNJ%2bzfMmeolCSu6rD/a26mHlP7t/wmsvC28YuvTWVg99hWBr/5fMVsdLI0Kc3lOc1kjUCSD0tZFymLW89pmu0xiyd34DZgAACEhbREy/BqQS0AGgvuKB4s6XjIu9T1A1eyDmRb7tAt7D9wDc3kuQdC6kgxsQJ7Sho8tjKAVN%2bNkUmmeJ0Ayph6TbluZfJcDcM6wwQjSvXnvTvPEec3I3o%2b3g9MoMViErtET6hpTXdDnZij6VI9HRugA44AFYhnwJFtmO1lJcWDiI2Mao7IKueHyubIFqxRFlnSDnbnkvozxa3x7yLil%2bsnTBznjVXLPi32uMVH0EHzdXYGazlv41qku5gXxb/pJI60sguNXstyHcwuLWwlqQFEZmtQEHrAqII/4nQJhuhLJ6fquS8nYXzPLNbqnw2toyhkTKZ5aELkl1PuX | US | — | — | whitelisted |
2776 | firefox.exe | GET | 302 | 104.108.39.131:443 | https://go.microsoft.com/fwlink/?LinkId=525773 | NL | — | — | whitelisted |
2776 | firefox.exe | GET | 301 | 23.210.249.93:443 | https://www.microsoft.com/edge?form=MA13DO&OCID=MA13DO | NL | — | — | whitelisted |
2776 | firefox.exe | GET | 301 | 23.210.249.93:443 | https://www.microsoft.com/en-us/edge/?form=MA13DO&OCID=MA13DO | NL | — | — | whitelisted |
2776 | firefox.exe | GET | 404 | 13.107.42.12:443 | https://public.bn.files.1drv.com/y4mYQr-EzOhsvWIH26zfY6kHwIdaRYe2isLswf0e3-hipRX1hV0UVZtFvMefWm11mSyFoNUhWsp3AuiHVz3FFKHSjv1PN3G3rBxjIYbaaG7SNkkJAVOJLwhzhza8qQ21XSH8bCP-2wmnTtzUrz_XE40w7CAeAcfWd6UHtmTHWfzgYmTHZC9Q8lRyXt8CplnJ3is8Jimr54l2WdwhpewW-0kxLxFJdlBr-7sbRw0t7slg20?access_token=EwAAA61DBAAUzl/nWKUlBg14ZGcybuC4/OHFdfEAAW/WiJAWjYD2gSaypNa8vETC2ThQAZsuRhyyptJRFPwlrYVCwN46e%2bFFrbGZPEG95w8EuFWrkweURuN/BCnlf/IPPBanJmaQ4nXMP1/JnT6uFAz4nUWX7FoW4g/hGvg8OdBfdBFwP6VpwPIHaL4XF4y4TSVx3EeP4mhWNuv1tTrdve%2bRrypvbF8UGRY3IFL4xUBO0fW5b2gdACUFFdmAKIBiAXSgIjRKFd/%2b26h1c5526Ewf4Pzk%2b0Lcrz1vRNJ%2bzfMmeolCSu6rD/a26mHlP7t/wmsvC28YuvTWVg99hWBr/5fMVsdLI0Kc3lOc1kjUCSD0tZFymLW89pmu0xiyd34DZgAACEhbREy/BqQS0AGgvuKB4s6XjIu9T1A1eyDmRb7tAt7D9wDc3kuQdC6kgxsQJ7Sho8tjKAVN%2bNkUmmeJ0Ayph6TbluZfJcDcM6wwQjSvXnvTvPEec3I3o%2b3g9MoMViErtET6hpTXdDnZij6VI9HRugA44AFYhnwJFtmO1lJcWDiI2Mao7IKueHyubIFqxRFlnSDnbnkvozxa3x7yLil%2bsnTBznjVXLPi32uMVH0EHzdXYGazlv41qku5gXxb/pJI60sguNXstyHcwuLWwlqQFEZmtQEHrAqII/4nQJhuhLJ6fquS8nYXzPLNbqnw2toyhkTKZ5aELkl1PuX | US | — | — | whitelisted |
2776 | firefox.exe | GET | 404 | 13.107.42.12:443 | https://public.bn.files.1drv.com/favicon.ico | US | — | — | whitelisted |
2776 | firefox.exe | GET | 302 | 13.66.39.88:443 | https://microsoftedgetips.microsoft.com/en-us/?source=firstrun | US | html | 160 b | whitelisted |
2776 | firefox.exe | POST | 200 | 40.90.22.184:443 | https://login.live.com/RST2.srf | US | xml | 9.87 Kb | whitelisted |
2776 | firefox.exe | GET | 200 | 104.42.128.171:443 | https://microsoftedgewelcome.microsoft.com/redirect/?source=firstrun | US | html | 2.64 Kb | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 40.90.22.184:443 | login.live.com | Microsoft Corporation | US | malicious |
2776 | firefox.exe | 52.48.84.254:443 | location.services.mozilla.com | Amazon.com, Inc. | IE | unknown |
2776 | firefox.exe | 13.107.42.12:443 | public.bn.files.1drv.com | Microsoft Corporation | US | suspicious |
2776 | firefox.exe | 143.204.201.119:443 | snippets.cdn.mozilla.net | — | US | suspicious |
2776 | firefox.exe | 2.16.177.64:443 | shavar.services.mozilla.com | Akamai International B.V. | — | suspicious |
2776 | firefox.exe | 2.16.177.18:80 | detectportal.firefox.com | Akamai International B.V. | — | unknown |
2776 | firefox.exe | 172.217.18.106:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
1708 | svchost.exe | 2.16.186.74:80 | crl.microsoft.com | Akamai International B.V. | — | whitelisted |
2776 | firefox.exe | 44.239.250.14:443 | incoming.telemetry.mozilla.org | University of California, San Diego | US | unknown |
— | — | 104.108.39.131:443 | go.microsoft.com | Akamai Technologies, Inc. | NL | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
ts-ocsp.ws.symantec.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
login.live.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |
public.bn.files.1drv.com |
| whitelisted |
detectportal.firefox.com |
| whitelisted |
location.services.mozilla.com |
| whitelisted |
locprod1-elb-eu-west-1.prod.mozaws.net |
| whitelisted |
a1089.dscd.akamai.net |
| whitelisted |
l-0003.l-msedge.net |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .cloud TLD |
— | — | Potentially Bad Traffic | ET INFO Observed DNS Query to .cloud TLD |