Play interactive tourEdit tour

Windows Analysis Report
https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098

Overview

General Information

Sample URL:	https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_net
Analysis ID:	1542229

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Stores files to the Windows start menu directory

Classification

×

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Phishing

HTML page contains hidden javascript code

Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098

HTTP Parser: Base64 decoded: auth0|6717c14b810c50bacf3d8642

HTML page is missing a favicon

Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098	HTTP Parser: No favicon
Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098	HTTP Parser: No favicon
Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098	HTTP Parser: No favicon
Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098	HTTP Parser: No favicon
Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098	HTTP Parser: No favicon
Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098	HTTP Parser: No favicon
Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098	HTTP Parser: No favicon
Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098	HTTP Parser: No favicon
Source: https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098	HTTP Parser: No favicon

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.16:60012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:60032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:60062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:60067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:60088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:60089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:60098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60102 version: TLS 1.2

Software Vulnerabilities

Allocates a big amount of memory (probably used for heap spraying)

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 255MB

Networking

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59858 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:59962 -> 1.1.1.1:53

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: wetransfer.com
Source: global traffic	DNS traffic detected: DNS query: cdn.wetransfer.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: tagging.wetransfer.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ekstrom.wetransfer.net
Source: global traffic	DNS traffic detected: DNS query: auth-session-caching.wetransfer.net
Source: global traffic	DNS traffic detected: DNS query: privacy.wetransfer.com
Source: global traffic	DNS traffic detected: DNS query: bsp-proxy.wetransfer.net
Source: global traffic	DNS traffic detected: DNS query: experiments.wetransfer.com
Source: global traffic	DNS traffic detected: DNS query: connect.facebook.net
Source: global traffic	DNS traffic detected: DNS query: s.pinimg.com
Source: global traffic	DNS traffic detected: DNS query: js.adsrvr.org
Source: global traffic	DNS traffic detected: DNS query: c.amazon-adsystem.com
Source: global traffic	DNS traffic detected: DNS query: di.rlcdn.com
Source: global traffic	DNS traffic detected: DNS query: analytics-v2.wetransfer.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: s.amazon-adsystem.com
Source: global traffic	DNS traffic detected: DNS query: ct.pinterest.com
Source: global traffic	DNS traffic detected: DNS query: insight.adsrvr.org
Source: global traffic	DNS traffic detected: DNS query: snowplow.wetransfer.com
Source: global traffic	DNS traffic detected: DNS query: ara.paa-reporting-advertising.amazon
Source: global traffic	DNS traffic detected: DNS query: public.profitwell.com
Source: global traffic	DNS traffic detected: DNS query: api.pico.bendingspoonsapps.com
Source: global traffic	DNS traffic detected: DNS query: match.adsrvr.org
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: e-10220.adzerk.net
Source: global traffic	DNS traffic detected: DNS query: cm.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: pixel.rubiconproject.com
Source: global traffic	DNS traffic detected: DNS query: ib.adnxs.com
Source: global traffic	DNS traffic detected: DNS query: nolan.wetransfer.net
Source: global traffic	DNS traffic detected: DNS query: download.wetransfer.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: boostrapincore.web.app
Source: global traffic	DNS traffic detected: DNS query: www.ouestfrance-immo.com
Source: global traffic	DNS traffic detected: DNS query: www.cfecgc-orange.org
Source: global traffic	DNS traffic detected: DNS query: atmrouhjd.web.app
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: cfecgc-orange.org
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 60036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 59861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 59906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 60083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 59976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 60082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 59884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 59953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 59998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 60035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 59905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 59894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59869
Source: unknown	Network traffic detected: HTTP traffic on port 59871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59990
Source: unknown	Network traffic detected: HTTP traffic on port 60026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59871
Source: unknown	Network traffic detected: HTTP traffic on port 59954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59991
Source: unknown	Network traffic detected: HTTP traffic on port 59977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 60037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 59965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59997
Source: unknown	Network traffic detected: HTTP traffic on port 60093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59881
Source: unknown	Network traffic detected: HTTP traffic on port 60069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 59966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59889
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59891
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59892
Source: unknown	Network traffic detected: HTTP traffic on port 59904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 60014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59898
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 59999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 59949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60015
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60011
Source: unknown	Network traffic detected: HTTP traffic on port 60045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60010
Source: unknown	Network traffic detected: HTTP traffic on port 59961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60016
Source: unknown	Network traffic detected: HTTP traffic on port 60033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60023
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60020
Source: unknown	Network traffic detected: HTTP traffic on port 59938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60028
Source: unknown	Network traffic detected: HTTP traffic on port 59995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60036
Source: unknown	Network traffic detected: HTTP traffic on port 59908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60030
Source: unknown	Network traffic detected: HTTP traffic on port 59927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 60010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 59919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 59950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60051
Source: unknown	Network traffic detected: HTTP traffic on port 60091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 59893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60048
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60045
Source: unknown	Network traffic detected: HTTP traffic on port 60021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60043
Source: unknown	Network traffic detected: HTTP traffic on port 59882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60101
Source: unknown	Network traffic detected: HTTP traffic on port 59907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60105
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60104
Source: unknown	Network traffic detected: HTTP traffic on port 60011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60004
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60003
Source: unknown	Network traffic detected: HTTP traffic on port 59985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60001
Source: unknown	Network traffic detected: HTTP traffic on port 59869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60005
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60096
Source: unknown	Network traffic detected: HTTP traffic on port 59969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60055
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60071
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60066
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60063
Source: unknown	Network traffic detected: HTTP traffic on port 60101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59888 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60083
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60080
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60079
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60074
Source: unknown	Network traffic detected: HTTP traffic on port 59866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60090
Source: unknown	Network traffic detected: HTTP traffic on port 60098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60088
Source: unknown	Network traffic detected: HTTP traffic on port 60019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60085
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59942
Source: unknown	Network traffic detected: HTTP traffic on port 59898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59945
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59944
Source: unknown	Network traffic detected: HTTP traffic on port 60097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59950
Source: unknown	Network traffic detected: HTTP traffic on port 59875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59951
Source: unknown	Network traffic detected: HTTP traffic on port 59990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59953
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59956
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59960
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59963
Source: unknown	Network traffic detected: HTTP traffic on port 60051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60086 -> 443

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.16:60012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:60032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:60062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:60067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:60088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:60089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:60098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:60105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:60102 version: TLS 1.2

System Summary

Classification label

Source: classification engine

Classification label: clean1.win@57/39@191/732

Creates files inside the user directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Creates temporary files

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Temp\firefox

Reads ini files

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Reads software policies

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Runs a DLL by calling functions

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,16463613117862518895,8682049188428861051,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://wetransfer.com/downloads/3483eba9491531b4a13707c3998f130020241025134818/296c73c5e51889d3d64ebe318afe30e020241025134818/2dd380?t_exp=1730123298&t_lsid=1daecd17-3fd5-4a7c-8f4c-088440cc6eb1&t_network=email&t_rid=YXV0aDB8NjcxN2MxNGI4MTBjNTBiYWNmM2Q4NjQy&t_s=download_link&t_ts=1729864098"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,16463613117862518895,8682049188428861051,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4000 --field-trial-handle=1960,i,16463613117862518895,8682049188428861051,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4000 --field-trial-handle=1960,i,16463613117862518895,8682049188428861051,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Temp\Temp1_Rapport notaire.zip\Rapport notaire.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1664 --field-trial-handle=1900,i,2781525558917853610,3035626802647961981,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1664 --field-trial-handle=1900,i,2781525558917853610,3035626802647961981,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\Rapport notaire\Rapport notaire.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1888,i,4477367910323958,1608974770961339021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1888,i,4477367910323958,1608974770961339021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Downloads\Rapport notaire\Rapport notaire.html"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Downloads\Rapport notaire\Rapport notaire.html"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\user\Downloads\Rapport notaire\Rapport notaire.html"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2240 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc59cf60-0a15-4c50-a46a-67b15d9b4387} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" 2094876c910 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4112 -parentBuildID 20230927232528 -prefsHandle 3996 -prefMapHandle 4000 -prefsLen 26265 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9c1a482-c7cc-44e4-8bb9-c652544580f6} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" 2095a8bdb10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2240 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc59cf60-0a15-4c50-a46a-67b15d9b4387} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" 2094876c910 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4112 -parentBuildID 20230927232528 -prefsHandle 3996 -prefMapHandle 4000 -prefsLen 26265 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9c1a482-c7cc-44e4-8bb9-c652544580f6} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" 2095a8bdb10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5508 -prefMapHandle 5504 -prefsLen 33135 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79f97396-28aa-4869-b487-dbeacb0dd82a} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" 20966cf5b10 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5508 -prefMapHandle 5504 -prefsLen 33135 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79f97396-28aa-4869-b487-dbeacb0dd82a} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" 20966cf5b10 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Hooking and other Techniques for Hiding and Protection

Disables application error messsages (SetErrorMode)

Source: C:\Windows\System32\rundll32.exe

Process information set: NOOPENFILEERRORBOX