Analysis Overview
SHA256
3e3a0c2cbb2fe6b325f14d2c0a353647dcda20c3bc46d0e8da959ed47b702261
Threat Level: Shows suspicious behavior
The file sample was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-10 19:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-10 19:38
Reported
2024-10-10 19:41
Platform
win7-20240729-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\clippy.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.0.2126621153\1369490620" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48e89dcb-455b-49d0-b21c-981c2f36b59d} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 1304 118f0858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.1.591254821\2120446552" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {565dee60-f04b-4d6f-a4a7-bd087782fd2d} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 1516 e70558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.2.1957835372\662161290" -childID 1 -isForBrowser -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f304ad0c-0e77-4da4-9312-6bed17c2b888} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 2124 1b3d6558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.3.855747808\909196998" -childID 2 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73a25a43-cc3d-4a4a-b8b1-ee525df23710} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 2748 e5c258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.4.889452843\1199329501" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 3748 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {172c6fc4-8d05-4c91-b659-de38e4886cbf} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3796 1f711e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.5.1914356325\1163682627" -childID 4 -isForBrowser -prefsHandle 3908 -prefMapHandle 3912 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8adec523-e40f-4ab1-aa93-52e8b7bfc22b} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3896 1f710658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.6.1135811916\1093935959" -childID 5 -isForBrowser -prefsHandle 4076 -prefMapHandle 4080 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaab20d1-e0c8-4701-9bdd-f602bceb0f1d} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4064 1f711558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.7.594219967\1984034723" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4124 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e64ae517-ed2a-422f-81b2-37fcb884512e} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4112 1ce2aa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.8.401849668\1543816981" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2160 -prefsLen 26796 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c6a4676-c224-4a1f-8420-3de61909ca33} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 2124 205b1e58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.9.1470317465\704928987" -childID 7 -isForBrowser -prefsHandle 3680 -prefMapHandle 3420 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df5ed531-f180-4d70-b118-6502e728423c} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3672 205b1858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.10.2106818114\1269860136" -childID 8 -isForBrowser -prefsHandle 8208 -prefMapHandle 8212 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c732872-f10a-4640-b884-973c1ed99bc5} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 8196 1dc93e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.11.993663418\243952736" -childID 9 -isForBrowser -prefsHandle 3672 -prefMapHandle 4476 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45e6fbca-449d-4aea-89ec-cc4cbdccfe1c} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4396 b23a058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.12.479376446\1700553416" -childID 10 -isForBrowser -prefsHandle 8096 -prefMapHandle 8168 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9aa339f-b8ed-4750-bf0b-6be681498bbe} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 8100 b227e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.13.1798861754\152768193" -childID 11 -isForBrowser -prefsHandle 7836 -prefMapHandle 7832 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83f69250-f903-4a83-90cc-57b2d0ae5530} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7848 b228458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.14.773800693\323163661" -childID 12 -isForBrowser -prefsHandle 7700 -prefMapHandle 7860 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {512f0d2b-ad34-429d-8ca1-0096dc85e498} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7704 23977f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.15.1122772422\1431581722" -childID 13 -isForBrowser -prefsHandle 4216 -prefMapHandle 4204 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ecad845-378f-44bd-a08b-120732eafd34} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7648 2199cb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.16.85931677\1658440967" -childID 14 -isForBrowser -prefsHandle 8120 -prefMapHandle 8116 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c575ad7-ccc4-40ca-b185-72fd06dc451f} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 8164 b227858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.17.1072033488\1686352071" -childID 15 -isForBrowser -prefsHandle 7804 -prefMapHandle 3692 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f731da3a-f0f1-49ac-82d3-8e999166e105} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4300 2199e958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.18.426613328\878933376" -childID 16 -isForBrowser -prefsHandle 7760 -prefMapHandle 7764 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1265ede-a2ee-4cf6-a972-482a04dada7a} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4408 b3fbe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.19.1726011301\443711110" -childID 17 -isForBrowser -prefsHandle 7512 -prefMapHandle 7516 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {393f9a40-dbcc-4f69-8bdb-6b7e0a7c7811} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7500 1ce2a158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.20.1238321025\953648087" -childID 18 -isForBrowser -prefsHandle 7924 -prefMapHandle 7864 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0962c8cd-c34e-4644-907b-437f1ec8fa74} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7972 1ce2a758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.21.221069896\431461945" -childID 19 -isForBrowser -prefsHandle 4200 -prefMapHandle 7512 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c96dc637-aa30-4fe2-99e0-cda388313b3e} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 4432 1dbc3358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.22.2033954980\899332894" -childID 20 -isForBrowser -prefsHandle 3208 -prefMapHandle 3168 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee53bde1-2bb8-42fc-83c9-52ece74bcce1} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 3276 1dda9e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.23.1468770491\450645883" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7024 -prefMapHandle 7028 -prefsLen 26836 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2effcd62-2a70-4e2a-88ae-ef359b8ba45f} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7012 205b0f58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.24.1862389818\160531008" -childID 21 -isForBrowser -prefsHandle 6868 -prefMapHandle 6872 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c16331c-65dd-4c2b-8c5e-0df0f249a698} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 6856 2199c558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.25.729433683\495671343" -childID 22 -isForBrowser -prefsHandle 8112 -prefMapHandle 7528 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92afcd7e-dce5-49cd-adce-3c13b60fa517} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 1124 239a8758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.26.1308641169\1534991604" -childID 23 -isForBrowser -prefsHandle 2148 -prefMapHandle 7368 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cefc6ba3-289a-43ee-8a27-bc2c607974b5} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7160 b388258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.27.1894907608\1946505117" -childID 24 -isForBrowser -prefsHandle 6848 -prefMapHandle 6832 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c4f3fd4-2746-46b0-b745-8608ac5fc58e} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 6780 1dc90e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.28.17889420\1691761879" -childID 25 -isForBrowser -prefsHandle 1664 -prefMapHandle 7188 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5ea7eba-351a-459e-874a-39b473512d49} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7048 b3aff58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.29.88699469\647573265" -childID 26 -isForBrowser -prefsHandle 7188 -prefMapHandle 1664 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef89cb16-48a6-4907-9bb0-35cff7b79c91} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7212 23003e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.30.148315278\193595517" -childID 27 -isForBrowser -prefsHandle 6684 -prefMapHandle 6688 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c02a3af-8f2b-40c8-9d21-3e4823a0e994} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 7044 23004158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2576.31.1803927684\1776014795" -childID 28 -isForBrowser -prefsHandle 6568 -prefMapHandle 6564 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f43fd4b6-7ece-4514-a8ba-17e11062c7bf} 2576 "\\.\pipe\gecko-crash-server-pipe.2576" 6580 23004a58 tab
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49198 | tcp | |
| N/A | 127.0.0.1:49206 | tcp | |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | maps.google.de | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | maps.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | maps.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.201.113:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.201.113:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.201.113:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | udp |
| GB | 172.217.169.14:443 | youtube-ui.l.google.com | tcp |
| GB | 172.217.169.14:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.38:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| FR | 151.106.4.82:443 | bonzi.link | udp |
| US | 8.8.8.8:53 | d36ee2fcip1434.cloudfront.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.200.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | uk.gilook.com | udp |
| NL | 81.171.31.85:443 | uk.gilook.com | tcp |
| US | 8.8.8.8:53 | uk.gilook.com | udp |
| US | 8.8.8.8:53 | uk.gilook.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | imagedelivery.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | imagedelivery.net | udp |
| US | 8.8.8.8:53 | imagedelivery.net | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 104.18.2.36:443 | imagedelivery.net | udp |
| GB | 216.58.213.2:443 | securepubads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 216.58.204.78:443 | syndicatedsearch.goog | tcp |
| GB | 216.58.204.78:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 216.58.213.2:443 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | partner.googleadservices.com | udp |
| GB | 216.58.204.78:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | a866ec2a8b75cfb3193c6810c1a550be.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | a866ec2a8b75cfb3193c6810c1a550be.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 142.250.180.1:443 | a866ec2a8b75cfb3193c6810c1a550be.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | afs.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.97:443 | googlehosted.l.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| NL | 81.171.31.85:443 | uk.gilook.com | tcp |
| NL | 81.171.31.85:443 | uk.gilook.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| NL | 81.171.31.85:443 | uk.gilook.com | tcp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.3:443 | id.google.com | udp |
| GB | 216.58.201.113:443 | csp.withgoogle.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.14:443 | youtube-ui.l.google.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.38:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.softpedia.com | udp |
| US | 104.22.12.228:443 | www.softpedia.com | tcp |
| US | 8.8.8.8:53 | www.softpedia.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.softpedia.com.cdn.cloudflare.net | udp |
| US | 104.22.12.228:443 | www.softpedia.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | cdnssl.softpedia.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | windows-cdn.softpedia.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d23sp3kzv1t6m5.cloudfront.net | udp |
| US | 172.67.5.104:443 | windows-cdn.softpedia.com | tcp |
| US | 172.67.5.104:443 | windows-cdn.softpedia.com | tcp |
| US | 8.8.8.8:53 | windows-cdn.softpedia.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | d23sp3kzv1t6m5.cloudfront.net | udp |
| US | 8.8.8.8:53 | windows-cdn.softpedia.com.cdn.cloudflare.net | udp |
| US | 104.22.12.228:443 | windows-cdn.softpedia.com.cdn.cloudflare.net | tcp |
| US | 104.22.12.228:443 | windows-cdn.softpedia.com.cdn.cloudflare.net | tcp |
| US | 104.22.12.228:443 | windows-cdn.softpedia.com.cdn.cloudflare.net | tcp |
| US | 104.22.12.228:443 | windows-cdn.softpedia.com.cdn.cloudflare.net | tcp |
| US | 172.67.5.104:443 | windows-cdn.softpedia.com.cdn.cloudflare.net | udp |
| US | 104.22.12.228:443 | windows-cdn.softpedia.com.cdn.cloudflare.net | udp |
| FR | 18.245.175.102:443 | d23sp3kzv1t6m5.cloudfront.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 3.64.79.185:443 | api.cmp.inmobi.com | tcp |
| DE | 3.64.79.185:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.180.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| GB | 18.165.154.87:443 | d2avimlm6gq3h9.cloudfront.net | tcp |
| GB | 142.250.180.3:443 | www.google.co.uk | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| FR | 18.245.194.122:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| BE | 74.125.206.157:443 | stats.g.doubleclick.net | tcp |
| FR | 18.245.194.122:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| FR | 52.222.169.95:443 | connectid.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | d1402xccwihzsp.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2avimlm6gq3h9.cloudfront.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | d1402xccwihzsp.cloudfront.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | 4ff3a7c504d3f67c5211907bfca0a73a.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | 4ff3a7c504d3f67c5211907bfca0a73a.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 142.250.180.1:443 | pagead-googlehosted.l.google.com | udp |
| BE | 74.125.206.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.179.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.179.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.179.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.179.225:443 | cdn.ampproject.org | tcp |
| GB | 142.250.179.225:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 142.250.179.225:443 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| FR | 18.245.194.122:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| FR | 52.84.174.75:443 | config.aps.amazon-adsystem.com | tcp |
| FR | 52.222.197.95:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| FR | 23.51.100.75:443 | e4536.g.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 104.22.4.69:443 | id.hadron.ad.gt.cdn.cloudflare.net | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 5d8469e4bddcdea5d0b8a5f13454baaa.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 54.239.33.159:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 142.250.180.1:443 | 5d8469e4bddcdea5d0b8a5f13454baaa.safeframe.googlesyndication.com | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.1:443 | 5d8469e4bddcdea5d0b8a5f13454baaa.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 104.22.4.69:443 | a.ad.gt.cdn.cloudflare.net | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 44.227.183.117:443 | ids.ad.gt | tcp |
| US | 44.227.183.117:443 | ids.ad.gt | tcp |
| US | 44.227.183.117:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 104.22.4.69:443 | p.ad.gt | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | sda.softpedia.com | udp |
| US | 172.67.5.104:443 | sda.softpedia.com | tcp |
| US | 172.67.5.104:443 | sda.softpedia.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 172.67.5.104:443 | sda.softpedia.com | tcp |
| US | 172.67.5.104:443 | sda.softpedia.com | tcp |
| US | 172.67.5.104:443 | sda.softpedia.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | pug-ams-bc.pubmnet.com | udp |
| US | 8.8.8.8:53 | pug-ams-bc.pubmnet.com | udp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| NL | 185.89.210.153:443 | ib.anycast.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 198.47.127.205:443 | pug-ams-bc.pubmnet.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.net.akadns.net | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| IE | 34.246.240.116:443 | ad.360yield.com | tcp |
| FR | 51.178.195.216:443 | sync.smartadserver.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | rtb-csync-euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb-csync-euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | p.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | p.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | sda.softpedia.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | sda.softpedia.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | pixels.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | pixels.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| US | 8.8.8.8:53 | softpedia-secure-download.com | udp |
| RO | 146.70.213.157:443 | softpedia-secure-download.com | tcp |
| US | 8.8.8.8:53 | softpedia-secure-download.com | udp |
| US | 8.8.8.8:53 | softpedia-secure-download.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin
| MD5 | f39730e0bce38a43462bea3926ffb2cc |
| SHA1 | a2cec3eb7e2cf09db790166d091aac880831e50c |
| SHA256 | 954e5ae72b1d917e524f899c30c395e25c5cd7b6c3c7539c0f2c4cf83219c0cd |
| SHA512 | fb405ceb58eb420cce75039d419f7aa5743c0fb855cbcd7741748b33dab9ec1c5ad141c42930a1206d5711c35bbbea50584474ecf1a9d5c480d5e47b58ad7a11 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\fac673ca-b260-4c4b-88e5-9c6113a1eb50
| MD5 | 2612f29d1ad37d6a2ddfe28a6dd4945e |
| SHA1 | be6d60341a59d72329731b8630376ec520692ad7 |
| SHA256 | 3ef5e5e1c6f0ef1aa126ee1cc9c202c23659d849c47569e19cb53971aebecd5c |
| SHA512 | 83666c7714b82d8319ef15605599ba8a4f120a3b2bd2fdfe321b87723fd462e2dc4181f21f283532bcd7f05dbbf54d1f3abf0d734b0bd4bd5bc77b6e14f52789 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\4db6e7ee-beb4-40cc-9c0e-cc0392c8a8ef
| MD5 | 8bd4c5f4a6efb3a09cc9bddf94cba2a3 |
| SHA1 | fd002011fe0d7e74cfca13068fb74b541d074a43 |
| SHA256 | 8890d440a6d5811d320198f6758e8ed12f323bedc620a59edcf741e856af84b1 |
| SHA512 | fcf4a724443a7b0729ee5e08f0144c667e89ed361493e47c966468fd60867eb2c19a2183e182b526ec8b5b4e0eafcfe4dbd6459a957dae7d2207df00d0c5122d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 0130d2b53d14c8a7967384b76294ec28 |
| SHA1 | c1f4f419120702d6e3e0614b6820203b970fd90e |
| SHA256 | 289d7557c2bd0092e8cc9a998d4c2b209b73f6aac31c88da8b5b4dd328396bb2 |
| SHA512 | 0a79b8dbd3f2b45b80cfccf4a76b23c9e733b9fdd947b316397c144107747702825fcafa6fed41034205279fd8a8ef91b86c8cf51fb2ffb7e65fce2adfa8fd94 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | bece0acf9d7f19d01c7943c54d2ad372 |
| SHA1 | aef59ca4b0fe97f32db128e103bfb98aee3b5e29 |
| SHA256 | ce40f79585195148ac86928d18da80b963cc98d6feb83c1c2e75e8b6d6ef39f8 |
| SHA512 | 105fb01521fca054766d1d1e46cf3bf177b8bab44800f7bbad9a84f388af32e745474b3cc4f70c1fd779b4e7bcf0912502860092e1824f7ba4b52c612ba5a70b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cc1a304ff6c352c9911127d71256751f |
| SHA1 | fee0b92d742d91a633e5780b8066e31efaa627d2 |
| SHA256 | 0b58f946179a631463f1444028ac7de01f036b26291a0ae973bad369b22da331 |
| SHA512 | 6a71ce257cc3929658d56bf27b259616a2f2a61e9c7545a65c62d2c6772aad0bf98013471f10477de3cd98dab4c5f941fc1afcde3633580af9220ea0c2ae7e56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js
| MD5 | 0ebd938a36de3b21e659d189bf3f5750 |
| SHA1 | 48bf964b3d8d20b926cc358df6fc3298512aac05 |
| SHA256 | b79415379df0cab781ba82afee5be4af1f875d480fb3c5ee4415d88f188766af |
| SHA512 | 520a56c5ae7db6d3b66bbe865ecfecf6a3c4f37fa4f0143ec9f2c16cce9a3359672fb44f3688da5206b86fb7eb3af4def7a25bf8650e4e728fa51cf82bab6f01 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 81357e3ea1c472f4b5a36d54d48626a2 |
| SHA1 | 8eaf65d0db967c2db23100e87d22bcd16d24413f |
| SHA256 | ca5cb5d1a4052cb3f285541af19fc2da67b31c8360fe39dd9c9e9040c3826f9d |
| SHA512 | 1f8efe09417ce65a8c3e3527f02593f56f29745d321769bb4d78f8f072755b63b12c6acec538b32a955110a103e0d539e54b6357d952a89d36fc9a769d65c27e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cecb663f9733fd2047722a2349354b4f |
| SHA1 | 0791523f8f23d257e0b6aa7afeaa32666bbf556c |
| SHA256 | 33d9536d7fa04a3cbd3b300ce04e8694ff1b8e9d88b14e09b8ed2f3a0173c0ca |
| SHA512 | 6381a71351a94e9ee34395353a31a1d14fa3a0b607f7f19a05d1900a123ac2096070129b99b1a37f85d2d85312bb2e46b572aa851726f00e620124e2ea2a5280 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\1240
| MD5 | cb52be6eb94cc570f90934995fd1966b |
| SHA1 | 09d3c4fd0d0c3d2caeed9f3b799932ffcea809b9 |
| SHA256 | 408cd43c9644f743a082284c9c4da5b32bd63c4f4d9f0733faf56cc4f900dc2e |
| SHA512 | 602b624a922330adfdf5d54b4d61e116516812c4cad15d6f26040eac7189a6cc4e0c59516c1cee0a0a49e6ccf464fcad28e562547a7faf3055f09475824c9444 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 54a669d9b3c478b9393f74c61cac4f7b |
| SHA1 | 05f6f1de62a275f53cbff1b3894bfb629fc7e2dd |
| SHA256 | 556ef94096477bd32812d17e59f18f0331f5486c008d0349c8244e3584bf70ea |
| SHA512 | 9023e63568ff14c2dce2282458e7b2da9f76c2042aa1c68d956574e1fc8b6fa3c115911ca5284cab1d53502a838e096fd3e3667e249aabca94049ed8424c09ed |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\24093
| MD5 | 31caa67af40da0605cfd9f5e0d05decb |
| SHA1 | 8a887266547217622c311dc6d9443d9ef69afbd6 |
| SHA256 | d572045f4214b55d9b85dbc199b9d0b6a6b9f203073a44fe07a41ac89349c440 |
| SHA512 | d5c655fda1da0a83d32ce15e304a44014e5a733b4584caf171e0b3b2674d26cc02411bfebcb8353f61ec3889c44afa729b8428b7479299d21e6645c47f32fb0d |
\??\PIPE\samr
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\2D826BD682ED46E2B50DA3AD49E455C6EEC72FD6
| MD5 | eb616e2e58ca35728eb3fc1185e68ffe |
| SHA1 | fd2f074ccf1282108b619c42c90bf01b76e6d7ef |
| SHA256 | a57c2a8522914b1fadb68d2f93c64c4bce25df0585062d6d703a84ed26ce8fe4 |
| SHA512 | e099595a491b36d533bdc1c836e3fcedf13480151666935e60a02f7837debe3cdca767f82419d910487a90d827f7e14c37c32476a972db43cc5201146fe33d74 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\BE3AA76B4C0728ECF10B6708B86ABC71DEF4CBEF
| MD5 | b543b35d7f0b29c77ad2b2a816250c9d |
| SHA1 | d13470243ef22b886612c99a67efc26c2223cd9a |
| SHA256 | 9727bb871315e3c76d2d80a48a38fc1a4993f316e320804ffea60b585c02d338 |
| SHA512 | 33a9d46b53834a1d9ab886803137d398408b17ad1f0aeb25a05a6d9be26193d1de1ce40d08667b4c55eb3d87d8949a7f402b05c58a4b2bba7174479549bf19d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\3D3F1F296CF2EDE2000E6227853F7F1B2F793A08
| MD5 | c0f78cb58257a44c107fbad293eb155e |
| SHA1 | 16305c8a17d283e465e5aa5443fd9122afb82694 |
| SHA256 | a1a36832930b64baa6a2cd5ba15aaa3089d7bc8b78bde92df980cd62dee2459e |
| SHA512 | 35b9761ae7d8a36898d7fc03845da31d80d5de8dcafa30282bcc267a3f69ffb6ecf3d5892927038e7c776fb505f0cae3f0eeb6e895185bbd281aebfb5ab07aed |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\59957580E61DD1378D2D8C46F5294E6969D4C481
| MD5 | 48502779fd043188e1484ed14dc8543e |
| SHA1 | 84b038b218f421e8420a242416b6fc32299b7cca |
| SHA256 | 0892f75470db23fe5f5f8aba47b65310bab471f4acd637ea182ddd61c659d6b9 |
| SHA512 | 397e71ba3d39a5597eba2bec0c438773fe87852ecc18dcf41e382a7d4513cf19a5026f7791e6726ea5b4948f9c4e8410853a975fb533380fe9adde1e829709f0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\42090F11E10AEF67CBBA301A406EA7F25E72199B
| MD5 | b0469f82967753509e72e18a1653caa0 |
| SHA1 | 6a3dd7c638e43fcd1b7d775a5569e0b0e4c31c68 |
| SHA256 | 250738717a8b4552c2e95298bc2d5ba20260910423b610f5f8616939756bda36 |
| SHA512 | 1fcd3c384eff354ab130fe8976e7693848041024d702d21052990bc0dd81619066127712337f6b47e7ad408bceb7d7088b4fd9c62d99566cdb9941d61399eca2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\B897D37DECB60F4D69A69DE73F05F39960632B77
| MD5 | 560daaf65219ae3413aaefa33f129543 |
| SHA1 | 4a84708732db2f6d455bc229dce3b4b244257a00 |
| SHA256 | cabd5953420c27fffe427d035e92aaaaa9d217c8ce1058068efee8a645e38ff6 |
| SHA512 | 276194df1afbfb2a88c5049a89da92c8382a2d991342a61dec6eba20beaa1cb9d32b34b144d3ae65019fd4c1c380571c4fd4787a05339218a4be28afb26101b3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\5546
| MD5 | f674d03798a8bc2f840c069e109de9f5 |
| SHA1 | d51a4cb540778213247f1c2a84f97ba830ebdd07 |
| SHA256 | 3d2a60a9b6250d5389e8e80dba75139130a6521de86356410eb1e3188d2c23cf |
| SHA512 | 5339f0dd2e7e3c873420845e2f49aa2b3beaf307302d9adfa0a1fc9a4eb6e5c0227936fb38da9d914dce42c7c67bfb02bc9ea114e79dbd83079bd79e3219970b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 09add78b7790b8f78152adbb7ad2d8c1 |
| SHA1 | db060b406808ac05a8be6423237f1d1235efb62f |
| SHA256 | 56735113e3221754ba4eca908cf7a707b95e4cbbe62629a1206cc6e933ada69c |
| SHA512 | 17d037b48d401752d512e08e5629490fce0b4bd42da98b5efa642be0c132cd7725a51ea26ed011292fa747bcdfc586beeaa5e81bdf4bfb873448e0695ce57742 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\1D0B56C0D1378A8AE4E6D8F2B942D96BFECDE10F
| MD5 | 10a137f3c57ec3b73a3c3bdf6e985da9 |
| SHA1 | bc09d2f92af0d6d76d5e1602e201921abb417778 |
| SHA256 | c45068ef470b2ab70100fc500144614af0e4ee8df6f0a6653bee817bbe661f59 |
| SHA512 | 371c34c1f8df79f6e2d385d2bc69dc68d976313874d5814cfae99a997a5b8c55c3d1b60e2ef5f197449046cb438d6ac6a1c85cb8a88f2d040221484157b345d4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\17872
| MD5 | 704ce6db346f652c5dc8f54e2c3daf73 |
| SHA1 | 7e8dbdc2f5158e47efc7aa51d9113a4f18b4f691 |
| SHA256 | 8a98164503b7509ab261e0ead76d6d034f0b53b83c1819ed486a9fb70c1b1e72 |
| SHA512 | 60d2e4b93fd49cabc1cf8de42ed057912161ee8818e0ba6c010a0b648392a17b0cd279bcb7bc21851f99fb4fb6177f21edbd4157304f27f3cec8fafe513c3f7c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\F2961089FC520C0BEEB7076957617E2A6D0A2821
| MD5 | a13dd7f04c2c0086bd09d35a7c159cf4 |
| SHA1 | 4d85a78e37b3bf001d30afd892eb871b8d04c9b5 |
| SHA256 | 750339db1611bafc49080c9ef75e6cb2e36aa5bcb11e96a39850a6345da782f9 |
| SHA512 | 3224372a45b776b7a477bcf83cede9013dfb6946eae6bbe799bba4879d711e236bbd86842030810915a85b1f752ef07aed12b8fc67bd5909595b66a569acff04 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\97
| MD5 | 12a022983f7deab5cdeabdc35fab85cc |
| SHA1 | 6492e046a203e8df40b2541ab93d68332224e538 |
| SHA256 | 67bfe4e4d19e929aaf615a56f1788945191314db5255398cf53d376d0c4c9127 |
| SHA512 | c3fc9e44268885c16f36efa2d23f9b4d9169f2389ab0c9acc3723ba85da22ed7d2f9716354a700dc67e9ba38f02962c0f83d69145bbf4f9c50e08495caf5fd85 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\64101EC468CD330E379A5B8013C7D025226963F8
| MD5 | 8d4d990cb3b5de58fefc26dfeb3c2eca |
| SHA1 | 56f042091939cc542abf7f54c677cdc7dec0ac5a |
| SHA256 | 909f2365afd929b86369d785f56945b01d7ae9b981bbe4834e68bdb214d7c33c |
| SHA512 | 27af14ee8e9b9ff8cd6b89b009385d0be1cd8b9032511b9b94efb87dcce52378f0d4abe273114259cc0c3b81f7eb31d893539f327fa9941474c6caf6b3049bec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\5379CDE20416283DE4100B6E9A1435B674F7FB65
| MD5 | 089430f63032a13beed869bf205f5b48 |
| SHA1 | 77ed681657ee590b33913d14bcaeaa0b37838ef3 |
| SHA256 | e6f81889ffe72485de28f9b96830f58f4ab950a2da53bb039b0f28f7727f1df1 |
| SHA512 | 1900d0116ed1efaf51dcf4a2b4d1ab30db64b638c5e78cc16f6238e403c1036cd98e5ea9e50db904c6cd4fb31270dcae5ba7cc8836f06a35e9763d6029879054 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\F657C3A323FE459389995420C687A7062F262C1D
| MD5 | 42b35e85f3a3d06548e9073f3e6bcf0c |
| SHA1 | 8c6d3ed7b2e10e262a6d5fe14e83f4fe269b2a29 |
| SHA256 | 57fdf3bd6408d36742f07e60833c99c5617dc8fd89df51f35e043c5861d222e7 |
| SHA512 | 41a4b33270690ef7905df34dd0b6c402ac5cd676a0b928752160a01e7f66d11df2caa8190c981439f8dc13f1cb8e27c4316e709ea83f1a507f48f98d78149a47 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\30621
| MD5 | 475bc450e32ad5f7719d54471d71f670 |
| SHA1 | ec555ddbf7dc69853e0779bf3bf77906efcf1941 |
| SHA256 | 87dbfefe73a2163bc006c4cd08ffb9fb24ced354483069e9f33edb62c4c93820 |
| SHA512 | f5343942be79ee98692eded65b98e52177b678579679c6c50351d3b8b3de1f0219fcae7222cd0c75df7198dfbcda7dce909e9c10a32fecdf365780e56fbd01a3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\5BE1A021430B86174FDCBD623D7BD726CE2E27D3
| MD5 | df8642571e08d9663d8a57484fac965a |
| SHA1 | 551543039d34a44cf119aa7be8b111c176b3c8e7 |
| SHA256 | 44fff4b1de0fffaf0f135aaff88e97b82c65c8e31a0067cf2b443905799dbb05 |
| SHA512 | 848c556b4278312f287293292548498bd87a631d5ed1e8fc5da788cce17e37dbac3918f8cdc792a47b0f14746798149fdd3624aa556552b6c7355856058036df |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\11376
| MD5 | 41cad341768293466c34e744fd829342 |
| SHA1 | a1f757e2f9e2364847455d6268f7a4680b980efd |
| SHA256 | 4af12caf3f9450e22ad3464b36489d2db4bd73ae9d6b53b39b1f5750b8c1de61 |
| SHA512 | a88f8f249481ce34275ba00841af59ae292911b4f66eb967bf8aced2101d961f222b6e8e4b1a92d1df09a2b9ef34efa4c5e541463ff51f157513edee3218d491 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\10755
| MD5 | 38eec43b968e381a7f6220fbf887f87e |
| SHA1 | 9812b3975638ceafb5e21c2ecdc79a432e6ebc59 |
| SHA256 | e8cc4d759ac06cbd02ecd63309b5b6eaef693e84527da8a5c6ba42ce1e51962b |
| SHA512 | ed31cf8e9a971eace2c14965f4699eb510db98e31759c892894baeb766ae3384b5027af57927bb1eefc1cea2bf479561e7ffd3bb528a03450856f7f7636d78b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1ef65542c0d571571f2fc6914307744e |
| SHA1 | f797c25763de25ce328abb2a8399160a449ff343 |
| SHA256 | 7ae50566e0aa394abf4ba801c7acb446c346933b1de594e8959ef6565195fca8 |
| SHA512 | 946206265e6c664806f22b2ceba070fd0c292505b0385b0d0a8ca9b30e96ec05509829c4b0e054cf8a358f701195ede7b7dfd5d8c379394c73644c7fc635e751 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\9229
| MD5 | d5d5e4ad0fa1c81eda4c4083c10dff06 |
| SHA1 | f414ca4802fdd5647c85f95959943563921283c4 |
| SHA256 | 41d01495c8e31fe16663803b15304828c6f8c3f1809fb7e9b453082dac909e89 |
| SHA512 | a72bf1ce03266cf6f2e1b056a39446c49cdb55f06c006d931d3fd344f89acc68add6db30d97bda24fc16c3c4395c2bea2ce0dfd062013c735c3f07fb4d434dfc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite
| MD5 | 4ca6700cd6294bfba2e41f9824da6993 |
| SHA1 | 217994bd6811d4a811077c10f6c341d97b6ba6f7 |
| SHA256 | 7f7f1665ba64f4c2adeae764bdb8bcdc21839d008d5221141e3489a012da90b9 |
| SHA512 | 69cf4942035756765bc9560fb4f19ff771c656bb8761f9ed1abafd8b683f8c33f6e53673c07535a7b13c5e9f0444b929a76c91dc3f001135abc282753abe156a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\04B9F0FB7C466980A18B81686266C55B1664430A
| MD5 | 1b750176fbdbdff1664e81127441e136 |
| SHA1 | d1a47a17a2e3c0692fb1c261d6b60d873de85774 |
| SHA256 | 223035df2d5c479e5f6130b72c51b751aefb1e0008589a744006fce1044b5da2 |
| SHA512 | e5b080fb840d6748c6b92d6acdce0e58eb9814f4f51bf0d6f4af95fd6293d074d447e037f5e985ee8d909954c2655a92625bc083528b5fab9eb9941c2c390504 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8
| MD5 | 70fd63101eb0afa52312dd131becdf28 |
| SHA1 | e81950f9d4a0cd04ef589c6bb673c35b0a030d54 |
| SHA256 | 197bfb003e6392e328370f487b144a135d29498b9dd425538b9ea4c243df9c9d |
| SHA512 | a44cecafe6c8e4821ce8e0df01995994d31510c7be5a36f9293c5eac20b82b20a6a37c3666a38d2d566ea79aaf63cc79a798d1b327afca076221e9485e48687b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B
| MD5 | 326b7878736f0f30c9f694e92d6669cf |
| SHA1 | 194176696e23a6c85a404b472f975f2fdc025c16 |
| SHA256 | aa2a3ebf66a615042d8f28ba15763b6b9c880405ccf2856b41db9bdf8311c35b |
| SHA512 | 3093c9d367b09598e4c3f3acf800edd530d0040d86ee8e2f1949a9e43f065ed8ab5a4457c93b80e2f9fb9dbf8fbe4d41ddb28a156ff7369ecd5df5a551e854f1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\40E8C923BB1C8C27A9A2C56763154C34C2A5732F
| MD5 | 2aa150a09ea68fef115417775e5e8077 |
| SHA1 | 0d9d4520761fdd9a790228ccaf433c5806b7d8fc |
| SHA256 | 4a6b11028e954552b4232fe881324f8575035cb1e1d4c0f465370a73add67835 |
| SHA512 | a4c12f6adcf6d1f11155f17e448ff396c6599befa7e04ebff653aa4e0851be7cf45108607285320120a4d6efdd320864f5685121d79062736484abf074215b57 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 533511f970387a6c72d7933ab858a59a |
| SHA1 | edb5628533e6ef5602c6ae51728dc559e76502bf |
| SHA256 | 99966f212a27e61f93d56c9bf23f37d0828a5eca4d33859dbfabd8667a890e39 |
| SHA512 | 720b023095975c8a11ee37a209124df86cc95c9f37976e37e618d277f7795bdd88fee2762d965879539b35a20a8ad91b5f4a0e34f9a1d3036634a2c829ce17d3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\12812
| MD5 | cbde0edebe1e597ca3369bdf53a8a0ae |
| SHA1 | 7a8af1e8379fc72b123a7c84415501c12a84a643 |
| SHA256 | 9a7a60530a1767f103aa18bdc15749a154d122e7154e262433effabef833b115 |
| SHA512 | 2837dfba85b8943b1cf950a5343525ed16308462c2a34bf8e6084fdb4db4e9fac1c3a8935f216db1e2f9536b9d2a55d328f0e7d31437b5db0afbc862833b9da7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3fea86b986fd98334d6169b9e26bc1fd |
| SHA1 | 70a2fa48f94bf4424b2516355beae46d4218c422 |
| SHA256 | ead98a9ab340acf3a55aed34ceee54ae4927f223123a0e1b538bd62a04d47f90 |
| SHA512 | e23fea607c16240598637d996274fee0913e90b2cc60db95c4fc58d2a414ad8a4cedb53d7a807756eb8d1a569cc4ee2998837ff73a19ef71a5d968b3e139c63b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\13616
| MD5 | 7bfd400b3b523b4cd8a8fd197bf8f114 |
| SHA1 | de8eecc1d4ac4f42630101f4cb0e9c51a4be19d7 |
| SHA256 | db07d6edc2df815edf634a89de5c96454473a4106f1902ee7d75ef9b233eb5e4 |
| SHA512 | 86a217b12160076f626d3953541100799d24ce35451847eb6eec647ee7eacd045ad63d7ddd83539e64d6fa6a3b2e3f6042a4428106c63a3ee48ea3a50b016817 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\981ABC04E690674FD1913FFDE6DB2B609BBB07FD
| MD5 | 352e28dcda75f7f3f9e0068e8a07066c |
| SHA1 | b12762f522b22f20c3cd5523b1f7db3a27afd243 |
| SHA256 | 75a5e4c7c66b7999ea7ca48cc36644ea4fb8034b4642ebc0a3a9ec104a515cfe |
| SHA512 | c8319fc2fb0bd733eb3fe628e851894b71493b78481b647f1fb1422c37f8444f3f3119390805afaa020f27cff6bcf49e193d91d6df399fcf140cf4e0ed4337b4 |
C:\Users\Admin\Downloads\clippy.56fAkmfw.zip.part
| MD5 | de67e283d03a38f69d38018bbade93e6 |
| SHA1 | ce54cfd07c39101779278b77828441f56aab5875 |
| SHA256 | 3d0b9ac29230238856f7680192caabea6b42da41e767aa7e8a1923afbda45daa |
| SHA512 | b6ac40c4aa184d22e75650fb7a91489d1b5e0a8a02ba48fe26894f358f1e1138d96adb7fdc6d8f5c6a0b34bd1e6b24f1f2eeaebd08531c6f78ea1d73cd867693 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\downloads.json.tmp
| MD5 | 3ec37d05119a8c5568eec74c374aa3a1 |
| SHA1 | 9b275f6e65182b3db404690c72ff3238d84a3866 |
| SHA256 | 73583c604b0891778cc8b446a75f3c5d724fcc1638149aea950549454bbafa2a |
| SHA512 | a7ccbd1bcd57f30159c609aaf19dfb93b0120a2c0e21bcc2676f01fbe65fcb6dd721a09eedf0738a4a14bd57f7b50812cf6ce62a35d86266c9ef40ef83b0a0e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 76cca890dc823ca60126697d02ae7f0a |
| SHA1 | 925c5be003f0b1f8d571f65202fc66e61be16a9f |
| SHA256 | f7ec756b92cdd10bbd6220bf46031a08957d0623f5942667644617b4f45b165a |
| SHA512 | 7c946e0618f60e19b2e41d57685119cb2021daa2878c90f0eee9df1c5088f0a8a36eb1a1a0fbca4cef151b0e37adbd9b3400b40b507e4f3ce6aa77695a8c34b5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-10 19:38
Reported
2024-10-10 19:39
Platform
win10v2004-20241007-en
Max time kernel
12s
Max time network
10s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2edb0920-5a1a-4c44-b256-ce016238079a} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9064a3b-152f-46e0-8c06-f9910fc9f884} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3068 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcde7bc6-0200-4914-897d-4c03149ac808} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -childID 2 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e7730d9-150b-4f93-ac02-dd91dfdd7990} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4668 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2c19cca-b297-45e8-bf73-aeb3e219e9e4} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5276 -prefMapHandle 5032 -prefsLen 27093 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bfa4b69-9d58-4376-be3c-d9af76335e4a} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 4 -isForBrowser -prefsHandle 5772 -prefMapHandle 5744 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c0ddde-d97f-4cb3-b5b1-7389e07a9f79} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 5 -isForBrowser -prefsHandle 5972 -prefMapHandle 5968 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68f85973-1a71-42fb-bbb8-a15b74a87fbc} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6100 -childID 6 -isForBrowser -prefsHandle 6108 -prefMapHandle 6112 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adc78030-d3c4-42be-b3c6-a6b0336a3f95} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:52419 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | maps.google.de | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | maps.l.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | maps.l.google.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 23.148.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:52426 | tcp | |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | a33d2de0f4978eb4d4f9e30fc067ae41 |
| SHA1 | f76eb9bd2a88bb34097f66e0357f49b924d5d894 |
| SHA256 | 7cbd31b9bb6cb57cc31566ec8115d8b433212da82161e24039cb4a238b054502 |
| SHA512 | 9b80806153160e99184715f60718c3135c39f6819b481520a6d1d52431c7d784365efd9d830f2029e405a0996659adf15e19a09e02719dc81eafdf06b52bf437 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\c667271e-bcc8-4371-b741-79eff7e26345
| MD5 | 114c0b0424cc8b6f0b719cfdc9888d1b |
| SHA1 | afb3f94e653422cdafb67f4ed37914c724e87484 |
| SHA256 | f47fd2c07d1b75fc1e7b308a210aee12e2b6a065a991cbcf423e90da94f1b3af |
| SHA512 | 0197605dcf5c689be6ad29af0a0ed1bfe83e5d897937abbcd3e0d129665d77a5369bf20651394763943ba46ab9ab39343ef3688b4789c78086911a0c8871189e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\4f297481-d90e-49bb-9c10-cf190db4a9ba
| MD5 | e804a17216a926e9eca02c9b2edbbb0f |
| SHA1 | 64ad1696e87b5d09bb679e51cd1494b7fa981ef2 |
| SHA256 | d83e6a50e783a72539d2cc92c6257e47dec2a91c64a26bf4f6a8fa7b71273a8d |
| SHA512 | 46bb35d5f5c3966c3f6eb253530e649e3359152d39b4561e6854f2d3d8551c51b2a728319d22a9cff6adbfd602bea17c0acfd27754856b6ea693a9808f13354e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\afeee2eb-48ec-4a57-a36e-b367793f09c9
| MD5 | baeb008372db4f4fb7e70b7a0c1c2658 |
| SHA1 | ce5636f9916448a4f769046ae5c30d7ffb9a68dc |
| SHA256 | 10c3e2a5d293d8558aa7bcb3454078bdb4dc8574f9c5663e06df5fa3494cb290 |
| SHA512 | 850b75682c81c456bf0310a3234d54fecb7f278febaf76aaa8df4f356394a6e4f7df3f09cda88dcc952943ee709af0f41dddf2e470a429a0a764393683e3b12f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9972e44edb70decbfcb738f8f1937543 |
| SHA1 | 9776ae076aea9136a648ccf86dc1116477f5fdfa |
| SHA256 | c6c4468d0d572d2c8d86726ca8dac45e8b0c76947c19dc2c74a3bd85f5dc3ca8 |
| SHA512 | 6f124955b17057aa50dfb0a1d161f9d165ba87b3b7a916738e303ed63af70209451eb1233e99c1114741df305dd605ccbb9630448f04794f935855aac3851719 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c7d21499c8bf595a2184ea3a8f92b87d |
| SHA1 | 2af0c793c598c3f6bde7216babfb468bcb7ee21a |
| SHA256 | 60e3d680da87c828f7b02ec7f1ea3665d03346aa2c147c547a4626eee1b3776c |
| SHA512 | 58e312333040d303a498393f485fa535c00894a07bb25280f8a7f264504847db28619d7ce55e81d914cce818ce981097d37d1ddf390379384df3f2ad7cfd55e8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
| MD5 | 6c629b9f1c9c6236b709ebb18dcb2019 |
| SHA1 | bbea2a4daa4761e460202d696e0df70c3101ff72 |
| SHA256 | 35e932cfd47f2ea7da2389dc824c634056c88454f23e9c2d6744fc506577c057 |
| SHA512 | 381f8c84f91525b4a2cbfbf673aa706e81d40fdf6c57fbe61d3cc338b081eb0659caf84feb8e30bcfb913570f12e843d4b39334e53bbb85d4ce0c6d8206c4b30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js
| MD5 | 24217d6cf2c9a98118138bebaa44a8f6 |
| SHA1 | 69be412a8926cdaa9bb481357299b91eca3cf2f2 |
| SHA256 | 074f9a16a34ffdb8a1c8bd38fad94f0f283c8dcca4287f17d8a6c7c89513539c |
| SHA512 | bca8bb9b1097adc21c95b7c8a91fd6b8459deff5857f475f7c726d0168d2ce6a30cf3b7aa8a736a870adffa2a9dfe4ab665cdad4d16b399e66c17bd241152f93 |