Analysis Overview
SHA256
b46875a8a1001af973be5f2b9f8ea9eccc3c87fa8cc85d8a2b4e7b93bdb79dd4
Threat Level: Known bad
The file incognito.exe was found to be: Known bad.
Malicious Activity Summary
DCRat payload
Dcrat family
UAC bypass
DcRat
Process spawned unexpected child process
DCRat payload
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
System policy modification
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Scheduled Task/Job: Scheduled Task
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-18 17:48
Signatures
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Dcrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 17:48
Reported
2024-06-18 17:57
Platform
win10v2004-20240226-en
Max time kernel
502s
Max time network
516s
Command Line
Signatures
DcRat
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\odt\csrss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\odt\csrss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\odt\csrss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\incognito.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\odt\csrss.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\WaaSMedicAgent.exe | N/A |
| N/A | N/A | C:\MemZ.exe | N/A |
| N/A | N/A | C:\Recovery\WindowsRE\msedge.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\Recovery\WindowsRE\SearchApp.exe | N/A |
| N/A | N/A | C:\browserreviewSavesruntimecommon\WmiPrvSE.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\odt\csrss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\odt\csrss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office 15\ClientX64\0fc223bdacedc3 | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Program Files\Windows Media Player\ja-JP\sppsvc.exe | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\ja-JP\sppsvc.exe | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Program Files\Windows Media Player\ja-JP\0a1fd5f707cd16 | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Program Files\Microsoft Office 15\ClientX64\firefox.exe | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\INF\RemoteAccess\0409\firefox.exe | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Windows\INF\RemoteAccess\0409\0fc223bdacedc3 | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Windows\IME\it-IT\firefox.exe | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Windows\IME\it-IT\0fc223bdacedc3 | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Windows\Microsoft.NET\authman\cc11b995f2a76d | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Windows\DigitalLocker\en-US\e6c9b481da804f | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Windows\CbsTemp\0fc223bdacedc3 | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Windows\Microsoft.NET\authman\winlogon.exe | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Windows\DigitalLocker\en-US\OfficeClickToRun.exe | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| File created | C:\Windows\CbsTemp\firefox.exe | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\incognito.exe | N/A |
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| N/A | N/A | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
| N/A | N/A | C:\odt\csrss.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\odt\csrss.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\odt\csrss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\odt\csrss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\odt\csrss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\incognito.exe
"C:\Users\Admin\AppData\Local\Temp\incognito.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.0.365293360\1699877566" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1740 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eea9e684-b1c5-4482-bb0f-ebbcdb2255f8} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 1960 1deff3da158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.1.884068069\771665008" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2320 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aab3f08-d377-40be-876e-d28ba37bce86} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 2360 1deee171c58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.2.1618362308\1497542279" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af2878c5-bdd4-4fcb-bdad-cb1ad96274fd} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 3124 1de85eb9f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.3.1931690034\2053601899" -childID 2 -isForBrowser -prefsHandle 1124 -prefMapHandle 2332 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eace958-e6a3-4487-ad5d-666ce36ab569} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 3484 1de847e6f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.4.1285449129\1444583500" -childID 3 -isForBrowser -prefsHandle 4016 -prefMapHandle 4012 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e23cea8-a973-4414-b1ee-68209ac80630} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 4028 1deee162858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.5.550406044\1636961899" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06c1d276-df31-44aa-94eb-6969b8c315ba} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 4988 1de8814cd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.6.998155947\324832699" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 4952 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27475160-d1b0-460f-a24b-6639b93c982d} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 5016 1de8814d658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.7.205782184\1010555806" -childID 6 -isForBrowser -prefsHandle 5388 -prefMapHandle 5384 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6678549e-3824-497d-9d5d-ccfa815c743d} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 4976 1de85e20058 tab
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\browserreviewSavesruntimecommon\sALjCX2DJ1FjfO.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\browserreviewSavesruntimecommon\jt4LBgBNIUJsIGJZrjCIK93Fg0t.bat" "
C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe
"C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Media Player\ja-JP\sppsvc.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\ja-JP\sppsvc.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Media Player\ja-JP\sppsvc.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "OfficeClickToRunO" /sc MINUTE /mo 7 /tr "'C:\Windows\DigitalLocker\en-US\OfficeClickToRun.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "OfficeClickToRun" /sc ONLOGON /tr "'C:\Windows\DigitalLocker\en-US\OfficeClickToRun.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "OfficeClickToRunO" /sc MINUTE /mo 9 /tr "'C:\Windows\DigitalLocker\en-US\OfficeClickToRun.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\odt\csrss.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\odt\csrss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 6 /tr "'C:\odt\csrss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 5 /tr "'C:\browserreviewSavesruntimecommon\WmiPrvSE.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\browserreviewSavesruntimecommon\WmiPrvSE.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\browserreviewSavesruntimecommon\WmiPrvSE.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 11 /tr "'C:\Windows\CbsTemp\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Windows\CbsTemp\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 12 /tr "'C:\Windows\CbsTemp\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WaaSMedicAgentW" /sc MINUTE /mo 13 /tr "'C:\odt\WaaSMedicAgent.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WaaSMedicAgent" /sc ONLOGON /tr "'C:\odt\WaaSMedicAgent.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WaaSMedicAgentW" /sc MINUTE /mo 5 /tr "'C:\odt\WaaSMedicAgent.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 13 /tr "'C:\Windows\INF\RemoteAccess\0409\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Windows\INF\RemoteAccess\0409\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 13 /tr "'C:\Windows\INF\RemoteAccess\0409\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 13 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\ClientX64\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 11 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 10 /tr "'C:\Recovery\WindowsRE\SearchApp.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "SearchApp" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\SearchApp.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\SearchApp.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 12 /tr "'C:\Recovery\WindowsRE\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 6 /tr "'C:\Recovery\WindowsRE\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 5 /tr "'C:\Recovery\WindowsRE\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 7 /tr "'C:\Windows\IME\it-IT\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Windows\IME\it-IT\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 11 /tr "'C:\Windows\IME\it-IT\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 9 /tr "'C:\Windows\Microsoft.NET\authman\winlogon.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Windows\Microsoft.NET\authman\winlogon.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 14 /tr "'C:\Windows\Microsoft.NET\authman\winlogon.exe'" /rl HIGHEST /f
C:\odt\csrss.exe
"C:\odt\csrss.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3936 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.8.198520447\192423284" -childID 7 -isForBrowser -prefsHandle 6164 -prefMapHandle 4752 -prefsLen 29528 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca4895e6-0124-4f0a-93f7-0454e2322d42} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 6216 1de8cad1c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.9.1585205039\164333984" -childID 8 -isForBrowser -prefsHandle 5976 -prefMapHandle 5972 -prefsLen 29703 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e220a847-eedb-45bf-990b-ceffea69e031} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 5928 1de8b58a658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.10.1838457343\1826175963" -childID 9 -isForBrowser -prefsHandle 5132 -prefMapHandle 4968 -prefsLen 29703 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c4fac0c-4399-4203-90a1-747ac798ea7f} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 4172 1de88d95958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.11.1436976277\1463246256" -childID 10 -isForBrowser -prefsHandle 9300 -prefMapHandle 9256 -prefsLen 29703 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae0cca07-5407-4990-9366-f2cf002f7282} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 9396 1de8b0e9858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.12.1432644826\61961056" -parentBuildID 20221007134813 -prefsHandle 10512 -prefMapHandle 10516 -prefsLen 29703 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe9f99fc-5bfe-4e13-bbbc-738a541ea711} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 10532 1de87deb858 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.13.1708969053\993551704" -childID 11 -isForBrowser -prefsHandle 5500 -prefMapHandle 5172 -prefsLen 29703 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd52450-5006-464f-9044-497923a66a25} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 4988 1de894cfb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.14.1852672424\9661167" -childID 12 -isForBrowser -prefsHandle 5632 -prefMapHandle 5016 -prefsLen 29703 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d3d6c05-7601-49c6-a186-4ba108889b4c} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 4960 1de8a162d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.15.722410504\359022502" -childID 13 -isForBrowser -prefsHandle 10408 -prefMapHandle 10404 -prefsLen 29703 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21806ce2-c093-4d22-8523-6744b796b2d6} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 10416 1de8a1c0658 tab
C:\odt\WaaSMedicAgent.exe
C:\odt\WaaSMedicAgent.exe
C:\MemZ.exe
"C:\MemZ.exe"
C:\Recovery\WindowsRE\msedge.exe
C:\Recovery\WindowsRE\msedge.exe
C:\odt\csrss.exe
C:\odt\csrss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.16.1016281024\330932324" -childID 14 -isForBrowser -prefsHandle 3632 -prefMapHandle 4172 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2709cc1f-4385-411f-9ed6-8a1862800d64} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 5648 1de88041458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2600.17.749568939\118197370" -childID 15 -isForBrowser -prefsHandle 5036 -prefMapHandle 10128 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d297b01b-b965-4660-af5a-16671f1d9b94} 2600 "\\.\pipe\gecko-crash-server-pipe.2600" 5092 1de83495b58 tab
C:\Recovery\WindowsRE\SearchApp.exe
C:\Recovery\WindowsRE\SearchApp.exe
C:\browserreviewSavesruntimecommon\WmiPrvSE.exe
C:\browserreviewSavesruntimecommon\WmiPrvSE.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /f /im crss.exe & taskkill /f /im wininit.exe & taskkill /f /im winlogon.exe & taskkill /f /im svchost.exe
C:\Windows\system32\notepad.exe
notepad.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat" "
C:\Windows\system32\notepad.exe
notepad.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49820 | tcp | |
| N/A | 127.0.0.1:49826 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 52.33.96.36:443 | shavar.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 36.96.33.52.in-addr.arpa | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a0995775.xsph.ru | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| US | 8.8.8.8:53 | 169.192.8.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 209.80.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yandex.com | udp |
| RU | 5.255.255.50:80 | yandex.com | tcp |
| RU | 5.255.255.50:80 | yandex.com | tcp |
| US | 8.8.8.8:53 | yandex.com | udp |
| US | 8.8.8.8:53 | yandex.com | udp |
| RU | 5.255.255.50:443 | yandex.com | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | 50.255.255.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| RU | 87.250.250.36:443 | favicon.yandex.net | tcp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| RU | 87.250.247.183:443 | avatars.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | 183.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static-mon.yandex.net | udp |
| US | 8.8.8.8:53 | yabs.yandex.ru | udp |
| RU | 87.250.251.92:443 | static-mon.yandex.net | tcp |
| US | 8.8.8.8:53 | cryprox.yandex.net | udp |
| RU | 87.250.250.91:443 | yabs.yandex.ru | tcp |
| US | 8.8.8.8:53 | yabs.yandex.ru | udp |
| US | 8.8.8.8:53 | cryprox.yandex.net | udp |
| US | 8.8.8.8:53 | yabs.yandex.ru | udp |
| US | 8.8.8.8:53 | 92.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | 91.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.44.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.yandex.net | udp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| US | 8.8.8.8:53 | csp.yandex.net | udp |
| US | 8.8.8.8:53 | csp.yandex.net | udp |
| US | 8.8.8.8:53 | 104.250.250.87.in-addr.arpa | udp |
| RU | 87.250.251.92:443 | cryprox.yandex.net | tcp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| RU | 87.250.250.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| US | 8.8.8.8:53 | 90.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w.forfun.com | udp |
| RU | 87.250.250.36:443 | favicon.yandex.net | tcp |
| DE | 145.239.3.107:443 | w.forfun.com | tcp |
| US | 8.8.8.8:53 | w.forfun.com | udp |
| US | 8.8.8.8:53 | w.forfun.com | udp |
| US | 8.8.8.8:53 | 107.3.239.145.in-addr.arpa | udp |
| RU | 87.250.250.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | storage.mds.yandex.net | udp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | storage.mds.yandex.net | udp |
| US | 8.8.8.8:53 | storage.mds.yandex.net | udp |
| US | 8.8.8.8:53 | 158.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wallpaper.mob.org | udp |
| NL | 91.208.52.21:443 | wallpaper.mob.org | tcp |
| US | 8.8.8.8:53 | mob.org | udp |
| US | 8.8.8.8:53 | mob.org | udp |
| US | 8.8.8.8:53 | 21.52.208.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | mobimg.b-cdn.net | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | mobimg.b-cdn.net | udp |
| GB | 143.244.38.136:443 | mobimg.b-cdn.net | tcp |
| GB | 143.244.38.136:443 | mobimg.b-cdn.net | tcp |
| US | 8.8.8.8:53 | mobimg.b-cdn.net | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | wallpaper.forfun.com | udp |
| US | 8.8.8.8:53 | wallpaper.forfun.com | udp |
| DE | 145.239.3.107:443 | wallpaper.forfun.com | tcp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wallpaper.forfun.com | udp |
| DE | 145.239.3.107:443 | wallpaper.forfun.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.238:443 | www3.l.google.com | tcp |
| US | 8.8.8.8:53 | mobjs.b-cdn.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 143.244.38.136:443 | mobjs.b-cdn.net | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | mobjs.b-cdn.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | mobjs.b-cdn.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.180.2:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| NL | 91.208.52.21:443 | mob.org | tcp |
| US | 8.8.8.8:53 | aiven.io | udp |
| US | 66.241.125.81:443 | aiven.io | tcp |
| US | 8.8.8.8:53 | aiven.io | udp |
| US | 8.8.8.8:53 | aiven.io | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 81.125.241.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | js.qualified.com | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.18.16.5:443 | js.qualified.com | tcp |
| US | 8.8.8.8:53 | js.qualified.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | js.qualified.com | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.16.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | go.aiven.io | udp |
| GB | 172.217.169.91:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 52.54.96.194:443 | go.aiven.io | tcp |
| US | 8.8.8.8:53 | pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com | udp |
| GB | 172.217.169.91:443 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | j.6sc.co | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| NL | 23.62.61.152:443 | e212585.b.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.sanity.io | udp |
| US | 34.149.250.58:443 | cdn.sanity.io | tcp |
| US | 8.8.8.8:53 | cdn.i.sanity.io | udp |
| US | 8.8.8.8:53 | cdn.i.sanity.io | udp |
| US | 34.149.250.58:443 | cdn.i.sanity.io | udp |
| US | 8.8.8.8:53 | 91.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.96.54.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.250.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ws.qualified.com | udp |
| US | 8.8.8.8:53 | lit-wildwood-9179.fathomless-lake-7710.herokuspace.com | udp |
| US | 54.163.118.115:443 | lit-wildwood-9179.fathomless-lake-7710.herokuspace.com | tcp |
| US | 8.8.8.8:53 | lit-wildwood-9179.fathomless-lake-7710.herokuspace.com | udp |
| US | 52.54.96.194:443 | pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 115.118.163.54.in-addr.arpa | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| US | 8.8.8.8:53 | app.qualified.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 44.199.172.229:443 | app.qualified.com | tcp |
| US | 8.8.8.8:53 | dry-bastion-1897.fathomless-lake-7710.herokuspace.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | dry-bastion-1897.fathomless-lake-7710.herokuspace.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | assets.qualified.com | udp |
| US | 104.18.16.5:443 | assets.qualified.com | tcp |
| US | 104.18.16.5:443 | assets.qualified.com | tcp |
| US | 104.18.16.5:443 | assets.qualified.com | tcp |
| US | 104.18.16.5:443 | assets.qualified.com | tcp |
| US | 104.18.16.5:443 | assets.qualified.com | tcp |
| US | 104.18.16.5:443 | assets.qualified.com | tcp |
| US | 104.18.16.5:443 | assets.qualified.com | tcp |
| US | 8.8.8.8:53 | assets.qualified.com | udp |
| US | 8.8.8.8:53 | assets.qualified.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 229.172.199.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.6sc.co | udp |
| US | 8.8.8.8:53 | c.6sc.co | udp |
| US | 8.8.8.8:53 | ipv6.6sc.co | udp |
| US | 8.8.8.8:53 | qualified-production.s3.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | o1408715.ingest.sentry.io | udp |
| NL | 23.62.61.152:443 | ipv6.6sc.co | tcp |
| NL | 23.62.61.152:443 | ipv6.6sc.co | tcp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| NL | 23.62.61.152:443 | ipv6.6sc.co | tcp |
| NL | 23.62.61.152:443 | ipv6.6sc.co | tcp |
| US | 34.120.195.249:443 | o1408715.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | e212585.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | o1408715.ingest.sentry.io | udp |
| US | 52.217.224.170:443 | qualified-production.s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | s3-r-w.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | o1408715.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | e212585.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | s3-r-w.us-east-1.amazonaws.com | udp |
| US | 34.120.195.249:443 | o1408715.ingest.sentry.io | udp |
| US | 52.217.224.170:443 | qualified-production.s3.us-east-1.amazonaws.com | tcp |
| US | 52.217.224.170:443 | qualified-production.s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 170.224.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 34.120.195.249:443 | o1408715.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | dc.aiven.io | udp |
| US | 8.8.8.8:53 | pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 34.111.28.193:443 | dc.aiven.io | tcp |
| US | 34.111.28.193:443 | dc.aiven.io | tcp |
| US | 8.8.8.8:53 | dc.aiven.io | udp |
| US | 8.8.8.8:53 | pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | dc.aiven.io | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 34.111.28.193:443 | dc.aiven.io | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | 193.28.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | go.aiven.io | udp |
| US | 52.54.96.194:443 | go.aiven.io | tcp |
| US | 52.54.96.194:443 | go.aiven.io | tcp |
| US | 8.8.8.8:53 | storage.pardot.com | udp |
| FR | 13.32.145.118:443 | storage.pardot.com | tcp |
| US | 8.8.8.8:53 | dyp9ewo5xs1mw.cloudfront.net | udp |
| US | 8.8.8.8:53 | dyp9ewo5xs1mw.cloudfront.net | udp |
| US | 8.8.8.8:53 | 203.247.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 34.111.28.193:443 | dc.aiven.io | udp |
| US | 8.8.8.8:53 | b.6sc.co | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| US | 8.8.8.8:53 | b.6sc.co | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | dc.aiven.io | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
| US | 8.8.8.8:53 | b.6sc.co | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| RU | 141.8.192.169:80 | a0995775.xsph.ru | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\ba7b5b30-f163-4d5d-abe6-9dcf60a9074c
| MD5 | e56851d8f668d8c95a915a85588e84c2 |
| SHA1 | e38115918cd4fc917912701eb20d1bf23e1904d1 |
| SHA256 | 7a21aea5d7b73f9983c3734cf4d419318b975410933c3c4b738f1eff8b129b3d |
| SHA512 | 3d5608b97c70d8fb73f89175ce021ce8f1690db85d2660e1a4171175f5d23a9db45bf67c0c30875d61b0a1c7b2feefdc5002c132742a6b06e530db10efac732a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 1e9517c9095e073c2a83f122df00f73d |
| SHA1 | 9d93e8a8a4fa862ba947817b48f61a59bebe1927 |
| SHA256 | c3359ba9fcdf0040afaf028f7233764ac273f6cf4876b6d26aee0e8b041dabe0 |
| SHA512 | f6ace31921f94b8f810171985a37fc0328ae5d4c7baa6a452e8a00fa21bdfdc082558ec9d8c98f25abca9356472c2ee09d476b67caa8da5c280f13d4ede32803 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\31e32eb4-4fb5-4dfc-b44b-7b4a22c8af1c
| MD5 | f2d6950313f0f1cd5c3ea7a4ed33efaf |
| SHA1 | 42faa90e7140af46215556dd9acb0b6125286ab6 |
| SHA256 | 7280ac334661d825a97cdc556de92a87c7f55a436cb4b06d6468bb32c2e4d940 |
| SHA512 | 6c9de4033d6ff385985e023e784021fa2cd891aaa42177bbe06ba98f01be6966165b4888f87725c223aca00d7afb63539dd1e20698693e9ab85c1fd8b7c6fded |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3ba600cf68548ddace43c940ee6ec357 |
| SHA1 | b162a57517c9f2a77c44c5ddbd2287b0f36f3222 |
| SHA256 | 40eb1424662c978348c2bcba8c54dad2307319310fa31aab375f34654e4c87fd |
| SHA512 | d377e0021bb506cd3e11f1ceb803e802c26e9e6efc1270d5f7899cb05c5bb664dc452764b9287c9371b5b32cd1a6aa1eb51e23eb1fd4f43f513b1e113a54b12d |
C:\browserreviewSavesruntimecommon\sALjCX2DJ1FjfO.vbe
| MD5 | 5b4c9d21a4263bd3310afbeb618f42e8 |
| SHA1 | eae0a7615464b86cb86ba6110dd96d78583d5f3c |
| SHA256 | 87ced7720839bd67e4843c2bb8eaac2de03c608f1a2ee66068f551a3c74ef40f |
| SHA512 | c2d275195169c7ed9746d2ad0741da073b84903c1c0831adf954f1221faa465a5d31a3885b33303858f66fa82fdb69e4efb058f8e7c36b06eefef900900fefb0 |
C:\browserreviewSavesruntimecommon\jt4LBgBNIUJsIGJZrjCIK93Fg0t.bat
| MD5 | 4c037bd86379e42fb1367ad486900857 |
| SHA1 | 1c12566e86fc161508cdc1fe77e1fa57682d8782 |
| SHA256 | 4e815d481c421f6285580f0d77190113a5f21292ac2c69e3a0d62a0797e4fb65 |
| SHA512 | 04188af986d5bb7ecbc53f1ef83d7673c8f31b3b187d2e3f0281aa3affec3cda56dfe50b19959dd8ef57aad3af6ddf00f9cf1fd5c48d057f0808769f841ceaf1 |
C:\browserreviewSavesruntimecommon\HyperBrokercommon.exe
| MD5 | 02006b9d56f2799d5fd9ad8a3e9c698d |
| SHA1 | 89ba4cba2ede6543a8c3a943e51d05af666ba3b4 |
| SHA256 | 1e502065aa16df514c741ddc34e5857d16baaf7d352c088dbfb239a955430517 |
| SHA512 | 47efbd1b4b4bc5f6cf2ac17650d1a5bb4af256989ce05ea3e38bdb5eb3f7009784cf34a1a539fbc1ec9c39cf5f0cd10cba746dc117a3c71cab102f2e20dfc2c9 |
memory/5368-109-0x00007FFC3C363000-0x00007FFC3C365000-memory.dmp
memory/5368-110-0x0000000000790000-0x00000000008B4000-memory.dmp
memory/5368-111-0x0000000002950000-0x000000000296C000-memory.dmp
memory/5368-112-0x000000001BB80000-0x000000001BBD0000-memory.dmp
memory/5368-113-0x0000000002930000-0x000000000293A000-memory.dmp
memory/5368-114-0x0000000002970000-0x000000000297C000-memory.dmp
memory/5368-115-0x000000001B400000-0x000000001B40C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c8ecd56ee050afbb6215225deb1a2250 |
| SHA1 | cf9b47960bcb7b994ce36d8d80365b9be1400139 |
| SHA256 | 79579070598d2e76a298caea7579cd3266a1b402036c4d14df2c3d6d4b968f8b |
| SHA512 | 4ffcd0b113cfa7cf642cfce084e8bfdb22fd382b80bfdfcd7cb2d3fc1432b6aa7050ab1653b1f0352a54c27176159c22f87dd85d0a77761721c68728b63dabc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 64f1ec211645cc7078521168ec1628fc |
| SHA1 | 591213dd2db38422afc60dffa6f1959564528934 |
| SHA256 | 356cb16540f56519c8e7b1e478b02260197c877a706d98fad6e7b768b4ece6b1 |
| SHA512 | be046fe7f2844378ae152b40de85eac69e0836bb81d78fd64f22ca39c86671db127d3acb3025b563d8c37ff83badf330fdf056784b82426fca0f6a38e94ea402 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | cc91f73ddc03b1e2dc2a0d7393060137 |
| SHA1 | 616431f10ce00c4dee8c7f27d73316e236f971db |
| SHA256 | d5ace3df4f081c0937b1ea7ec9d67c311f0df8dd151395019a1b9fc9337bc89c |
| SHA512 | 5bdd26531ea63c2262c2d2b0b5d92218858dab23ba03fbee6e7955b988480f191448dd8c234b58f2e76b195b01c08398b77e93a69186ea0595706c9dcb6cceeb |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 5108b9eee00d703b0059f08a74569bd6 |
| SHA1 | e8feea5b1dc54c3f124381dc3f58fa4e78560283 |
| SHA256 | 7617ac107568700ea62e8b7860697726727f3ca3d3b8c0f3f4ec6ee71ec5c057 |
| SHA512 | 4ee5305f8b1ccc2c318f9f2cc9d5d13a20c8f0c38c59293f46b13a2b162aec0367a498f420b002866ab8d7b5ca2154dd3eb4731979fd19a64746edf7dcf0cf7d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bfca92202035f9f3338cc7da8396fb71 |
| SHA1 | e1702aae5c5c8c1c363e79e0ad3659bb4e821174 |
| SHA256 | fc7b60c7abe10b0774855234bbb16a263638b49f8d9c104ccfbda4757cd208d6 |
| SHA512 | e981db7fb8480f86a0527e1fbbc3f1ce8359355eef5d23ca3d02000f1e630e3672e4064621cc458b14f9883918cac480d0eeef2357a54a2d2ab2e0f3c754faca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 970962ff8e6a0a6109c2212c35290fec |
| SHA1 | 311c9909febc906236c438376d95a921f393d79b |
| SHA256 | 1d034abf5e6fc51e93dd83219c8e359985bd65ab12be907eaff5e58b173772d5 |
| SHA512 | 29aa03094fecb273db60ed5992b3e559e6d6350bb3526ff7101dfd84c3abad391d4a1d86351381d44ed5965700d8e50b2160bc99e72af4c14d05f6242dd7446e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f068add9278254bd1a4ec0134ef70d1c |
| SHA1 | 248ad6dceb7dff009c6d1494f8542ba137a3af3b |
| SHA256 | 0ff63074211bf925fbc906808f222f2c0ed376f74784a11e1a5cec159f15c98f |
| SHA512 | 6e806e18c328cb5b443423e13440f5a386ba20657ecca54e6d59491be081616354c9feadc82bd2aecf880b8d061ebbfa75d8670ed0c9453e4e0146327192c0a4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\74950636C4663B118D367945420A8679039FC30F
| MD5 | 1d3d124ffee7cd51a40949f4286fc93d |
| SHA1 | ad2d1372b2ede1a9345604f464486e8d6e119ad2 |
| SHA256 | 3a932c1d9115aebe0546381a993a6c1ce93a2bfb4229ed0d7c5644486a8deb47 |
| SHA512 | 743053cbc56bf560d489f28aa1b4524773ab451717c684742d520159bca7b3057ffa6d34d6f331163bbccd2c52d10f8f476ef1217d45e762361ea1be0863d934 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\12752
| MD5 | e4b7ad7ee110af1bd23395b3792d3135 |
| SHA1 | 9274596ab743be28afa765bcf8f8c51fd31bacce |
| SHA256 | 9dae247f637ab29d3e1957ce85831dc976e99b4601c9911dba90442970cb1cde |
| SHA512 | c9692b58eb69ba2b5fe7c34445c05e0b751101757a94a9183090e6c61d6ad7c96164752785e24090bd8745428885a54d5aa589a5237ac54218609917b3191719 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\1744
| MD5 | 1cb73472b682cf11c04e207e665d3330 |
| SHA1 | 73a0773581650feb5e142d709e53d4caa0db0a1b |
| SHA256 | c0083c2c3e067c41a4d6146968d5ee54207ea477606ae9e42980b022510bb27b |
| SHA512 | 9882afa7e81277f3ae9b170e6943c5430eafd96104178de0cec796084679dfa8df5d2208aa1cefbc965b14baac971e117060600fadabda811cc30cd8094f802a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2440
| MD5 | 4d44471cdb9454acbc32419f0253e6b5 |
| SHA1 | 69c0bb62dc37173135925ca4a399f6cec0e94c79 |
| SHA256 | 41a6a30935c2c7c0ac08a90ca6ba518c9518c5a755bfc47a35a689c558924c26 |
| SHA512 | c1abc3406b4b907da37c8e512b1f4bec2286adc03f3f2ad347c0e0855d97f674439f3fb58cab5dbf6155eb8208baa47177a3cd8f1f5cc82e7c0c4efa59c805a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 902359e46f8d97d49f8b936d9ccc9756 |
| SHA1 | ee1700ee20c96eae17f127f32c31a7bbaf4aaebc |
| SHA256 | 0471c47fb74b53c37f3daca626dced48bb1cd374324a6284214c723d8fca63b7 |
| SHA512 | a6846245809942f1cff18269b310de77c19e9b2b0a102d852511fd4ed4fa076230c6d25016a44bccaa8600fcece04b7c9292fbe8471fc06baefc2aea51cc365c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 60e531aee56d8b585141e27172389606 |
| SHA1 | 27df9a4b3cd037f87b4126719d9ce38a5549062b |
| SHA256 | 4700a1fccb38082fcbb70d07bba99580fac08645533ebd803b2e50f71490be22 |
| SHA512 | 58abe9612d1a35043739f6fd2eea9b4ba917877b6ec9a7ab545dd3fa1236cdcae23db261a82217971ead578b10816f502770e39b8ca2794ea3ebbf291264501d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 4437f23ea6c515a2313a917e32e764b4 |
| SHA1 | f7b52abf420a784f872218e0a9cf88715732d622 |
| SHA256 | 0aaa06e67fb43b25d6ab0073a3427f8ce7a55ed385dffee82641f8c3e424c5b5 |
| SHA512 | 82730dac8006f08b2c922b60c240cabfdaeebfaace22ff86e75582578e0dc0bc6800c37ae624ae3d74ce39035eb06fca7a4de2e985de69ecda7b3bb55920670d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7a341c4d74a08178c0750755ecd49e18 |
| SHA1 | c9d32130fc7a0baf18072c1012ea8d38b350ceae |
| SHA256 | 634ab1b246af986b642fd009274992522df53a3dfbf3d2e57fb917eb7f0bb36e |
| SHA512 | 5da2a205d7ab6963a53cb917d7af2f1afa20603011e4842c139f375174c4c41eeb847bddbffd990d9efd3f5aeac9dc749083787edc5a7f9dbeb21e345d703ad9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\0b007ad1-31b4-4bbc-b8dc-813cba3dc24a
| MD5 | 54b5c4b6e3eb5afd8026a7ddd54a920a |
| SHA1 | 4048777786bd26545da49413cc480a58e4f25a07 |
| SHA256 | dda24058b29fdb54b9fc2e808b46b4752ea92c5fa173e143695584d3608ccd9b |
| SHA512 | 70bce7e09c3e5387a9dcbaf2193d5f7bf10d9c0e61fe72a0aeea2415abc5fb849eca8888cb20bafdce2b5837bb0ba3cba8ba7d7f1111b1b84ba80aef4daee73e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\c202a6dd-018b-4075-b1d0-4a5c98e6e62a
| MD5 | 50d714ee668b2ca6886f2a45f690770f |
| SHA1 | 9d27ef9bf1f931a93e80a5647f732b6b1f910b5a |
| SHA256 | ad93085a30eb54530b02625aa09c8e722dcb4b4b2d29b071f6bc116f0225834e |
| SHA512 | 5d0eb05c3bf7c83b652ddb063dc1f505198fb8771ed05c0ce081790f518b1c4bb5b08e9d1f903f2fa009c97b9cc932999aae70e1a30942086222ae7cc637d151 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27382
| MD5 | 2716b1263f1fdbb194596f2fdbd30f06 |
| SHA1 | a00164dc09be2de0059598a2d1ec25174e32a152 |
| SHA256 | 01ddbb13f90eb375c531805b155b0a6d35d5867e5fc21a04a48b33ce5f2e1eb8 |
| SHA512 | d3bab425905bd1b6e42ace5e445ac5f16416dd36ac772d7c03bb2c3f60e72dd5c43a874267ab69083f2d4559e2a4ca4269770a35c9bcd815aa198c82c5c6ecfd |
C:\MemZ.exe
| MD5 | 424755b9f13cdb742d503836bf09e63e |
| SHA1 | b4cdc234fdca58519edf14fa3b0bb3a522249440 |
| SHA256 | e0e95c4be30bc2199018c4a44b4df874ee991665d0aff048e39b1c905cc9da56 |
| SHA512 | 29dd79ca6d2e451da0b0597c1d6b4cd860a8641438f139dcd3ecc02ecd0a638feb28e41b2088fc2e360b27f5c343b1843889686070307bdb26077593791972b7 |
memory/5680-3006-0x0000000000090000-0x0000000000098000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bb12c92d7e4e113616e57740a0ced7f0 |
| SHA1 | f3ba0cc0a8fa9279690e900135a439cd654f7b7d |
| SHA256 | 1746de5c0c79fe05b79f36f60ceeddff635ecf874bfcff4298fe809f5ee2491c |
| SHA512 | 739fadd8366eaf93c8172e91150f7b754fb25105ebf9bf57e2272daeee1f9e03fa0eea7c930744b82f26712e2187d7a1cf3d6ffc05518de6072ff6d86542b3d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | 2d818c8d3f11c777a7173021eeec0d0c |
| SHA1 | 86f3f5856486d7e9dfe47f7d1bd149a7dfa58d50 |
| SHA256 | f54c6abf649a8943894be400023570276f58b7033838e0a5d91c0443b8ca1f2a |
| SHA512 | 07b7b7ebfc6e7ef2d1f8dc1203955687f873ea40fa915565603efa5e8c866ca37bec28e49f3fd55a00b74bd35069ab53c2e9ad49c4be58fcc40d1c074dc85a2b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 936f8a598eb376de0d5eb42ed5797cb6 |
| SHA1 | 6b28e2ef107a8a68fd6f3015e08b47f24585ee44 |
| SHA256 | 26df699e4108ce6004bce4aa6abad72ed6c5dea5993095643e3bbe8c570fcdc1 |
| SHA512 | 4486380da707a2f1b83f7d6fe9081f5d8504cf32d27d1177b41477a6ec4cd579e42f099a954de69ab021a4316db6091c920c8f95ce8e98db1b7a748479dce8eb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\1B03622FD5F4301499E98FFF85AF2C61C65BF871
| MD5 | f561a67d49deb7fe073da1dc6584affc |
| SHA1 | b8c86ced9f0f921e0d16b197db75c935274d6c58 |
| SHA256 | 06f14d637e2c3cffed39c2b219929089943a8018f99801ad11c76f893e90a6c9 |
| SHA512 | 5fdc98367ca2f69131aee594a48860f2455438e8c1ec2943f1084d0560dc07df83c2333f4a495f87485be93708f1150673c85d9089bad052d7ea9756bfe6dca6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 33964ab28797b2e234bde70863fba7a5 |
| SHA1 | cc42db07613ccb03b12974b53e9c0e92817b8237 |
| SHA256 | f764d09ea772277df2c3d59f0ded45ee7043f402937497204eeaefc7a8a03704 |
| SHA512 | f98b5195aee5e8611e9b222ba4fdddd514811a257f21f8baa590c4fe575b23db377d349b1cb07cad483efe4d74a3e2a8106d74cebfa65fd7447cff3c4de3e22d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++aiven.io\ls\usage
| MD5 | d52e504668be1e822c813872821d4acb |
| SHA1 | 99bdbdfacdc5cf0f787e040ec645b708f0f46bc6 |
| SHA256 | a62907e4af5342a211558a6b74cdab70b7c52961ac9265799ca9696bf058f409 |
| SHA512 | 01a49d0026ff025cfef303f31022e9dafc29bb43542f6719a8f91c65e1ebc64066e593c709f528142044933e1bc8f595ac25b2aa6d7cb6d84a482040db0d957f |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WmiPrvSE.exe.log
| MD5 | baf55b95da4a601229647f25dad12878 |
| SHA1 | abc16954ebfd213733c4493fc1910164d825cac8 |
| SHA256 | ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924 |
| SHA512 | 24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 24eb11717573b0075e0e4df282db5d7e |
| SHA1 | 06e7449358021c2353dba358b55c03e0559b8036 |
| SHA256 | 88c4704fa0d60862bec809b8642ac1c27108325a2a2ff6238d1e2d6768c07aef |
| SHA512 | 6fbba125c2c4879827e91fd11e67c7c81243be0cdf43bdd2959b2b53ae5728b0398596298ad658e49688005c7b500aa2950263ce249f7dd386e0f799799bc26f |
C:\Users\Admin\AppData\Local\Temp\SXiopUTlQe.bat
| MD5 | 2020ae7235e4ca2d098b2a6acfd6a923 |
| SHA1 | b390363f25cf5539bbaefffe4805893a3fd4f016 |
| SHA256 | caec56565830252605e355886227771736c3d40808a423e97f93a2dcb632a34e |
| SHA512 | 13a3b1ebec1f09d0eee9866e8c403c66a29fb530b0c9056246d623e495fac915b5868471b51d95c869636eded94b6115d234a645971d27e7b14eeeda5ecbf9fa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 5c37975fe6ac218459651460449e86e9 |
| SHA1 | 2122784667995bfb8e0e52e9a6aacef077460a69 |
| SHA256 | 1fe09d11d75859467f1a274c44da0c72bed477b88978f2bced879b0dee23bacd |
| SHA512 | f233bea5c70b07a7fa0953ce334ba26887ebab58f2434ff26f2d9159e2f274e5e46175e4c3d4d5e9dcafd72f965d7cc61cb4df58e313a54ae1579d370f8e931d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\72f6a3a7-0606-465b-a714-8f1b6a6587a7
| MD5 | a3f9dbdaa4539fc6461afa0964fe994c |
| SHA1 | 2ba79d37ffa4e5f7406da4a9282fb01ecf7f554c |
| SHA256 | f8e37cd1cc8074fc34a68a63668d05ef251ae810e2c35f1a0e76d171a18d6d81 |
| SHA512 | 67ffbe99a7ab68cc7c41781cd9cdbfdba841e39d7b3b1c7b9a79d4145873a969773b5812c124b521b72838e2747c85192b54fe8cb5ae8edc7c22758e5d02f9aa |