Analysis Overview
Threat Level: Likely malicious
The file https://click.mc.ihg.com/?qs=5add2cf152643e82f753ee24a3840398b2b67d8df70a4184afd46ac136da31720d3830d511080401a9e0e18c09bc5f56742c01d2e660b8d362b299e67443579f was found to be: Likely malicious.
Malicious Activity Summary
Credentials from Password Stores: Credentials from Web Browsers
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Browser Information Discovery
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-26 14:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-26 14:59
Reported
2024-08-26 15:02
Platform
win10v2004-20240802-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Credentials from Password Stores: Credentials from Web Browsers
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://cdn.appdynamics.com/adrum-xd.a6720c95d03e8e8d9e4f122a106bf00d.html | N/A | N/A |
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://click.mc.ihg.com/?qs=5add2cf152643e82f753ee24a3840398b2b67d8df70a4184afd46ac136da31720d3830d511080401a9e0e18c09bc5f56742c01d2e660b8d362b299e67443579f"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://click.mc.ihg.com/?qs=5add2cf152643e82f753ee24a3840398b2b67d8df70a4184afd46ac136da31720d3830d511080401a9e0e18c09bc5f56742c01d2e660b8d362b299e67443579f
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc0ddf11-5d9d-4ed6-b2c6-15acd058b581} 2696 "\\.\pipe\gecko-crash-server-pipe.2696" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 24522 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2af2934-7f16-4977-9642-9f4572a7dad1} 2696 "\\.\pipe\gecko-crash-server-pipe.2696" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2984 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79f5cabb-486f-427a-984c-4bce53cd5bcc} 2696 "\\.\pipe\gecko-crash-server-pipe.2696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3828 -childID 2 -isForBrowser -prefsHandle 3820 -prefMapHandle 3812 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d3786d4-307d-4792-bcd3-ab79f38afa26} 2696 "\\.\pipe\gecko-crash-server-pipe.2696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4712 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4724 -prefMapHandle 4732 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {863b2854-3019-4dce-837e-529f0a1d7cb6} 2696 "\\.\pipe\gecko-crash-server-pipe.2696" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5292 -prefMapHandle 3476 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6f31d72-8b42-4535-9476-3bba56423346} 2696 "\\.\pipe\gecko-crash-server-pipe.2696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5508 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {027c1340-e394-404c-b4cf-78fb03ac48c8} 2696 "\\.\pipe\gecko-crash-server-pipe.2696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 5 -isForBrowser -prefsHandle 5704 -prefMapHandle 5700 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54bf65ea-e8db-4bb0-807c-52e5c5b07b1c} 2696 "\\.\pipe\gecko-crash-server-pipe.2696" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4968 -childID 6 -isForBrowser -prefsHandle 4176 -prefMapHandle 3564 -prefsLen 27132 -prefMapSize 244628 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51d519b4-3931-4ce6-9b76-b1c30528582a} 2696 "\\.\pipe\gecko-crash-server-pipe.2696" tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:62283 | tcp | |
| US | 8.8.8.8:53 | click.mc.ihg.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 13.111.180.135:443 | click.mc.ihg.com | tcp |
| US | 13.111.180.135:443 | click.mc.ihg.com | tcp |
| US | 8.8.8.8:53 | click.mc.ihg.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | click.mc.ihg.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.180.111.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ihg.com | udp |
| GB | 95.101.129.194:443 | www.ihg.com | tcp |
| US | 8.8.8.8:53 | e101509.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e101509.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | identity.ihg.com | udp |
| US | 8.8.8.8:53 | 213.24.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | 194.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | digital.ihg.com | udp |
| US | 8.8.8.8:53 | e72657.dscx.akamaiedge.net | udp |
| GB | 95.101.129.225:443 | e72657.dscx.akamaiedge.net | tcp |
| GB | 2.18.108.226:443 | assets.adobedtm.com | tcp |
| GB | 2.18.108.226:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e72657.dscx.akamaiedge.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | p11.techlab-cdn.com | udp |
| GB | 23.40.43.107:443 | p11.techlab-cdn.com | tcp |
| US | 8.8.8.8:53 | e27553.dsca.akamaiedge.net | udp |
| GB | 23.40.43.107:443 | e27553.dsca.akamaiedge.net | tcp |
| GB | 23.40.43.107:443 | e27553.dsca.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e27553.dsca.akamaiedge.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 225.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.43.40.23.in-addr.arpa | udp |
| GB | 2.18.109.190:443 | digital.ihg.com | tcp |
| GB | 2.18.109.190:443 | digital.ihg.com | tcp |
| GB | 2.18.109.190:443 | digital.ihg.com | tcp |
| GB | 2.18.109.190:443 | digital.ihg.com | tcp |
| GB | 2.18.109.190:443 | digital.ihg.com | tcp |
| GB | 2.18.109.190:443 | digital.ihg.com | tcp |
| US | 8.8.8.8:53 | e2740.dsca.akamaiedge.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | e2740.dsca.akamaiedge.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | secure.target.ihg.com | udp |
| IE | 66.235.152.221:443 | secure.target.ihg.com | tcp |
| US | 8.8.8.8:53 | target.ihg.com.data.adobedc.net | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | target.ihg.com.data.adobedc.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | apis.ihg.com | udp |
| GB | 23.40.43.113:443 | apis.ihg.com | tcp |
| GB | 23.40.43.113:443 | apis.ihg.com | tcp |
| US | 8.8.8.8:53 | e124169.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e124169.dsca.akamaiedge.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | consent.truste.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.43.40.23.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 2.18.108.226:443 | e7808.dscg.akamaiedge.net | tcp |
| ES | 18.172.213.54:443 | consent.truste.com | tcp |
| US | 8.8.8.8:53 | consent.truste.com | udp |
| US | 8.8.8.8:53 | consent.truste.com | udp |
| US | 8.8.8.8:53 | 54.213.172.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:62290 | tcp | |
| US | 8.8.8.8:53 | secure.target.ihg.com | udp |
| US | 8.8.8.8:53 | messenger.usw.ivastudio.ai | udp |
| ES | 18.172.213.54:443 | consent.truste.com | tcp |
| US | 75.2.41.16:443 | messenger.usw.ivastudio.ai | tcp |
| US | 8.8.8.8:53 | messenger.usw.ivastudio.ai | udp |
| US | 8.8.8.8:53 | messenger.usw.ivastudio.ai | udp |
| US | 8.8.8.8:53 | 16.41.2.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | messenger-ui.usw.ivastudio.ai | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 75.2.41.16:443 | messenger-ui.usw.ivastudio.ai | tcp |
| US | 8.8.8.8:53 | messenger-ui.usw.ivastudio.ai | udp |
| ES | 18.172.213.67:443 | consent.trustarc.com | tcp |
| ES | 18.172.213.67:443 | consent.trustarc.com | tcp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 75.2.41.16:443 | messenger-ui.usw.ivastudio.ai | tcp |
| ES | 18.172.213.67:443 | consent.trustarc.com | tcp |
| ES | 18.172.213.67:443 | consent.trustarc.com | tcp |
| US | 8.8.8.8:53 | target.ihg.com.data.adobedc.net | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.213.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | messenger-ui.usw.ivastudio.ai | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 8.8.8.8:53 | ihg.scene7.com | udp |
| US | 8.8.8.8:53 | a1967.dscr.akamai.net | udp |
| GB | 173.222.211.25:443 | a1967.dscr.akamai.net | tcp |
| US | 8.8.8.8:53 | a1967.dscr.akamai.net | udp |
| US | 8.8.8.8:53 | 25.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | col.eum-appdynamics.com | udp |
| US | 52.39.86.134:443 | col.eum-appdynamics.com | tcp |
| US | 8.8.8.8:53 | col.eum-appdynamics.com | udp |
| US | 8.8.8.8:53 | col.eum-appdynamics.com | udp |
| US | 52.43.12.116:443 | col.eum-appdynamics.com | tcp |
| US | 8.8.8.8:53 | target.ihg.com.data.adobedc.net | udp |
| US | 8.8.8.8:53 | config.datas3ntinel.com | udp |
| US | 151.101.66.132:443 | config.datas3ntinel.com | tcp |
| US | 8.8.8.8:53 | j.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | j.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | collect.datas3ntinel.com | udp |
| US | 151.101.130.132:443 | collect.datas3ntinel.com | tcp |
| US | 8.8.8.8:53 | 134.86.39.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.12.43.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | col.eum-appdynamics.com | udp |
| US | 8.8.8.8:53 | messenger.usw.ivastudio.ai | udp |
| US | 99.83.208.13:443 | messenger-ui.usw.ivastudio.ai | tcp |
| US | 99.83.208.13:443 | messenger-ui.usw.ivastudio.ai | tcp |
| US | 8.8.8.8:53 | 13.208.83.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | secure.analytics.ihg.com | udp |
| US | 8.8.8.8:53 | znaeyokp2zrxb2lop-ihg.siteintercept.qualtrics.com | udp |
| US | 8.8.8.8:53 | prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 104.17.208.240:443 | prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | siteintercept.qualtrics.com | udp |
| IE | 66.235.152.225:443 | secure.analytics.ihg.com | tcp |
| US | 8.8.8.8:53 | analytics.ihg.com.ssl.d1.sc.omtrdc.net | udp |
| US | 8.8.8.8:53 | analytics.ihg.com.ssl.d1.sc.omtrdc.net | udp |
| US | 8.8.8.8:53 | 225.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.208.17.104.in-addr.arpa | udp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 75.2.41.16:443 | messenger-ui.usw.ivastudio.ai | tcp |
| US | 8.8.8.8:53 | 203.245.17.104.in-addr.arpa | udp |
| US | 104.17.208.240:443 | siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | iad1.qualtrics.com | udp |
| US | 8.8.8.8:53 | e12398.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e12398.b.akamaiedge.net | udp |
| GB | 95.100.245.107:443 | e12398.b.akamaiedge.net | tcp |
| GB | 95.100.245.107:443 | e12398.b.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 107.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | col.eum-appdynamics.com | udp |
| US | 8.8.8.8:53 | prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | col.eum-appdynamics.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9d2942bd8ec5a77212605226bc5e7abb |
| SHA1 | 6034cbc0b87876370be27a9052fdcbf8c473b79f |
| SHA256 | 54f9fc85e77e7277b4755b62cf67cf1af05a4389998ded534babd9390e5a2a63 |
| SHA512 | ccf310276bc687ca19b440a98563d6ed6890ac9e1576bbab81b77b082acede65f7bed81d61fc53aab733c281ad8c021cede5e8d18da0d04e63f527c84704a587 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\7dc09012-b506-4fd1-854e-42542e795cf3
| MD5 | 682603879a5bdb8494cf25564bd1bf50 |
| SHA1 | fa05d46228af3048a3e2ad4ee7421de4d0b9023e |
| SHA256 | 39d189bb4f7babb1a38ca63ea1cef037805ad3d52f4110f459792658728bf8f3 |
| SHA512 | 248857c8a85c36ebbcfb26b08d7e0814e2aa023c3aa6a3aa6c565b35a3352f4dfa8cab8af539d680207c1bf9f219250396d442c5cff17618cddafca2abb77006 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\127754e8-5b79-4f97-b293-5028e20bdd9f
| MD5 | 323303a373aa7d615e86154bd3d1a507 |
| SHA1 | bc9b0e1852890bcdce8bd2c5a3d7b3b9fd04de92 |
| SHA256 | e249a8a567d23a1e6b32592bc6c1c736d4d22df5eabd300ec30db45742a42cfc |
| SHA512 | 039dc7791d61095798c482001ca63e50369306bd0f55453b9ecaabbfa660cf85aea467256da6518b3495a175e6c4c65673d15f309b591662d62d1a254b590ac7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\0398d76a-b621-4746-933c-4d0a122156ab
| MD5 | 0c749f0871260209b9b0b02e50df8b83 |
| SHA1 | 40c3f440d9f5e284852838a4d0cae7d994daff32 |
| SHA256 | 8ef768ebd0cbaf5033636b42202430d24ff9dfaaca69ee9a69768fe22be847fa |
| SHA512 | 9dd801da58cde4530605e7f7a71961600d207d821e52654798be21864b6974c3c8298c891dde1c32cee2ebf9cab2aef21909315868007296a0af030d053192f9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\activity-stream.discovery_stream.json
| MD5 | fab3cf2d51dcdc10247f6a60964bf921 |
| SHA1 | 99d6b5929db9fa70aac2906468bc3457dfa77017 |
| SHA256 | e459227a816f57fd3bec48ee1c95569a272be7b6b1e3c5ca1a3ba3165a9ee51c |
| SHA512 | de985766b121d2a53d0f812b8a572203151dd167e9eeff7d50c16c04a5474242d5bcf65d3dd845fe738eef350fd28719f6558df9b6d70273b8ff7963ac0c1e18 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js
| MD5 | bf7f13087560f01e85854d28c23e39fa |
| SHA1 | a889667540f0a43a5deff1ffb5227db7bb64a9fa |
| SHA256 | c12dc5f43ae5f140cd9677aff3a480a6f4caeb64c1455e181729664c00f5aa3b |
| SHA512 | 1c537dd9aad40e283e34b4f6421b4b693001e11a0d2dc7cf5cc591ef70d3318f813889d3c1b77e3709ac5588c6f2fe1a4e3c28016650d133abe13a9e6f4e4da1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js
| MD5 | b7f56c3313588faf55c28fc47283a973 |
| SHA1 | 86aa83eceb37cef561198fc311b4351d5de3604e |
| SHA256 | b24013a8cb0a38938de7e8d2b34582d8a167205703a01a6978def30705c47297 |
| SHA512 | 6f71c706f05d28729def1c32c2bfc9b26de334ca05d2b4292a39fe7472b1bf106aa435c3c339e614c006914587d3d828e884dc1704a0cdd0510bb159f4c12a36 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\doomed\12750
| MD5 | 5611a227d065b4db190343c76f10534d |
| SHA1 | 50dd6628bb63975ba6a29e7d48219c4fea24ebb1 |
| SHA256 | 5f9d3da16f48524a19e9452d04bdf8add121124e85fb8b1c708f0b959ad70df3 |
| SHA512 | 57c8c18ca98c103f3fffc4e242f75caa566aa71f25b316327b0e2c533e1b27ddfddfb01aea12dd92b58a952592ad7e97168baa9d159ea0b98d8dad8b4951d63b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js
| MD5 | 80031cc4030200a3277226b9eee3ece0 |
| SHA1 | 38b20aad0bd7d8566091de8d2fb7af2e018f3984 |
| SHA256 | 962a2e28b542896591f2bc31bf80defe525de21efe441f6c6043abd44e480ce1 |
| SHA512 | be2ea1830c5e6e8ce4b69a900bdffcd672830524b77e0b91b4181f904a7219f995270a9bdb2339205ef97cea14e277954143c5e26bbdc3e7be1e09f72541eacc |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js
| MD5 | 95a8f8bdd5276cc90dc454b137d5bb34 |
| SHA1 | a1caecb59e01d5e20158d7f0d764758dc32c6d9b |
| SHA256 | 4279e94dcbf703568186627156d33a3435f6a7c155e6dc53f6ca5877c10f59c4 |
| SHA512 | 60a333e68f177c0c1b9d2005a378de5ba3ae8f54c85534cb0c7bc47bc69792809db6cbde049434ba3ea80294a6bee068267e48ec834f175c5bc3f7bb024e39e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin
| MD5 | 9dc7ad0a37806f77dcde9dc935920838 |
| SHA1 | 5e827cd0364d151cf8cecb01dc28a615076d74c7 |
| SHA256 | a6ea982f7187e06d6d2dbf50894b0e453bd4f461a0c8da5b8538c882cd7c6aec |
| SHA512 | ad864870d1e02970b35372c82ee992bfa3c7bb986a1efe33a1dc5be51b633394ed7b2b94802b967fb9d0d24c0306ae8364d17e119e268f26d04ae236b90555f4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9e8499ec610a7d1997eb05f0ba24cd1f |
| SHA1 | 15ca4cd985f95bf53f8d3e5196236dd2c1cd4c11 |
| SHA256 | f5b06e2d506877f2011cc4316c329c616954734ed180318b760239e5586b9081 |
| SHA512 | e6e7b48154a238e095e11c207c20886a22255540a7b66398faf41a8737ad5dd4ba53cb208b641dd9e2466cd855ac4f07487de67fd16ed474f14f3a64187d6810 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js
| MD5 | 0ecee4352dc458402be7397ee8df4f7a |
| SHA1 | 890bd9f868438f774ce8c14c1fd391037494d815 |
| SHA256 | b5bb5310cd84780f5d0a3e424d9b68f341272b84a818122d331acf3c67893d5e |
| SHA512 | 7acb01f9e937abfb95a98cce122e00d4864bfcb006a89c49858fb01b1d04aeddabc6763669412e59c222c31428ba4a75aed60f4425c7c5f771ac514e9bc442fe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a78f667adcde17fcff1b8f6a246855c2 |
| SHA1 | f69c320e97c8cdd02b33e87e9c946c65f0c8535e |
| SHA256 | e91bd566fe89a30569975fd88d24a3c0356589cd5caf2b95502f0f3cdd71bc31 |
| SHA512 | 48352c0fcdd65e61bdf53ef7f1abdcc437553f0a4bb5d7c9038902cf9275cbdaa2590758005f81cbd1702f2aeb796973e8d7d877604a8e3b98ac0a80969d9e8f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\storage\default\https+++www.ihg.com\ls\usage
| MD5 | 5dcd6f987b5c14fe549ccea0c535c4d7 |
| SHA1 | a9c088c20730b500c25b494add39cda910f1577a |
| SHA256 | 3a7a6aebece791e4eb9d5274bbd2c2931ddfe84227dce84e4b6c2816371f9776 |
| SHA512 | 2adf297a4f2d503584be91920d97f33024f8d3567cb87e6c047b36dc35da82aac57c116015490f232456c6d7cc25423ae6b8a091db181a2f767391b85462a76b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6cf1af1500ca416f1fa1dc6755e290d1 |
| SHA1 | 8f58556f6f6f6c79c154d3c4edbe9531517c5da5 |
| SHA256 | 53ae9baac891cb372251042c351fb6effee944034820134a31548e2a345006a3 |
| SHA512 | 24bbd21f4cf6a365fc17b06107e713650fac9148d767513a6cdb36cc311748a6b9fe17035a2d6ad1f97bec5ac6b189a2157dd67548e648fbb5d102431233a362 |