Analysis Overview
Threat Level: Likely benign
The file https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-03 10:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 10:05
Reported
2024-05-03 10:08
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.0.2004501129\28636244" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1756 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8299ff6e-e566-4363-8786-271856e3a090} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 1856 1b03560ad58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.1.1607760302\778467792" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd470b58-17b9-4b48-88fe-148dbbf4797f} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 2452 1b021395f58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.2.463522009\731430332" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 2932 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46aee479-7f8d-4919-a2f7-bed213bf6c8e} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3000 1b038537258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.3.1136273078\1133421593" -childID 2 -isForBrowser -prefsHandle 3840 -prefMapHandle 3836 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baf9077d-2cda-4130-802f-aa893880af4b} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3852 1b03a10cd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.4.243507073\1209541025" -childID 3 -isForBrowser -prefsHandle 5104 -prefMapHandle 5096 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c125d14d-7871-41fd-9387-010b1174da3e} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 5116 1b03be3c658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.5.824497417\1192464205" -childID 4 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbc8d7a6-9035-4c73-acff-7dedacdd2c92} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 5252 1b03be3cc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.6.444379946\1415634128" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89d24bac-07de-46d6-a923-ce946358c917} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 5444 1b03c3f1258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.7.940121466\1840708891" -childID 6 -isForBrowser -prefsHandle 3180 -prefMapHandle 5788 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eff0ef0-9678-4d0b-b87d-8641bae037b6} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 5300 1b03caab658 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:54882 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | action.azurecomm.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | cosmic-eastus-ns-54bf029fbc75.trafficmanager.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 20.85.207.172:443 | cosmic-eastus-ns-54bf029fbc75.trafficmanager.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | cosmic-eastus-ns-54bf029fbc75.trafficmanager.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 44.233.67.78:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 172.207.85.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.67.233.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | techcommunity.microsoft.com | udp |
| N/A | 127.0.0.1:54888 | tcp | |
| BE | 104.68.75.132:443 | techcommunity.microsoft.com | tcp |
| US | 8.8.8.8:53 | e8318.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e8318.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.75.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | assets.onestore.ms | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 2.16.43.238:443 | static2.sharepointonline.com | tcp |
| NL | 2.16.43.238:443 | static2.sharepointonline.com | tcp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | e13287.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.fb-t-msedge.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| NL | 88.221.70.210:443 | assets.onestore.ms | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | e13287.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cs22.wpc.v0cdn.net | udp |
| US | 8.8.8.8:53 | e10583.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | cs22.wpc.v0cdn.net | udp |
| US | 8.8.8.8:53 | e10583.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.43.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.70.221.88.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 184.30.250.70:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e13678.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 70.250.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.27:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.27:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdwus21.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus21.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
| US | 184.30.249.239:80 | e11290.dspg.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdfrc01.francecentral.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdfrc01.francecentral.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 20.114.190.119:443 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus18.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 20.114.190.119:443 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 20.114.190.119:443 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | techcommunity.microsoft.com | udp |
| BE | 104.68.75.132:443 | techcommunity.microsoft.com | tcp |
| US | 8.8.8.8:53 | e8318.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e8318.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.techcommunity.microsoft.com | udp |
| US | 13.107.253.64:443 | cdn.techcommunity.microsoft.com | tcp |
| US | 8.8.8.8:53 | part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.fb-t-msedge.net | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 69807f635cd8284432f51404acd64d06 |
| SHA1 | 60998c52476d63b05d0199b026a28fd92aa67a25 |
| SHA256 | 9586e7743c4b51a39bea20f2f9b1fe68c40785a3e22d00670089e36ab4ec9f16 |
| SHA512 | b57b6842247eab566c708acc63a8dbb7c95e4930f175bd8e9c7adb5f679d775d0f4c4da81b9fa244bacc813a5738a2a7777ea7c6d9647ba030dd609f241a7c04 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | dac66269cc79561fb2d85cc85f678be6 |
| SHA1 | 636c1c32c6b63df69b37e3da4c3d48c688262eaa |
| SHA256 | 45bb93567bc4ff755127c21cdb0d90400fc4e4504c3eba66cbc18de55298fd4d |
| SHA512 | 1431116d73a7455f42ffae4ecfef55cda395658488f64827fda24e6fdf3da047b8cccb4830e46b91c8f681d569b9b0e0a336a49fa515f109d1fa4826d1fc4e8c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs.js
| MD5 | 8027ca8b4256a39db5dfd30687c71884 |
| SHA1 | a050be04afe191149bc90516e8f41af7330a89a3 |
| SHA256 | 0f608056aa69a9eeb331b54ab5cc517987e1ac243dfd9030b6af7ea56fbc1dcf |
| SHA512 | 4a6c6b63f81623909b02885046b50dbdc8b4706be21d893bafddc3ec0ba10e01720136c3af493962d11cd67e521b05b61be80510bc8fdd0840aa9af88c0cccc0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a05ca07d19b82c75ab5f59a03fa1e18d |
| SHA1 | 0c1852928516ce145935fb5f26f39d2d70912187 |
| SHA256 | a15ef01d75c1c47457d84aff0514851434a208a1e852120be59bd2320d4486d5 |
| SHA512 | 26f5e3c7441b84257480ed48e76583c787f6ba7eb9819893b652fa2fff09d3ae5c0479c81d5075bfcc8d324b837b94516fe7ffa33a3e920daa508f24a9b6fea3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
| MD5 | 27d79b9d9b796f8995ff1f6f2e7b4781 |
| SHA1 | 2ca4f92b416b962590340bd0c9e77a5a4799f949 |
| SHA256 | 6d55a1c2cd14b24f730a6cea22a2fc886944a7e9f8a23589a99789079fd018d1 |
| SHA512 | 7b3dd2fa8d1178c088ff7ecd8a258416772a4d0f9f99c2781c9df39e068eaa71daeba7609d1f783b07e936e10281992f79288066c72659fe344d7125cc308592 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs-1.js
| MD5 | c8679d26c59f392c77f78c1ced094b17 |
| SHA1 | 528ed2d82de2e36175a4a628e18e5caf19159c25 |
| SHA256 | a7d601297f2142fd1a3b0f45819c1320cd940a4fb2c808a932812b0f7b95e362 |
| SHA512 | daf54b63cc3986a95c0481eba6bf4cec73a4136b56689576de9ad9a30ba16e3b2c9c10438b2a318b2c587492731364239c5a7b3336e861c777cf312d21779694 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs-1.js
| MD5 | f56c436c934e2c7ca0b3013d6d5c8b85 |
| SHA1 | c5de16e093a2a799cc5d29db301a913e873448c0 |
| SHA256 | 73080b912e41c5f4fc04e8392c70a8fea2d542fee8b52620c347c085f10635eb |
| SHA512 | ad3e4a323ea30c61594e3ee066468cea8f8d4b5f07e0cf42af4a262f60ed5a836c009f18d2e6f9232dd2247cef95b067e9b6014d83f3320e40f37eb19842a2dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8f12e56b2abd2e866dd42bd580bf3be1 |
| SHA1 | d4c7858eedf242dd53b381c5878053246320e103 |
| SHA256 | 4b5a58d8579a50274b84c7c1fa4297e0179f38e3a92ee58ac8df8257f5bafb09 |
| SHA512 | 2dd7debdff385a1c1fea694100be07f28539f3ba008cfac70db6a5e3065252d9a870b86ed29c8ce134bc2c32cb223911ec78ecb4922c16e46f4556a75e6bcdf6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9113509ea74a05fe5a4e344e565d3c1c |
| SHA1 | 1fcb638ca0ee5b4c08f1a1439b5b726a161a16e0 |
| SHA256 | 15452124c1a95a208c824ea75d92a62d2752f3f88c7c1cc88b993326da3f840c |
| SHA512 | 93a712c8aae72fd8beba6066af3d4f8c23e972739974f2c3f2078fe7d21d1b2e1071d7cca7d9087d85470dfce8a8f3d9fc16267acbf6cfdb478bf4dcfc502ff9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1d7b8c09c7e52d349a3cbc426a66917e |
| SHA1 | e0922eac60771ac351195968fb58f628e7bda809 |
| SHA256 | 174d421f688ea80d0c0b974f66d3bf9cbd2676bbf0b77a7164330f3b52c14f02 |
| SHA512 | 2a5f8b3b598684c128d5f5b5b3e94474be5095a8403a22c226c654d84bd5cf3c64b8dfc38bf8254b0e21b67638adfeb748c483897a3381e1d73763ec7ac52e63 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-03 10:05
Reported
2024-05-03 10:08
Platform
win11-20240426-en
Max time kernel
134s
Max time network
143s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.0.983477742\1108528204" -parentBuildID 20230214051806 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e036d57-7238-49a9-b69a-26037f65bd63} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 1872 1fe40c0d758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.1.1231260556\734167428" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d89bc99-0a78-48e0-ae15-1f4c8020082d} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 2420 1fe33f95358 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.2.1198187230\1382792217" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {552e8086-bef8-4ffa-8bc4-941cd1f5de87} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 2944 1fe43b32558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.3.1149072864\1549771809" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b21d3e98-05a2-4388-9d0f-55309bcd9afb} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 3624 1fe46983958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.4.659894982\1259495913" -childID 3 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ffcb51c-47b6-497a-8b9f-f311a709a44d} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5156 1fe48d44c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.5.1539741130\716523000" -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5348 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e5da1e0-3686-441f-9779-8dff4062ce90} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5360 1fe48d44058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.6.1093049815\1099744957" -childID 5 -isForBrowser -prefsHandle 5316 -prefMapHandle 5320 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {734972db-3152-40ff-89c1-ddb530fe8825} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5304 1fe48d44958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.7.326235664\834812838" -childID 6 -isForBrowser -prefsHandle 5756 -prefMapHandle 5840 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1340 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {835fa5e7-66a0-428a-afbc-96eafa8bd7c2} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5852 1fe494d4058 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49742 | tcp | |
| US | 8.8.8.8:53 | action.azurecomm.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 20.85.205.59:443 | action.azurecomm.net | tcp |
| US | 44.239.14.124:443 | shavar.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| BE | 104.68.75.132:443 | e8318.dsca.akamaiedge.net | tcp |
| N/A | 127.0.0.1:49750 | tcp | |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| NL | 2.16.43.238:443 | static2.sharepointonline.com | tcp |
| NL | 2.16.43.238:443 | static2.sharepointonline.com | tcp |
| US | 13.107.246.64:443 | part-0036.t-0009.t-msedge.net | tcp |
| US | 13.107.253.64:443 | part-0036.t-0009.fb-t-msedge.net | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| NL | 88.221.70.210:443 | assets.onestore.ms | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 184.30.250.70:443 | e13678.dscg.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | tcp |
| US | 20.42.65.89:443 | onedscolprdeus11.eastus.cloudapp.azure.com | tcp |
| US | 20.42.65.89:443 | onedscolprdeus11.eastus.cloudapp.azure.com | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| NL | 2.18.121.79:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| BE | 104.68.75.132:443 | e8318.dsca.akamaiedge.net | tcp |
| US | 13.107.246.64:443 | part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 20.114.190.119:443 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3b1psp2h.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 654e055536946c00060a9e7bba260b50 |
| SHA1 | f464ae47f000113aa541c8106bd6736f61c687d2 |
| SHA256 | 270f99870199c22975ac9a14b6122e50a3b744fb09cbd0a1de08d1056c3d6527 |
| SHA512 | c8db6058827040e6ca9fd3aada328a4c8294d3eeb780d5bba65e45176418f9603f476703ec8f33cb14cbec57150094b153349301f1e4b6ee848a7c3f49c7a011 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3b1psp2h.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | cb05d8dd76b3e7852ffa5d70838f8aa5 |
| SHA1 | e5ee1ff239b63dc9a8674277ffc1a42df6baf696 |
| SHA256 | 9306a4fffd936b35ef89b94fce813c81e0d5ed65632485fd025eb0ecaf22fc35 |
| SHA512 | 4c9ccfefbcb8e0a6c51a2f693eb189cce4d87532f47416b8e866f8afd4d89f3326e6f8d0a780bb6447a6f9feda03fced647e40e42ae229c6ed34b5e30d53fef8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0470591c6d0f84cd07a3b4abcaca75d7 |
| SHA1 | 5e0b1207d4a5baf558d549983caebaf0d182c9e7 |
| SHA256 | a26654b51729f7e53d8548cb3a45ef72618cb851a5a01b6f2ff36a7c6378358f |
| SHA512 | c7c5098a1cf9e2f67c0389224b9f8d6120ef524e83206f691eaa6cb23491281279de1a03e9afc08a7174cc6bf44a83959d032e3534b2bc4a0294c7b4dd851677 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3b1psp2h.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
| MD5 | 6b7d8ed1d053e1f115a8c901d4d2ea58 |
| SHA1 | 9baa36e2c8f311d55cfd6e751513dbb11df7712f |
| SHA256 | 22b4c7352b4e30a04d12f330a195243dc78557d5877435521341dc0edc611133 |
| SHA512 | 1e10a2cfcc6d1154661bfc2622bb2503f74cc0dbca4564b1858fbc709ae14ef01c9939bed5799be850adbb5c3b7311fc36db36a2090274552016a9a835ecb3d4 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs-1.js
| MD5 | d22d41da8e5278c872a6ee80715c999c |
| SHA1 | ceaf164e6389c6dd7201b08ebb3b67421a10ce78 |
| SHA256 | 032c166bfba94810689b92d5d2bfe25de4ad5a203aa743d088ae3ca58e41dd30 |
| SHA512 | a45bd06df86bb5441fff2c1bd69a35e2f2358103fd0d707aeebfd592e1211bae713f984fa7ee4fe9e2e92150ee8ab4a9446bdf48dc4ce5b6688d417bc57999ea |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs.js
| MD5 | 89d53dfe9d246b17fa6649a1cd6e3949 |
| SHA1 | 8f5c77c5d1af26503a0e0df93941171e61e09627 |
| SHA256 | c2841837df2583bfa47139a789dff6ad1580977a531e7e8b6602f4a6498902fc |
| SHA512 | 8113d8fa8c149a84a4cb6dd363510a966b79f4d90e08fc0a4b9970dd863312c8b4656b394acebb4c345188ffacd616b1cb665428a745682d3e4b48d89293667d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1332229e4092af1594f0ea3a03141bee |
| SHA1 | c4a24fda0a0569eaee90c85b1b90ee5a764de601 |
| SHA256 | e08d8fe805d3ca0e471d15d421442a000ce276942f6260e3ebc438ee46bff585 |
| SHA512 | 2b21923f92964b5bb2fd815dd5aaf948ffcea1be6486b2f2da374e2fa5c58acbbd68804017e7899dc8b5051cb6e6420db792556e544fa779c9e4b3a1a014807c |