Malware Analysis Report

2025-01-19 03:49

Sample ID 230517-lavrrsee26
Target https://bafybeig7mxs5e3ond7rnzglxgcrctzlr2uibrvxicray7cieg5fpvngjo4.ipfs.dweb.link/ddoonnvpl.html#[email protected]
Tags
phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://bafybeig7mxs5e3ond7rnzglxgcrctzlr2uibrvxicray7cieg5fpvngjo4.ipfs.dweb.link/ddoonnvpl.html#[email protected] was found to be: Known bad.

Malicious Activity Summary

phishing

A potential corporate email address has been identified in the URL: [email protected]

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-05-17 09:20

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-17 09:20

Reported

2023-05-17 09:21

Platform

win10v2004-20230220-en

Max time kernel

45s

Max time network

48s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" https://bafybeig7mxs5e3ond7rnzglxgcrctzlr2uibrvxicray7cieg5fpvngjo4.ipfs.dweb.link/ddoonnvpl.html#[email protected]

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 1704 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 4560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 4560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1704 wrote to memory of 4560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://bafybeig7mxs5e3ond7rnzglxgcrctzlr2uibrvxicray7cieg5fpvngjo4.ipfs.dweb.link/ddoonnvpl.html#[email protected]

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://bafybeig7mxs5e3ond7rnzglxgcrctzlr2uibrvxicray7cieg5fpvngjo4.ipfs.dweb.link/ddoonnvpl.html#[email protected]

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.0.721444818\540626723" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7406e82-f4f8-43d5-a543-340689ad39ac} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 1916 174b63fcc58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.1.1479228816\391343148" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c1324a5-b9dc-47d5-bfed-7b5fcd800f9d} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 2424 174a9577e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.2.849751106\1204071053" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 3052 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b87769a-0e0e-4aa3-92f2-07a17975ceb1} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 2936 174ba1fbb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.3.291193630\1902996905" -childID 2 -isForBrowser -prefsHandle 4012 -prefMapHandle 4008 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac974729-d1f5-446a-9645-8bc89fe38a08} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 4024 174ba832e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.4.802571807\1184923392" -childID 3 -isForBrowser -prefsHandle 4920 -prefMapHandle 4908 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3390f8c0-db28-4320-8bda-9ab655a0a01b} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 4928 174bd110d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.5.1974045527\1878639090" -childID 4 -isForBrowser -prefsHandle 5032 -prefMapHandle 5040 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e02d0270-bdd4-4417-8497-be975d0eea4e} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 4932 174bd47b858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.6.955623179\1302900830" -childID 5 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df0222f7-3507-4571-bb24-63ecc6117f1d} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 5080 174bd47eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1704.7.1687998393\1006881932" -childID 6 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d14ec47-db94-43ee-a5a3-de6ca26230ff} 1704 "\\.\pipe\gecko-crash-server-pipe.1704" 3020 174bc8cfe58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 84.150.43.20.in-addr.arpa udp
N/A 127.0.0.1:49746 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 127.0.0.1:49757 tcp
US 8.8.8.8:53 bafybeig7mxs5e3ond7rnzglxgcrctzlr2uibrvxicray7cieg5fpvngjo4.ipfs.dweb.link udp
US 209.94.90.1:443 bafybeig7mxs5e3ond7rnzglxgcrctzlr2uibrvxicray7cieg5fpvngjo4.ipfs.dweb.link tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 bafybeig7mxs5e3ond7rnzglxgcrctzlr2uibrvxicray7cieg5fpvngjo4.ipfs.dweb.link udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 bafybeig7mxs5e3ond7rnzglxgcrctzlr2uibrvxicray7cieg5fpvngjo4.ipfs.dweb.link udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 52.88.229.135:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 1.90.94.209.in-addr.arpa udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 209.100.149.34.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 135.229.88.52.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 aquadream.rs udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
NL 172.217.168.202:443 ajax.googleapis.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
RS 185.102.77.43:443 aquadream.rs tcp
RS 185.102.77.43:443 aquadream.rs tcp
US 8.8.8.8:53 aquadream.rs udp
US 8.8.8.8:53 aquadream.rs udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
NL 172.217.168.202:443 ajax.googleapis.com udp
US 8.8.8.8:53 logo.clearbit.com udp
US 8.8.8.8:53 image.thum.io udp
NL 52.222.139.117:443 logo.clearbit.com tcp
US 8.8.8.8:53 d26p066pn2w0s0.cloudfront.net udp
NL 13.227.219.108:443 image.thum.io tcp
US 8.8.8.8:53 image.thum.io udp
US 8.8.8.8:53 d26p066pn2w0s0.cloudfront.net udp
US 8.8.8.8:53 image.thum.io udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 43.77.102.185.in-addr.arpa udp
US 8.8.8.8:53 117.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 108.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
FR 23.72.248.219:443 assets.msn.com tcp
US 8.8.8.8:53 219.248.72.23.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
RS 185.102.77.43:443 aquadream.rs tcp
US 8.8.8.8:53 aquadream.rs udp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 aquadream.rs udp
RS 185.102.77.43:443 aquadream.rs tcp
US 8.8.8.8:53 ipfs.io udp
US 209.94.90.1:443 ipfs.io tcp
US 8.8.8.8:53 ipfs.io udp
US 8.8.8.8:53 ipfs.io udp
US 8.8.8.8:53 orlmilicevic.rs udp
RS 195.252.110.174:443 orlmilicevic.rs tcp
US 8.8.8.8:53 orlmilicevic.rs udp
US 8.8.8.8:53 ipfs.tech udp
US 8.8.8.8:53 orlmilicevic.rs udp
US 8.8.8.8:53 ipfs.tech udp
NL 84.17.46.53:443 ipfs.tech tcp
US 8.8.8.8:53 ipfs.tech udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 174.110.252.195.in-addr.arpa udp
US 8.8.8.8:53 53.46.17.84.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js

MD5 1984b45f201f1fd79d2154406648433b
SHA1 42f082dc6d4d43333688690bf4dfa7c7f8b618ab
SHA256 000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9
SHA512 e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp

MD5 c8d9b8cceb44db88642dc9c5b06bf92c
SHA1 1b135e795f053f7716e340cb4dac4a42bc146a55
SHA256 6d80650836052c40f97544f32056a87d1d34ac040537b84c8c5c0104995f1436
SHA512 319fb0e17d014f8fb0c38c419a08036c346b2394bfdd02b6b6f9205cd2eb910b74fbdc6670e1e4a7351c1b1be1207532fe3be30c96a40dc524374deb8bc017dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 379c9429758466a324fbbaa9b4d18d0e
SHA1 2a43f5dcaf3abd14ecf1c24b43c450afe5db179c
SHA256 b5cd3b66713a6082e218dfba592745cde63e86159ee9af57dee831c086c04b5d
SHA512 0df2e9f1590524674a1403d4ab3ccc67eb3a74127560dc17530aa4d571332702607d1d90086a4e79b5ba01dc557999ab74c667c5a98bfaa5e6ce071b2d183b54

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 eaec8a2ccaaf77ab9864e5a50a24ae4e
SHA1 63fc99df2412ebc5e79c0def932dcf873c3fdc3d
SHA256 1cdfdd7c89485b3f50a81d1d21e6fde814bffbeb87bd0dfd931e9d418258c96c
SHA512 f7f679ec6fd0d51870cefcff56b23380e8e81ef0fe2075eae1faacbcc6f49510e74aad50ed8725fae98e58befa7b74d50582febdb4d1671bdd0ac470e2b77862

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 f95a8a4d013c3c50d475b50229203dbb
SHA1 b931bcb44b6b864ca74a4e273eea031d05b8b729
SHA256 343961cb2f22f94f5835acb5af7731e7d18e8080bc9034818ebf54e60b1439ae
SHA512 3b2c204c35af9f6c990c8e62e31b8e507b3b54541198d1ea13b5de241d6909bee2714972efb7cd038d54b8d83230683323dd4c75591f796877b847c752a76413

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

MD5 1076ec9c7ddc00ffbc5ad1ad87c1a1c0
SHA1 065ebf8a25bd373ae7afb6aac10833aa447bbb70
SHA256 2c94fc0712fed08e08383cf05d46f503ad6721ab3852f216050e3b7697e7ca9c
SHA512 6be71bd5d3c44a962e93dd35b5aaa5b354bc6508dfa9d076453d57d4f8d16fcfa3bdded51d97f3071dde5961d93666c228210760f54c9fda480b260fceb4b181

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 68151522bc0fc10d7cc891ecd1d27527
SHA1 82ea80fd0fde578d14024a2bd2cdd4beada987b6
SHA256 285df67653b3325c4c58aa67548c632039b9da2efa77736a3b09aa10088b2861
SHA512 d84b637f9b8a3b72365a57c2b2e94023ca4a7605f15e678d8014473d5b50d773738465380242798e23d221909a539e4ceec9f7ca90686f083fe01974db856f3a