Malware Analysis Report

2024-07-28 07:08

Sample ID 240702-pr5vvascma
Target https://sc.link/Faqyp
Tags
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://sc.link/Faqyp was found to be: Known bad.

Malicious Activity Summary


Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-07-02 12:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-02 12:34

Reported

2024-07-02 12:35

Platform

win10-20240404-en

Max time kernel

42s

Max time network

44s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://sc.link/Faqyp"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 512 wrote to memory of 592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 2228 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 1328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 4448 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 4448 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 592 wrote to memory of 4448 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://sc.link/Faqyp"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://sc.link/Faqyp

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.0.1088591853\1407099856" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31a1a4cc-01ae-4baf-ac51-0eeb34c097f1} 592 "\\.\pipe\gecko-crash-server-pipe.592" 1780 266c29ba158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.1.986699721\531799023" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f24193a-30cf-4211-98f9-04333cfb4dd3} 592 "\\.\pipe\gecko-crash-server-pipe.592" 2156 266c2905358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.2.1573085215\816824714" -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 3080 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {993cf038-832a-42a0-9c74-6ad92976993c} 592 "\\.\pipe\gecko-crash-server-pipe.592" 3096 266c67e7b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.3.190566783\1495809602" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3536 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49870737-3bc9-4962-9d2c-a3611c9658eb} 592 "\\.\pipe\gecko-crash-server-pipe.592" 3568 266b0365f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.4.642810647\770437396" -childID 3 -isForBrowser -prefsHandle 4780 -prefMapHandle 4804 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f0220b4-a6f3-47ab-872f-a648ceefc4b1} 592 "\\.\pipe\gecko-crash-server-pipe.592" 4820 266c8bca958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.5.689749078\1837574169" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4948 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78547d74-5952-4d92-9398-ecf89b61a4d0} 592 "\\.\pipe\gecko-crash-server-pipe.592" 4836 266c9823f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.6.1547605556\859489903" -childID 5 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e1592b5-0108-479e-b383-e47f107d3296} 592 "\\.\pipe\gecko-crash-server-pipe.592" 5124 266c9822a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.7.324954709\424309839" -childID 6 -isForBrowser -prefsHandle 3200 -prefMapHandle 3108 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a7dc926-a32a-4f96-b3e7-931c0ef8d76a} 592 "\\.\pipe\gecko-crash-server-pipe.592" 3192 266c534c058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.8.192689456\753594167" -childID 7 -isForBrowser -prefsHandle 9196 -prefMapHandle 9200 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a70f5a2-4dec-46b1-ae1c-80b5ee2c43c5} 592 "\\.\pipe\gecko-crash-server-pipe.592" 9220 266cad65858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.9.1354203844\448158006" -parentBuildID 20221007134813 -prefsHandle 9540 -prefMapHandle 9532 -prefsLen 26689 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9adedd93-0fbf-48c1-b530-322934918db5} 592 "\\.\pipe\gecko-crash-server-pipe.592" 9560 266cad66758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="592.10.1427017343\863795865" -childID 8 -isForBrowser -prefsHandle 5040 -prefMapHandle 5108 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a94542e-026c-4e88-baaf-f81349d7e48a} 592 "\\.\pipe\gecko-crash-server-pipe.592" 5052 266cadaca58 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49761 tcp
US 8.8.8.8:53 sc.link udp
RU 178.248.232.231:443 sc.link tcp
US 8.8.8.8:53 sc.link udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.242.121.21:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 sc.link udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 231.232.248.178.in-addr.arpa udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 fastcup4.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 172.67.146.202:443 fastcup4.com tcp
US 8.8.8.8:53 fastcup4.com udp
US 8.8.8.8:53 fastcup4.com udp
US 172.67.146.202:443 fastcup4.com udp
N/A 127.0.0.1:49768 tcp
US 8.8.8.8:53 21.121.242.44.in-addr.arpa udp
US 8.8.8.8:53 202.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 151.101.1.229:443 jsdelivr.map.fastly.net tcp
US 151.101.1.229:443 jsdelivr.map.fastly.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 steamcommunity.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 151.101.130.137:443 code.jquery.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 142.250.187.227:443 recaptcha.net tcp
BE 104.68.92.92:443 steamcommunity.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.187.227:443 recaptcha.net udp
US 8.8.8.8:53 96.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 92.92.68.104.in-addr.arpa udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.steampowered.com udp
BE 23.14.90.89:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
BE 23.14.90.96:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 136.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 89.90.14.23.in-addr.arpa udp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 151.101.1.229:443 jsdelivr.map.fastly.net tcp
US 151.101.1.229:443 jsdelivr.map.fastly.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 steamcommunity.com udp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
BE 23.14.90.83:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 83.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
GB 184.25.193.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 a1949.dscb.akamai.net udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 a1949.dscb.akamai.net udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
BE 23.14.90.97:443 a1949.dscb.akamai.net tcp
BE 23.14.90.97:443 a1949.dscb.akamai.net tcp
BE 23.14.90.97:443 a1949.dscb.akamai.net tcp
BE 23.14.90.97:443 a1949.dscb.akamai.net tcp
BE 23.14.90.97:443 a1949.dscb.akamai.net tcp
BE 23.14.90.97:443 a1949.dscb.akamai.net tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 74.90.14.23.in-addr.arpa udp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 90.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
US 8.8.8.8:53 api.steampowered.com udp
GB 184.25.193.136:443 store.steampowered.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp
GB 184.25.193.136:443 store.steampowered.com tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\f2e0446a-73f6-4ce1-bbc9-56459fe4eac6

MD5 301b1b611565bbd41e389173020c37ef
SHA1 077866b30333d2dc06ccdb9b9726e14cd9105bd8
SHA256 d43ecf21abe7339a6a8714e0e9e507fa89995c8bf81b4b0a62bbab57a9450c4a
SHA512 ba84c99fd4639581c42487492c856391f2bac9836caa99cab1fc02368a835606be0feedfe4d057f309a3eedddde4ec82fdd4f2cc3d904ec517c8eec0dc5bd1ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\23768978-d513-4fc6-832e-e5e1e1d0cded

MD5 027698144ef902b6bdba68c64166b0ad
SHA1 c1c76365188e75e5fd2a56ec6ab4b8ebc7a7c115
SHA256 81fcccd90d8023e28a90a234f017e31611e72a6edd9e904a9faace8dda6c3863
SHA512 ead7fd194e1878946784770061500822605895efbc9e762140e62fe82c202a56606344edc38a176412e4847ddd052b43d8918a0d90f87332e2a2cad497e39fd3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

MD5 09e1233f65a3b3916671abe4ab7359d9
SHA1 3734a730cd6d1ec10662ede7a1b6133d111752b1
SHA256 b66a894d6966696cd01ce776590287cb6e050d5115cea8744bbcde2cbfe377af
SHA512 73869d7de0586368f9a7ab3e87832f1ceb159168262ab4fd8c8048eaa35da7ac3982baa48715e5735fb9dead1e79a92ce8347d5665aff84f32a7f3e0f77b9373

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3fce64c3cf23f070dbe67b544cebc92b
SHA1 84d5104a0aedcb8c73e2ce79598ae97d8190fb8e
SHA256 21679f659e81fa16d78fb675003b34c8cba5d361da34399b1938ab1a86e4590f
SHA512 8f99e44cbc39b256ae6087d962cdc1a31dc674ea3542eb48e55dbcd2ff8c3602ea8940373d8429036e86b2340e3d1cb267dee7bd97890c861601f212f6dde2b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

MD5 5570144d33583107399209e74f44232a
SHA1 3fe0aecc22f233d2807ebdf47d596ce432364d40
SHA256 ad4e1f6910b1e8191fcf7d5ab414c561f8374414be874ac2a1cd389f89cc3a8c
SHA512 3ce7a7623318629f8bb246792225b41c0474646af5b75797a8740c198187d0135dd357cef6fe53f7a77de3ac62776d3fc7d33dc3ca7693dd9e12707b13a45e9b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 03793727bcce09cab350d04bed541284
SHA1 0cbd893c61829bf69310cb069e52fdc454503468
SHA256 2c52c913c6ce1e578259f6f3e8603878b638bf38321c74f513c28355e3d037dc
SHA512 65494698b8e95c3ed80c063ace2669348cb4b2b137c51f044a572896af8a1b497779c01ac0a402ca2e17edbb21fc981b65d06fa79d4c604d2d7b22d0ee66b22e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

MD5 b66c483a2307db307af20302328c0e71
SHA1 c93db09adfd259a29c1bf425a74c5dd3ed8daa99
SHA256 22ee98167584e272ec6c441f78b422967991ba1f2959897fe9384a8199f6c667
SHA512 fad1bc2adf607d57f980399074ce6a511541694b7a4111e5f29c489bfcd166b30136f82ba009334832d63f1646134857847107a9a0f821e9e044d5c81a7a747b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 342d4cd8b1f9e706441624484d904e61
SHA1 9dda3068697e3b523158e1572dd738358d5d534d
SHA256 2877484e72a1e366fa7b88eaa8c889f487d069b3d32c592bfbd06c7e164ab97d
SHA512 bbdd36b3ad9825780a19450b2ec0f54c71c91c6c65e2d3c3d6af80e2785defa9d6dba3398baeb4fde052509455213ea87a13b05fc4b1aadc608c8ceef32a8039