Analysis Overview
SHA256
9d2c6becf74342dbe3b00ee4f0e01aae146d3ae54ee89058c56702ef0487ccae
Threat Level: Shows suspicious behavior
The file mig.rar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Enumerates physical storage devices
Detects Pyinstaller
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 11:20
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 11:20
Reported
2024-06-19 11:23
Platform
win10-20240404-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | mediafire.com | N/A | N/A |
| N/A | mediafire.com | N/A | N/A |
| N/A | mediafire.com | N/A | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\mig.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\mig.rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\mig.rar
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.0.1734048347\1363539524" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1632 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eab50d3d-9b5d-44eb-9f4e-2b66ceeab2fe} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 1736 2584d505f58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.1.33854124\1733839865" -parentBuildID 20221007134813 -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aecddb17-8955-4e66-ab05-1794c12019ea} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 2128 2584c30cc58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.2.190135427\720124301" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0ea3816-d383-490f-a7b3-14a7c16bf301} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 2972 258504dae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.3.1515027975\1573237792" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 3136 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52092e34-2e40-4cbe-b9cb-502695097025} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 3580 2584ed31258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.4.1292218975\1584590949" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a796db9-0566-4767-8d0f-f288bf6d908d} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 4952 258527c3258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.5.2082575786\1465545882" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f6b950b-4b18-4aba-916e-98be0f9e5d18} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 4980 25852d60a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.6.1262219947\181371767" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0c749f3-91e9-462c-89ff-4c547f37b3ef} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 5260 25852d61658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.0.548709657\432600519" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1576 -prefsLen 20871 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97399c98-6da3-4f60-acb5-f22b6a3aed7a} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 1700 175d0cfb958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.1.1933307694\606107590" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 20916 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8739bb71-c330-43c3-aac6-94aeaf38510c} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2000 175d093a658 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.2.1586821445\1323031595" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 21377 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead71206-55c6-4525-8b3a-bb7a645ad093} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2652 175d46cab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.3.1930198894\347114784" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26555 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb71f876-c24b-494e-a026-ce8819599a7c} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 3488 175d47be958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.4.2135217086\211353119" -childID 3 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83da8077-5927-4ba4-8e6d-c5eb8d10b3b6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4360 175d6faaa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.5.300875890\1092511026" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f4ed84c-9743-4e1b-a69d-643821cb52c6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4948 175bea5f858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.6.864033129\357177316" -childID 5 -isForBrowser -prefsHandle 3476 -prefMapHandle 4872 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87f10de7-fb79-4f61-bbc3-f5aedfc54697} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4400 175d7bab858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.7.2079774976\581414487" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55dc869b-da4f-44fb-b679-c49f3ee6f08b} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5180 175d7babb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.8.938767015\1311018856" -childID 7 -isForBrowser -prefsHandle 5528 -prefMapHandle 5524 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cb33fcd-294d-4c41-ac13-a39c8fbd989a} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5540 175bea5b558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.9.110112706\1650064580" -parentBuildID 20221007134813 -prefsHandle 5532 -prefMapHandle 3244 -prefsLen 26879 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c373c6c-e47f-4c7b-83df-8f3800c9b779} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9872 175d592e258 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.10.604370340\1147046307" -childID 8 -isForBrowser -prefsHandle 9508 -prefMapHandle 9512 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e034efa-edfc-4ec5-8e32-834d94417ac6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9500 175d89c2858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.11.408371872\1923070658" -childID 9 -isForBrowser -prefsHandle 9500 -prefMapHandle 9484 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfa1d075-8ef2-40ca-9520-2124fc720cf2} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9336 175dae96e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.12.1997064004\1240957416" -childID 10 -isForBrowser -prefsHandle 9156 -prefMapHandle 9152 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f09542c3-a83c-48e8-968e-c84ae5e49f7e} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9164 175dae97758 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49759 | tcp | |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 52.33.96.36:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 36.96.33.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49765 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:49934 | tcp | |
| N/A | 127.0.0.1:49947 | tcp | |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mediafire.com | udp |
| US | 104.16.114.74:80 | mediafire.com | tcp |
| US | 104.16.114.74:80 | mediafire.com | tcp |
| US | 8.8.8.8:53 | mediafire.com | udp |
| US | 8.8.8.8:53 | mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com.cdn.cloudflare.net | udp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com.cdn.cloudflare.net | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| GB | 216.58.213.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| GB | 216.58.213.10:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 188.114.97.2:443 | go.ezodn.com | tcp |
| US | 188.114.97.2:443 | go.ezodn.com | tcp |
| US | 188.114.97.2:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.16.52.110:443 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.219.188.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| GB | 172.217.169.42:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 188.114.97.2:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.42:443 | translate-pa.googleapis.com | udp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 104.16.52.110:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 78.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.249.9.41:443 | cdn.amplitude.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| IE | 52.213.38.247:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 54.203.47.28:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.38.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 52.213.38.247:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| FR | 18.155.129.34:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| IE | 52.213.38.247:443 | ad.crwdcntrl.net | tcp |
| FR | 18.155.129.34:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 28.47.203.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.129.155.18.in-addr.arpa | udp |
| US | 172.67.142.121:443 | g.ezodn.com | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 172.67.142.121:443 | g.ezodn.com | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 172.67.142.121:443 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 23.227.151.194:443 | ghb.adtelligent.com | tcp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| FR | 18.244.28.8:443 | hb.yellowblue.io | tcp |
| US | 8.8.8.8:53 | d.vidoomy.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ghb-adtelligent-com.geodns.me | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | ghb-adtelligent-com.geodns.me | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | lb.vidoomy.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | lb.vidoomy.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.151.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.30.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.83.36.212.in-addr.arpa | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| FR | 99.86.95.185:443 | cdn.prod.uidapi.com | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | d2avimlm6gq3h9.cloudfront.net | udp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| DE | 142.132.249.188:443 | ghb1.adtelligent.com | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d2avimlm6gq3h9.cloudfront.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.95.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.249.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download850.mediafire.com | udp |
| US | 104.16.52.110:443 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 51a2bec1cba4c772ea7df79b688a108f.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.65:443 | 51a2bec1cba4c772ea7df79b688a108f.safeframe.googlesyndication.com | tcp |
| US | 205.196.121.45:443 | download850.mediafire.com | tcp |
| GB | 172.217.169.65:443 | 51a2bec1cba4c772ea7df79b688a108f.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.121.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 104.16.52.110:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download850.mediafire.com | udp |
| US | 8.8.8.8:53 | download850.mediafire.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| FR | 18.155.129.103:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\58a5a68f-a2d1-42a3-a9c7-559818c05e4e
| MD5 | f88f4a42d763e52d93e8e2d04e809134 |
| SHA1 | 0f1e3b262f08f9101d981a9900bd7e977db7bf86 |
| SHA256 | 726cd0bcae54c4e5823fe4b25116ee07b3f08e55d26a1c3f69f55cef1707478c |
| SHA512 | bf339c5829b9147ba1c807d3dca0a4c3a8869151988f88deca1c08ab3a5eb126d294281c6ca5c631e7af7a8c69b908554143e84ac8ae3a2ade2c4c102d9ae615 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\8590be2d-85e5-4b05-a2a7-12344350c942
| MD5 | a6859621859e17dd64da3693e597f864 |
| SHA1 | d5ff0388c89ee08690c7a478b5dad98ee0bbf672 |
| SHA256 | 294d622bb5b9cf29ab9c4439cdc10fc0b6288069b10526d7c6d86db34c3035ee |
| SHA512 | 8ff4d5a3b97a939f7c066d5433f47f445234f8179f36b40cb4cbbd2ea33e6e8070e2c624ababb2dd565255c09491cd64a8672a43ae7f4f02d848e4aacf72c899 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 2648406df869daf6f7b0b63c228aacd0 |
| SHA1 | 99a181bbbb8b3d6907cfd04c3d626584c345ab95 |
| SHA256 | 238ce1a280c329872b7ee1fc3c8791dc82dc5614cfbe2fa4896cc966e356e486 |
| SHA512 | caea151d3dc7e11fbb6b2b3c656bf4c2ac43869cf595f716f6310293dc47991234f21314e76f0d1e216516e1f61c144cd738ce055e06dcb81d96512371355424 |
C:\Users\Admin\Downloads\KmrSCnao.rar.part
| MD5 | f5a74fbbe227e97606196d2ec04b6b1c |
| SHA1 | fb859eb77b7b336469c0e5e9535de3e765aabaaf |
| SHA256 | 9d2c6becf74342dbe3b00ee4f0e01aae146d3ae54ee89058c56702ef0487ccae |
| SHA512 | 8a1b1544e23b945d3770d375dcbb740b8b158f0b270d4ce89243a142f1e4b26607565040480d748fad5a5c8753a6bf009f3e3042b1ceb04e8cf6230a04852c27 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
| MD5 | 883e26bb5ae3aa94c1f7bd4314dc75dd |
| SHA1 | da17c67806fd00e07845ee95d9950aff49267b90 |
| SHA256 | 8adcfb82f660d2ae736c21141d4052c81eb192a7fcf3fc3fc9e2a13f7e52b98a |
| SHA512 | a671b1eba634cd6e659d8c01d22d115629b79bed6c819e63fb2c0492cbd15b031cd11a778430b2e795852f48fc170ad0db2af6a76dcbc51afb419210fe61f64e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4
| MD5 | 1daab3344552b1029d2dc64e281eec27 |
| SHA1 | 4314979740f3b938ba0f903654762649bb1eb57f |
| SHA256 | 038385794b27bbca12a2c46f60d2a8bc65abe9e302428ffa72ab4dff3285c35e |
| SHA512 | e5dc5a45759979c22e6df2e887559aa3a49fce194d0c99585c141dc30a91b50e5f885feab23a6a3a3481042386a78d188c57a93784763b432c8d80385d5019bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
| MD5 | 9f2e29af97c337b0a1f75a5f0db7daa4 |
| SHA1 | 233d14f0e1493da4ec54e6d558be6771e570d8ff |
| SHA256 | dfa1bdefeba851772b9140bd9e8e9aa1b575913ba67d44f7eb54ecf96bdff488 |
| SHA512 | 3c22b987e300ee3cae283a0930e89ce153cc782ca4a66bd895587b2f143caa459fdd91f65ea3e5942c968cd3b8e9e68f3614c172c0612d52d359e27d667d7f41 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache.bin
| MD5 | 96a3edf9bc4f7adfe3a36c81bfa326c2 |
| SHA1 | e7dcba185cd5b1db12e407d1bc6123c1519df15f |
| SHA256 | deb057a910e0c0f33f841d236ec56e197224eb6bcf10f8f702f8cd488fa05f1e |
| SHA512 | ffeea7557ad6ad612532fad25a4c29e5f3136e8316a66c50bcb8a11db24f59f3e250aed01caa304877fb21b054653c5885ec8ecf8bbc85e2216ef99d083f395a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\xulstore.json
| MD5 | 58e240288763218d12bf235d34e5aee2 |
| SHA1 | 89135494b57f590011c09668dec3b90d2c5ee9ae |
| SHA256 | 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176 |
| SHA512 | caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\urlCache.bin
| MD5 | 78e9bde83fbbd72e2404532880b2b473 |
| SHA1 | 0ce1a50e320f9e019ad2e9bec8c8e32a710a2bb3 |
| SHA256 | 9ed3efe6ae9073daabdae60d35cb57276377b4106d6e33ff75c5754a62e7e33f |
| SHA512 | 83aa93970a39209a876d37889f4e8e673578055a6798b586565e030850ac7cbe08ed4fe09a702ca7171653c9ea317b058157b12c037d0e08402d2a50186a9167 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache-child.bin
| MD5 | ba124be5761a8fbe221625fec2d7ee84 |
| SHA1 | f8617b00ee3c0d312c28852369da1878d564ad73 |
| SHA256 | 2f4592abf022de009ea331c95b31ef760e78efa67b20c7d66b054e8914d027dd |
| SHA512 | 53ce61703079932f08d881d51daa75f46a808b1ce64c1c0c85d56b6af2e6922294ffb7245ffa6375b8106ffd6e9750612f1ce53b97d955e792a707a2c277cbeb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 3018d1aad8385b734068dbad441e344e |
| SHA1 | 2a3925bc92ec843db64b6db2cd6fe18ccf084a86 |
| SHA256 | f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88 |
| SHA512 | 7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json
| MD5 | 362985746d24dbb2b166089f30cd1bb7 |
| SHA1 | 6520fc33381879a120165ede6a0f8aadf9013d3b |
| SHA256 | b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e |
| SHA512 | 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 14ae155c2e864ce7c50f42c2724cd2da |
| SHA1 | e487403f5dcdbc3228ba7c7a817e33eed9a5a521 |
| SHA256 | 4db348b54f151afda5d1d155de5e576396a84f6086c7a6ba6ebfd72215296d7d |
| SHA512 | 143541d02fc58e1d79efa39392dab83e8d595778858c7eb27b6ea1479324c9034d883b16635ebe379c75afaa3e843c7e6df91f134985a6c2e6462e46db462c5d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt
| MD5 | 6ab17f83f6a990949a2670330ecd5335 |
| SHA1 | 4ecef939aab21b9f1be25b44d89a2fc284d89d9b |
| SHA256 | a937bb55b3c88e94907be287244fa132b10e15740a078e29ac9bd2382d792603 |
| SHA512 | 3d3bb66cd0584c5e1c814b6a69cf1aaeb9194fddd20192029f5137cb94dba9a26fb5b6e4b25030c510f037d9bba8011283052181223f01c22aff9bfcedeb2508 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cert9.db
| MD5 | ae9be5ecea458a0a5d7a48c997db7f67 |
| SHA1 | 2bf3217a38c6a2471fd727aada9b352b42ebe79f |
| SHA256 | a7ca2edb552a6754ce7be3dbb4e1856b5b0bd00bcfb88b16ca78bb04e8d4359e |
| SHA512 | 43e9a2ea7ecadc0b2a1e720f4a9e698ddec9486849725ac428867c695624300b74a580bb4bbd63d87a9862460cb37aa173133679e7d8d999de97e9446f82d362 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\places.sqlite
| MD5 | ebdc8a10755644311b89fd4ead0bbdec |
| SHA1 | 8762835c61375df637416676d56e5bd5797c10c8 |
| SHA256 | 2d0f5cd517d899f2373806e16fdfd9757f094dcad61a2008e21380da4ca48692 |
| SHA512 | cf74f53c660a582d8bb40afd3d31bc1a6ce0ae57b98dfb95569fcc1167634f4af429ebb54cb81f08472071d7643f1f888cc8694c8e0849bec73b097792e00004 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\79b410de-f328-43f9-a464-e5e033913f8f
| MD5 | ff1234ca66cfa93e9695d738992fdaa9 |
| SHA1 | e0629bbaa1b28c1a9bd6109908b9fceb55e2ff35 |
| SHA256 | 0f57d2ea75c4b4d30845fe3510c76f46c234ab2f21ce428aa828860b58e59370 |
| SHA512 | 6571c6345d28277d88636e3fdaf1b3efcb133ea19db48479b6ad1014ad1ee8108d82c187eb03da639cb7d0f10584a8b4c5c7a3b3c3349f4ea539ccc635ba0fbd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\protections.sqlite
| MD5 | 49397db0486dc59d607907a086f40c9b |
| SHA1 | 08742ce9db9569062def08e99eea8470702feb7d |
| SHA256 | 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4 |
| SHA512 | fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
| MD5 | f3aa0d48ba52eb53fc74832aab250ff2 |
| SHA1 | 676e739b686e71258805dfa7610d63befb353837 |
| SHA256 | 2467a71f47f7d793c56dcfea267a0cfe0c3f342f082b48abe77aa2d7e0b192d7 |
| SHA512 | 04616ba138bd5c459c11c92d5364237977accc9159b1f4bce2cd5b976b6e70eb65ce1ed4d1e7e3e5c8671beb9627369676207254a0fa05caafe645529f48abe2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 2a5d991dbc7939a7f05d6292ba1b95f6 |
| SHA1 | 3c0a66a7556cb4d4c7ae0e850070704d50ca0187 |
| SHA256 | 2f367158dd88b014d21cbbc1a8b6f1303dab478ab5b0c1323081e7c3dbea1dd8 |
| SHA512 | e8214a6f7f13db4e378236e54c3670003b8b1e6d346ad95814dcd9cee0b0cbe64dca3117b37f4650197aee437946a2bdbbe15de682f1890492287782c98b50c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | cd6beff75cf34f10429b1699b254c2e3 |
| SHA1 | da40ee47bcc201b301bfff7f9141e31edeba9185 |
| SHA256 | dbafbf64c69592e0b06a7f3d40a309d80fbdd4ef88cdfe61e2562ce6abcfc1c9 |
| SHA512 | f4c85bc31a8024256b18dfcf1a295ffc3ab2180d1a7061091d174bf4f0ece6acabaf7b2b34de740ea1be45c355597876501c247266138f32ff6571d5f7b165bc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\AlternateServices.txt
| MD5 | d03fe0ce1a5907cbb8a6904c15cc53b3 |
| SHA1 | 363cdc58a832031aa533f2ce6f4f50a8aa8910fd |
| SHA256 | a5b8fd4d4720329e6875bffe183a39bcf9612cf1b784c888a8665411e1cd8ac3 |
| SHA512 | b4ac52688dcb4402161c26b572741a69d819abb92f509194542f327d0edfb3af8037d98f92a2e245d2dcaccf7c920d1aabfeb28772bfca7d6f034be843b13e65 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 1eadee17eb5170b7fd19d16f83948ee3 |
| SHA1 | 1df425538a67802680339e4cd3e1926c7c39ce9c |
| SHA256 | f060c3546dd41785ed96b74fd8572193e51c8fdabcbcbd7b99b797e638a85737 |
| SHA512 | 9e080d3c8068338266d6797e77dd9e120d45b42ebe749bad06b6f2ce65213de529ad4510337670ef82713373abd9f6f6f8639b62b7e403f586c8fc5b8d55cf19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f0cbd46100f12c56d8fae2f9d68976ef |
| SHA1 | cc8681b77cb8d185631f8bbffd84ee447ad9fc3b |
| SHA256 | e65e95fd4378d074c2f09c86f28fb2020a3a3858715f1752dde4fd95691811a1 |
| SHA512 | e9268459109f91baf4d62bff8eb1de2acb8afc2f355f19101037b9352b86c53278c3e0a9264d8477084c22f57cd49c4e93f147e990c94b56e704b49da0c3b870 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
| MD5 | 63376b50631f9a4968eb6d2b9c6a4938 |
| SHA1 | 378d22ff8bac83db73c2143c8f617c0e706f59a0 |
| SHA256 | 6aaffe0d1a052a10ca93372065cdde06f9aa13e691ac0219b5cef0ed34309255 |
| SHA512 | f44b646653d117392ce1058c42ae66945ad367dc1838d1fb1b3d2d4eb96fa3909fffbb9aecf08fd1e138791eb973d07de5b8bea370a4a5c366a3cf1a499e7a0d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7b66e749a31e901f28bc02ffef78598a |
| SHA1 | 7bed739f790ceec0d223c1d65c0b2c947dbec15d |
| SHA256 | a6468655a8c0f59a376c0937ab41dda0bad13fbd5416e57f8cc108a23330d469 |
| SHA512 | e7ea963473b66b4403854656649e883d810878017f3e70740a8501e43fa88851c8df084df7216c348fc2a844525149ed8f0ba0e0adc875e4e1cb224865e20d8a |