Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://u.to/lz6rIA was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks memory information
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Checks CPU information
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 01:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 01:51
Reported
2024-06-17 01:55
Platform
win10-20240611-en
Max time kernel
149s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630627718941894" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/lz6rIA
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb8cb9758,0x7ffcb8cb9768,0x7ffcb8cb9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3768 --field-trial-handle=1824,i,3647350202023825071,4759402460129864043,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | u.to | udp |
| RU | 195.216.243.155:443 | u.to | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 216.58.206.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 155.243.216.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 195.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.79.70.13.in-addr.arpa | udp |
Files
\??\pipe\crashpad_32_HGWUPTDHRPXIMQDP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 98044294b0590ea49ed7f9fd72fe5e78 |
| SHA1 | 712aee53a002d89fc42f07d67521cc8b53ca6feb |
| SHA256 | 7cba0499c39d3e7501555957a388886589394ac49c232a94c39b8f60cb97f315 |
| SHA512 | 89f0e4c29dda8eeda0f57f15ab392848fff8fefb2a5ec9e88f10ff6ff074b5053ba2837badda58f29f608e3ab39cf1cf33781ca2689f2d7bf6ed4ca3aafb1988 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e95cad0cc1fed9960211ca4dc44992c6 |
| SHA1 | af9f5bc5dd2f352f37b8e229ba35914e0d9b5af9 |
| SHA256 | ed1b7fdd1abae40a0089ac30e1bba37e6122cdeb77614a1bae35b8190a004aa3 |
| SHA512 | e28a0bc5762cbceaeb7357d21409ca606d5d48a7443726037aaff0c6f79075ba4578c2a050afeb89fab1f120e45445bd1eaebd0d005632e67d9fc20da403a33f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0489a8e878fad6cc7b9f765d0f5bad4c |
| SHA1 | cff7fe08ca8994d49972cfeb66cb67b924b813e1 |
| SHA256 | 55cc9f823e7fe74746a8f3b2df0e430b4483be952da8fb734c73503bc2d2d85b |
| SHA512 | 0d28d91f4f957eb2242f1248df3b07180be2c0f367b49ed75ae4973cfeda8d58cb7596963e28556c1d6e3b8ed6b68e154a07a8a115c60ed50f2212b74036e4a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a15da14e66386c9c599275b27aa4c9e |
| SHA1 | a1520a5f0cf8ca2d38ff073d9842e98ad177069e |
| SHA256 | a284953d92847bd399a222e291a488682e3759946b9d2743cff8c25642c64467 |
| SHA512 | 5c85d31fdf3dd0de7b781639369bd895c0b66d1d0c5bf15e63005cde78e566fafef7add0e821a00a7ba62a589d7e652f6f3ea0d71c030c7de450610e373321d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 73cf87fc8a85939b87c7b900c3aa277f |
| SHA1 | 91d05b34effff61b5e7726df7db4366331a917c7 |
| SHA256 | e175898934ed1a2e66170fd243a746371b55afcd5edf628d8e7547508529c960 |
| SHA512 | ebc4a83e8bbc480c2cb4b70b01d497057f18bfda753c4c2239dda3302bf0c2f61ca9ac617920936c77a6983070c4bcb0fe1b37b3a034009d1df7ee3502a96a02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dcc4223c9764f0254eb9ce83394e4e6a |
| SHA1 | 79ef5d65f26a0354daf558e6b688acc43c246dc7 |
| SHA256 | 9508bad05b6b2b8de144a31231a8a15a35492c14a103adb26a0f9da5fdfc4cac |
| SHA512 | 90091a0029fff94cfd6e660156b89e8fdb75aacb4a7208c14dbe013dee675c1a92b5d69a8fb80d489c6cfc291ca0ef97a8b137bc7b37221928d3a362caa029d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d8c100a142f38cac87ddeb1a71ab3e1c |
| SHA1 | 3386b83b1cff504e9c39d7180bef782aa611bc01 |
| SHA256 | 9fffdf02496cde1bd4cb3e4835912eb938d8b015e3e6feed1a458d093265d19d |
| SHA512 | b29531ccd5a0c1ec285875bbc126db68cbbf04bf94ac37abd526044decf15253c8d3ccc601303eeed60f1921b0cd7a6bb3b0455c5038cab1c19e4030a99e5658 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 872d5f704800be2fa9f9317b98bf5972 |
| SHA1 | b8de6c17988b0c04368d32df32cb30e49aff79e8 |
| SHA256 | d9455bc526d1d770ccfa4e95c6d443c13bf56f2c9c3776b321301b79cd795fbd |
| SHA512 | 100d2423b76ec29fcf9b3dd9a9cd985aae6012bfe5f651eefdd424cd30e19f43582e04c5916d2d21dc9622b901e0aff9eb2ad87c25dce417810883e5a33bfb35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b090126f73db15446dd8998cd0e7fe61 |
| SHA1 | 8f2ca9cf94fab0d8954a68e1c352582d2a6807f2 |
| SHA256 | aab12d81f84e96306e7327436b400762bfecb4e8641190950f04fd36804e4a0a |
| SHA512 | bd86390d5941f60e7e084fda002b6b7380f1d7cdb849bec5eb8f7175c5abe5d48f2f8f322341028a59f2cf31ba7f0a82919cfedc0a0aaaee70fba12b429a4138 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8449646c1aa44972dc2e91ca4dd25831 |
| SHA1 | d6bd17f45ce9b10163e873b31804fdb6e5f4f743 |
| SHA256 | aff45b7cf83a27bc196c9db07d8eca986ffa648c032db6be2694b992292a41a4 |
| SHA512 | 01d35e39e3bd4865df4ee3a7651aea068ff4d41eebf3529f6d357d33a7483ac418eb7c377b9f6e47f322a06f1a410f1d3bd5b66f1574357a67cdcc7708cb557c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4ebde5b97a639272d405fd790540f427 |
| SHA1 | 754f7e67bdddaba673af50307e448a5a8aa0d02e |
| SHA256 | ee270c3c35737f64d65daf950969fa2490436b1c9de6547e22f3755db21015dc |
| SHA512 | a07e9ffdf6118222250723109d9e8468fe5c55b5eebb08060fbe20d94cc762c1fdb51ec1a5824ae0a92565e0c398334c9f028b087dbaf01fbfd6dc0602fccc24 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 01:51
Reported
2024-06-17 01:55
Platform
win11-20240611-en
Max time kernel
149s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630627668630181" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/lz6rIA
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff95a92ab58,0x7ff95a92ab68,0x7ff95a92ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | u.to | udp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| DE | 142.250.184.234:443 | content-autofill.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_4732_MZZRXTAOOTJKSWVY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 01f262842fc0344a96a06897bcffb6aa |
| SHA1 | 2ce367e19d80511e4125358db233cd34360e3532 |
| SHA256 | 85523222397d6ae828aaaf290b09ca9cd4f9ad3e1c9f675c2063d4040d9f14f7 |
| SHA512 | 210d19094ac3b97db40f698990eec786a2ce2afdb2e58b88bcffe220ff13e3e17937bad68e7fce07b8fc662470fa3c480d4afb994c12d352409106a9ee4f1509 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a477e7021c2e12c34b74b9a53afff02a |
| SHA1 | 3434727d30b0f0e98c62b36d2f4967529f4e44f4 |
| SHA256 | d2366801a9bad9a21a2b15aeba6c6f3908503b0dc3490d603041a96e3834c99d |
| SHA512 | 413e23f78b4c352c49bec0b27fa2c73abcca64f8d6f2a00383fb73a8d88f840215f30006c6e85330580aa7abaa27698380fef4a8cfb9f3e582c416e31c8ed39d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 26e2e955833854df92d09268e998b415 |
| SHA1 | bd83642874e325a78830675daf151d49ed0f5bcb |
| SHA256 | 589225cabf4cf5b3b6fdfa39cf1f7cea2c627b9ff8e6e78ff3835fcf28d35692 |
| SHA512 | 792b9a5c7100a176ac1465cf97d6b419875918f347c63b79c388882f8c26c4ec92a6c397a60985cbd961c6dcfbe105cf7e900507c141704835225bd7b6f0f057 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10c4010f19e1eaad07035a3c4ea0eb2c |
| SHA1 | 6aa1f7b7cd4a9d4b9c2a2a98dd78c8f45bc2d948 |
| SHA256 | e0f27b46e31fcd0150a35bb76755f2580c828c2fb48475bd1d21bcb51a55548b |
| SHA512 | 5276ae35bd8d624a1012cbb144f256595c5c69cc62ab58fa4be99cec79daa3ebc0709dfa01019a5d3b732726594f342f17fa41ce4c801faf750e4618e6473822 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5f3acb3b52397baf6b2cafadf46f0b87 |
| SHA1 | 2ef9a497d8b71cda71a6784ab4645f19f5f7a11b |
| SHA256 | 59b2e4cb6be820b96d9085e863b5b81a8bd65c3f671d6ff92144c17393b9d7f2 |
| SHA512 | 92d667b0ae0449c3f028d9b18529107fb73b97b88a25c47d01cffbc73d32d5719801057b4e08c4944fa7938c837d85c2851b4d36b6fe667dc62c38e3543dad66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b44312d97cab0cd5b7e7f99e2179528 |
| SHA1 | 677b15588c457fe968da8815c5d0c03ced0074e3 |
| SHA256 | 0bc6050f39ff645e8159e81cbd26aac0128b16d2b4bc3e0009c653980bc95a47 |
| SHA512 | 63e9c1e8a1ac81965a9243334f64b12970f02ba7e1506b167dbeaa171adee12e11909d7724b00c01400375a1144141fab479491f13038b46c101413179ae0fc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 17cc7f25e443cbd9f4bf2727c606be14 |
| SHA1 | d0960884a1b482c8ef95de0cf06fed0dc8c3c279 |
| SHA256 | 340b9ff1fc57867e94126fd30903e2fff5178bdfdb3cffd709d8003dd6a8471f |
| SHA512 | 312184f5c66d411fc09623a48fe442b6335773523f24a7bd092245e9da2eb7734801828d270fbe66e0f1fa068718a1894d5f0a948963518bbf5ba34ce4a0bf5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 75270e77244769a6563f88c1a480cb2c |
| SHA1 | 67d777c1b8aaf26612bdadf2e6b104c0c1554ec5 |
| SHA256 | c9bbd1f08e58ee7995f403b4e2a1bf795cf8a242bc25593122b56c4485af13b4 |
| SHA512 | e0ae9eb8f06b91fb7c154be8f9a5075418e641f6ecdf7781c241f46bdc1c88d293b0f1992843ad594b12f351f4ad473b501c10eab045c66a9ade80bcdcbfab4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4f212ac00aa566a6d268ed7ca527faa3 |
| SHA1 | 154303a222d0f7039371edeac105f0e099ea3032 |
| SHA256 | 6d91ed9a23e299eac15c371fb70fb419e00af442185c657c034581a2d3f6b919 |
| SHA512 | 7bfd02b402c7ed5f0d39dc4e3e9122d480e77bd9ba4dda0b1b3152aedfa0499904173f37c3936342b8693183b02294d60f43b1814dcf9b3f4b179e039c9e6a35 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-17 01:51
Reported
2024-06-17 01:56
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
167s
Max time network
177s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | udp | |
| BE | 142.251.168.188:5228 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | u.to | udp |
| RU | 195.216.243.155:443 | u.to | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | gmscompliance-pa.googleapis.com | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| US | 1.1.1.1:53 | counter.yadro.ru | udp |
| US | 1.1.1.1:53 | mc.yandex.ru | udp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| US | 1.1.1.1:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| GB | 172.217.169.68:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 216.58.212.202:443 | gmscompliance-pa.googleapis.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 216.58.201.106:443 | remoteprovisioning.googleapis.com | tcp |
| GB | 142.250.179.238:443 | translate.google.com | tcp |
| GB | 142.250.200.42:443 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.204.67:443 | udp | |
| GB | 142.250.179.238:443 | udp | |
| GB | 216.58.201.100:443 | udp | |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| GB | 216.58.201.106:443 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.201.100:443 | udp | |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
Files
files/dom-0.html
| MD5 | 62285ebce0c376155d0ec48bade9ffef |
| SHA1 | f82b324cb40410bda124a819d81ec54007652ee6 |
| SHA256 | a0938c9251945862b8f4a151277ecb13d4ed311a18cc6d4c594e807f6f8d009d |
| SHA512 | 8508e7786ce90da61909a5272ed036a8b9b34e69499066895470e76b93fc30e57856695852b71e3be9798655bb494dbd3bbfd958341d77a25d2502674a173af5 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-17 01:51
Reported
2024-06-17 01:55
Platform
ubuntu2404-amd64-20240523-en
Max time network
147s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | u.to | udp |
| US | 8.8.8.8:53 | u.to | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| RU | 195.216.243.155:443 | u.to | tcp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | example.org | udp |
| BE | 2.17.107.153:80 | r11.o.lencr.org | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| BE | 2.17.107.153:80 | r10.o.lencr.org | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| BE | 2.17.107.153:80 | r10.o.lencr.org | tcp |
| BE | 2.17.107.153:80 | r10.o.lencr.org | tcp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| BE | 2.17.107.153:80 | r10.o.lencr.org | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| BE | 2.17.107.153:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| BE | 2.17.107.186:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy-cdn.services.mozilla.com | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | foundation.mozilla.org | udp |
| US | 8.8.8.8:53 | foundation.mozilla.org | udp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | e11847.a.akamaiedge.net | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | bbc.map.fastly.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | www.independent.co.uk | udp |
| US | 8.8.8.8:53 | www.independent.co.uk | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | hearst-hdm.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.hellofresh.co.uk | udp |
| US | 8.8.8.8:53 | www.hellofresh.co.uk | udp |
| US | 8.8.8.8:53 | lifehacker.com | udp |
| US | 8.8.8.8:53 | lifehacker.com | udp |
| US | 8.8.8.8:53 | forms.bootshearingcare.com | udp |
| US | 8.8.8.8:53 | forms.bootshearingcare.com | udp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | www.theatlantic.com | udp |
| US | 8.8.8.8:53 | www.theatlantic.com | udp |
| US | 8.8.8.8:53 | www.thecut.com | udp |
| US | 8.8.8.8:53 | www.thecut.com | udp |
| US | 8.8.8.8:53 | na-eu.atlanticmedia.map.fastly.net | udp |
| US | 8.8.8.8:53 | vmtls-np.map.fastly.net | udp |
| US | 1.1.1.1:53 | time.com | udp |
| US | 1.1.1.1:53 | time.com | udp |
| US | 1.1.1.1:53 | slate.com | udp |
| US | 1.1.1.1:53 | slate.com | udp |
| US | 1.1.1.1:53 | inews.co.uk | udp |
| US | 1.1.1.1:53 | inews.co.uk | udp |
| US | 1.1.1.1:53 | www.spectator.co.uk | udp |
| US | 1.1.1.1:53 | www.spectator.co.uk | udp |
| US | 1.1.1.1:53 | www.harpersbazaar.com | udp |
| US | 1.1.1.1:53 | www.harpersbazaar.com | udp |
| US | 1.1.1.1:53 | hearst-hdm.map.fastly.net | udp |
| US | 1.1.1.1:53 | www.wired.com | udp |
| US | 1.1.1.1:53 | www.wired.com | udp |
| US | 1.1.1.1:53 | www.businessinsider.com | udp |
| US | 1.1.1.1:53 | www.businessinsider.com | udp |
| US | 1.1.1.1:53 | h2.condenast.map.fastly.net | udp |
| US | 1.1.1.1:53 | f.shared.global.fastly.net | udp |
| US | 1.1.1.1:53 | www.romper.com | udp |
| US | 1.1.1.1:53 | www.romper.com | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.105:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| GB | 13.224.132.43:443 | addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | tcp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |