Malware Analysis Report

2025-04-14 02:38

Sample ID 240601-t4rafahd96
Target https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RiVHMwdjlYLVRDcTdZVkRVTGxocnhqc2NQd3xBQ3Jtc0tsdUtGUS1SNVE5a192WEg5YUVUZUpIWjh6Ry1YT3RZSnN3RnRTenVtNWxVSGxFN2VYbGN5VWFOVW53aDdiTmplUDdNWVdSRTBnenBWTWtPZEtMQkdHMlhQVi1SUHZIZGFvTHpqdktjTkpaVzkxRW5zQQ&q=http%3A%2F%2Fwww.miniurls.co%2FBhUKb&v=MSLzrILy5GY
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RiVHMwdjlYLVRDcTdZVkRVTGxocnhqc2NQd3xBQ3Jtc0tsdUtGUS1SNVE5a192WEg5YUVUZUpIWjh6Ry1YT3RZSnN3RnRTenVtNWxVSGxFN2VYbGN5VWFOVW53aDdiTmplUDdNWVdSRTBnenBWTWtPZEtMQkdHMlhQVi1SUHZIZGFvTHpqdktjTkpaVzkxRW5zQQ&q=http%3A%2F%2Fwww.miniurls.co%2FBhUKb&v=MSLzrILy5GY was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 16:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 16:36

Reported

2024-06-03 08:03

Platform

win10-20240404-en

Max time kernel

1513s

Max time network

1608s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RiVHMwdjlYLVRDcTdZVkRVTGxocnhqc2NQd3xBQ3Jtc0tsdUtGUS1SNVE5a192WEg5YUVUZUpIWjh6Ry1YT3RZSnN3RnRTenVtNWxVSGxFN2VYbGN5VWFOVW53aDdiTmplUDdNWVdSRTBnenBWTWtPZEtMQkdHMlhQVi1SUHZIZGFvTHpqdktjTkpaVzkxRW5zQQ&q=http%3A%2F%2Fwww.miniurls.co%2FBhUKb&v=MSLzrILy5GY"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4388 wrote to memory of 3164 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3164 wrote to memory of 620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RiVHMwdjlYLVRDcTdZVkRVTGxocnhqc2NQd3xBQ3Jtc0tsdUtGUS1SNVE5a192WEg5YUVUZUpIWjh6Ry1YT3RZSnN3RnRTenVtNWxVSGxFN2VYbGN5VWFOVW53aDdiTmplUDdNWVdSRTBnenBWTWtPZEtMQkdHMlhQVi1SUHZIZGFvTHpqdktjTkpaVzkxRW5zQQ&q=http%3A%2F%2Fwww.miniurls.co%2FBhUKb&v=MSLzrILy5GY"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RiVHMwdjlYLVRDcTdZVkRVTGxocnhqc2NQd3xBQ3Jtc0tsdUtGUS1SNVE5a192WEg5YUVUZUpIWjh6Ry1YT3RZSnN3RnRTenVtNWxVSGxFN2VYbGN5VWFOVW53aDdiTmplUDdNWVdSRTBnenBWTWtPZEtMQkdHMlhQVi1SUHZIZGFvTHpqdktjTkpaVzkxRW5zQQ&q=http%3A%2F%2Fwww.miniurls.co%2FBhUKb&v=MSLzrILy5GY

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.0.1302320106\83026332" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75c399b5-22ee-4036-9a85-c4a8f61d6a8d} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 1792 1de4b9d3858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.1.600790146\29716925" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63ef30df-5293-43b0-956d-3baeaedefbb8} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 2168 1de4b8e6058 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.2.151615716\149195525" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b8baf09-7941-4a33-99cc-b2c5ee46e7d3} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 2824 1de4f9d5e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.3.1133780431\1987431678" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3456 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1726f6dc-69cb-498e-a5fd-63ec87c464f3} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 3472 1de50aea458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.4.817719823\1722382706" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4960 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5b299e5-1f64-433b-8396-50a2956f3b8f} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 4972 1de51d5b958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.5.736213381\851940088" -childID 4 -isForBrowser -prefsHandle 4292 -prefMapHandle 4844 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {322adff0-2106-47a7-8b7d-a502ef82235f} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 4868 1de51d59258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.6.1511929968\1859852199" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1121e87a-1c45-4627-9cce-7681a206fc26} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 5232 1de51d59858 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49765 tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 44.230.111.112:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
N/A 127.0.0.1:49772 tcp
US 8.8.8.8:53 112.111.230.44.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 233.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.166.253.131:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 131.253.166.35.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\88a9257b-43dc-40c7-91b6-30c07ad4d02f

MD5 8577aff8e58f2ae81dc84d5f5b04ff18
SHA1 535306610d591bd77e2d91853a26967607b85bd8
SHA256 2c6e4caa4d358390f8f079d8b19a3f8265e607e9f572f09915e5c6c110a38510
SHA512 737d3e2ca2f9040692c816657089b23046a695571a380b15dde623c7a156d2de85d215f8abb71ee403f643a372583fb5d8e13992b8a4b797d23e704b413707a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\21da55c8-f8e8-4995-960b-b6e3938d421e

MD5 ed1ad214f15eb12d9bbf87d97287379f
SHA1 5bfd4e6037537e1fd06ac777937387b42cf85e0d
SHA256 57c5639c02e35012b163d68c570a58e94de657a18b5cf641745378a7a7965ddf
SHA512 dcb79fb1694c9bacc65dd8383440ceb16f9f9aa4afe01dd2b765815c0cfcb812e91faeae9bebe5f26247e477435f04462f34e38061bc2f2331d5be8e7a79d205

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 d3a74e05c31d89878c8150283b56b5eb
SHA1 18d19658cdcdda08df29c758025d4e3d1eb6ec94
SHA256 0bd22a45b8ffaf4fbce73d45413877be182efbc5f2286767b9fa3231c1003fc7
SHA512 f6e51d6d50db5a254a83554ee51da02ce052dff0227b0dbf541c45248b2d4e66c7dcf71ec48d6cfd4969bff8180e8cba882e21245abc0b304c029240c0936f68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a4627d94b477e3f653435fcf27e2663d
SHA1 d5dc31c0165277e469d92453c556786995e2800d
SHA256 7c1ea6cee0386d6af3cb7523167c2b880592657ceacc4e56edbc2394575c5c69
SHA512 7619d8f8f790c6b47faa75eb3f834640fe6ab684209f2eeb6eff26017c7ebb44972018463bb15d0e7955bed5bde4ebff809754b3c2057d7749bafe82dbe48455

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 25f2fde436fbe2d3c50b23b6dfc211ca
SHA1 fb48bca66d7ac6271c365ffa3ac913664529acae
SHA256 a9aba6aa1be260762fef09cbf85bae4e0ed5ed80dc01a678e9dfcbfc96e8f2d0
SHA512 d10d735e285801cfaf81f8a4d972054b8f87d9568cec293d767aa0f3b4cf019504d88a4e7adfd4f04a385aecc81b3a8febbf1f76380221c05e03a1ea11707052

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c99320c642ef87c1b23e4705b9037af4
SHA1 8b35d555c3b92268f295b13a3b804713a20df511
SHA256 c7a31494cfa2ba39f5a4700683524990adefd7911a99ea61a36246e867800825
SHA512 b095f2ab365a52590ce51c6b64cf534a63aac32d2ca8ac5a6511227c65abfd4ada2c75bcd226416ee6adee04f3fa3b3300352ff92489b4e45e841bd5b5b6874e

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 5e6168c9b97bea4e1a5a8119a6734b02
SHA1 3ed7ea3b048557ea3d2b28d06f2feae9f2a9134b
SHA256 398597e3671c8c754ae91667236b305adc1bef2e0fd249765eb6b2688c5d1c76
SHA512 0a008a3dc6e2a6c78eaea4ac1ea0da4866730eb41110d64a2393a2191470340d1a6d2888203e096c0a09bc478597f77c488e1890931ddbd4a0293e42fc4f940a

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 3fba2d80c9ab293ebc3f56e9cfb699f8
SHA1 fe0085b1c740ce6831bbfe2ee4a2dbab356a4cf1
SHA256 4008a624d348ed1fc6ece3595ea0b567cce1ad25c4d890baa474aefa263b51a9
SHA512 3deb00e13e6777b65f84d304444f01145313716623bc9565849ff4cbc9473457eb20c8d0cc0424f2b8316c0e4c57136ab6505929ea7814db665b6ef685e865a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 26d59d6ea01c0d5b89a2f397aa7805df
SHA1 57791d140717dd725659cc5edfd4abb9308d5cac
SHA256 4cb12dd12a9b53e194abe33bd1eb39bca066d22aea5f8da6b8fbabaa3f2df1fd
SHA512 c4266f370e47b1aab0a537dc3f8f1e0fa5467a9ee5ce91cfcf32cdec5b8b65eda25345a05a1da5c0ef04387114ff5b991d07dba9872b8244553e10fa5cb50f15

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\addonStartup.json.lz4

MD5 c50432940b22108ca8696728f0576492
SHA1 7231e99b36152013757d372cff7f0699bb63ced7
SHA256 45d9643f0c530e4190136f7bb1a59b8c39042a79503217d31c292bca4b64a595
SHA512 2cdaad9d449605c4d394efd089149ae5681494aad3376b833825d56df8c661b43b0caaf7edee87868552e41f4dc01d6bef0f5a89abcaba4a57a9ce16def320a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\targeting.snapshot.json

MD5 d765fe679d18dd762afb70d0a953a9de
SHA1 0d96e030cff8f6d5a421ac9973a52176248c525a
SHA256 43f5756a48661641638577cb3caf6c13eef607a55c3559a605de5a4bd94c5d91
SHA512 1a6294231ce72f770380f80ae83ec884679e7845587c5ac639f4b6ac5fc82325ca2c557c4d745dc7fef203ca55e4919266dcf3ca527db4545694d2041d14e412

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\bookmarkbackups\bookmarks-2024-06-03_11_ynjabA+xcPNHPZU1gEyrew==.jsonlz4

MD5 bc3030c50bf86982219a2ef0685a4342
SHA1 f5959d9850ba5f1b0e7ac71cfa35550c0dfb6c85
SHA256 5e38cdcb2dda5e8038815eb31f05ec6bf9d4db0718af6443aa4247fb70d888d6
SHA512 7970c02c7a335c3b1ae73f9363fd3282f495ddb8238947af59828eca4c52345e5ed2801e2b766b86d13f1fd784629ea86dba711711cc0760fcd579e11c0dae8b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 36293662d550305465a83ec82b06f1f8
SHA1 6b9002506396b6461869ec8bbf395309fce8362e
SHA256 f55918ba7f0850983c9104b99933fe88763b29a56d16da50fdc9536383b49a84
SHA512 9d5dfe0e30a0b0f01a2b9af80411816eaaf2e1dbfa31c829f3fdd900b47424cefa5f3ef2239c9c1c5e19f8cbf539e9ad95f9ce0fedce7150651e6dd8657bf04c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\25017

MD5 79c9ad3dfcae6dee4c66628d85ec6de5
SHA1 3ca38b4b501eb2a4f9cdf3d7e71ae0f9bf5456b0
SHA256 22e4a0da439257f521af22dfda1997c1418d88c5f73917ee2be3cc425d4690b5
SHA512 b208600d649696fe094f02821269b67f6b15fd03a24766b35bd365fb506b6e54ee5ba10ce023c661195db060920e24fdb3900a583a880586dc540f84c661fa1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 03e360185f65fadb4d456b077ace703a
SHA1 3822b07d99a4e9eaf3159bc95d553ee4690d2d1e
SHA256 cc75f1094f059adda20a55440063e464d8dbdd27e69508b7d6d7e4dd1bfeded9
SHA512 9838bd306674158ef9a69f381eb80199bb0e1da6a90762c18e216b64f32d3a697c8ec62474a62f6e16d1d02dfe54c2ca9681c941f1388663b70231a19911b8e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\11995

MD5 ac374d098ea88db886962938351c7404
SHA1 82cf61d75717b8350af4a825c03df39933e7c940
SHA256 8c65a9419455a59b4c90cfff60e85bc0ad196a1ff537462dc5d845084a2fb218
SHA512 e7d32d95d3a256e376968620bf23a82061e0b186089164f7e8842d765ef6203d35c440c50f3afc0d4577fe5a42ec3e4ea7b9eb36a364f89cdb0416d26b11098c