Analysis Overview
SHA256
3e3a0c2cbb2fe6b325f14d2c0a353647dcda20c3bc46d0e8da959ed47b702261
Threat Level: Shows suspicious behavior
The file sample was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
NTFS ADS
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-10 19:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-10 19:41
Reported
2024-10-10 19:44
Platform
win7-20240903-en
Max time kernel
121s
Max time network
143s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.0.230965748\466633469" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1216 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67470465-5e35-4530-aeb7-afe40b5b3e16} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 1336 129d2c58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.1.885950401\610957373" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {013344e0-6cbb-4a3f-b10b-01dcfc6fc62e} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 1516 12903e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.2.1218215905\39513291" -childID 1 -isForBrowser -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6d81e58-90db-493a-a269-52b643dc8393} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 2148 1a89ea58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.3.2055125735\679138797" -childID 2 -isForBrowser -prefsHandle 2520 -prefMapHandle 2516 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d15aaf7-365b-4b86-bd82-fc95db8ec548} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 2532 e69d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.4.308721293\1165100627" -childID 3 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {860d9ae8-5b16-4090-8f2e-11dc5504fa34} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 3780 1f82f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.5.1662080077\181959552" -childID 4 -isForBrowser -prefsHandle 3888 -prefMapHandle 3892 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc70fdbb-d2a8-446e-944c-e75340c967e5} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 3876 1f9f0858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.6.151692524\822485959" -childID 5 -isForBrowser -prefsHandle 4072 -prefMapHandle 4076 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8fe1d9d-1b97-4f67-903f-91fcec189f7a} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 4056 1f9f2958 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49187 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | maps.google.de | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | maps.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | maps.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| N/A | 127.0.0.1:49195 | tcp | |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| IT | 92.123.48.179:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6nsd.gvt1.com | udp |
| GB | 74.125.105.41:443 | r4---sn-aigl6nsd.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigl6nsd.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigl6nsd.gvt1.com | udp |
| GB | 74.125.105.41:443 | r4.sn-aigl6nsd.gvt1.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c31f711898410ef3943ad46fa77be855 |
| SHA1 | 8a5888ec70f9c91f329a0d191700d7b5f06da499 |
| SHA256 | c730a2728f073d581e982d5099b3bd517e7e7a75d8b13ac126f976a56237cf4f |
| SHA512 | 73a5c546dae17201a42efea660970e02afdad611f0d452636a23a6c726cc98721e6013ea2d9901818fb02a53fccb879281ff508380cb8a01c2bec4872b3b0d1d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\a70fd246-b24e-4dd4-9d76-0ec8d05e71d2
| MD5 | 8c5be784d916174ccfdb291f5c77a772 |
| SHA1 | df7aaa7ac488b391894f1c92d3e4c96f1adbb802 |
| SHA256 | 5e0713259ed58e7705a821ccbc81f126cee8cf316aa4e20499f2a3badd611840 |
| SHA512 | b29be3ee31ad6a3c1e445c812f4ef70857fe5850fca8d189e19bcbe68a70b90bb2067da14daf09eb7ef9e6d56c57dac953ed7602d132803db17cd2b50f750e46 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\6866d5da-a337-483f-b8e7-054317472155
| MD5 | 06c282995a51cf6eee1c265a98a1c0df |
| SHA1 | 475bb9517fbd3be7ee7ab4505b958b5e3e11057c |
| SHA256 | 5c3ed921dd51f862a919c5598c89ee68bd46f3299ac5d562e57d79e272c0d750 |
| SHA512 | 6fe7f6f939c5691d4169e433ed6b193dd6b788ab61635c8ef662fc14b0539f1fe0eff5f3d57b16dccc24e92833158beded97afd390812f25041b4c40dacf844c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 56d76f6a27c5a62e02c189d138036ed6 |
| SHA1 | d688b90bdeffbc91d301cc92e1f349190bdad41b |
| SHA256 | 163e33083d6f6bf76a8f889b3c2ca10b046ab8d26f8168b6ae0e9acb8bc621c3 |
| SHA512 | 84165233876588f0909db9a5eec758c442a0b6c2130f8395b4e2d78e868b2101d4cfbfa34fe956910a6a3e75623c981c5a519f383f8997d53da7cebd84ab6bf3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs.js
| MD5 | 8cec03122a020a65c8d0c824fb3cbef6 |
| SHA1 | be517d70ab1efdfe4895e4784473770ec5e3082e |
| SHA256 | 106484831f37ea8522a3da6ea65acf46d33a5fc55c2408356608c7ede567e150 |
| SHA512 | 29506b65e65a28c7d146514eb12eff78076322e5c4097628ba58e68c4f93ddaf239173753fc69a1e2688c7af516ff56734bfe4acf53d13da81a2a25635690380 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7e4a2bfa063bdac11a36d81fa2bec47a |
| SHA1 | 3dc52643eccb6dee1ab404d845c059de80b5ea11 |
| SHA256 | c3eef28f4e8e910db517aff88fdb3b5f51aafab498f8528c5a90bce9feede9cd |
| SHA512 | 7f330b7541bcd666c38491a4ff125f0d9984a116addf2bb40817d64d13c1be5383bf760c318513b400154789a0a20b4e98698094e1f785032e44214ae6d94215 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js
| MD5 | adf03764870876426d59b885d6e82f6a |
| SHA1 | 9f64dfd5bbb67030daa65118542668f8e5e1c249 |
| SHA256 | fe8c50a046d78b3a0c6d9c108e3f0042134949b70cf45e006c81ba8366d85a42 |
| SHA512 | 402da5f225f29733e6936975af5fef6b9c19542dc97323971bead2647f9207f0075cecc31ca3a117eb1dfc20d7e4ff342799d989fba9e81fec23fad822924403 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ce5d1ba271e068e1f3604f3c95eebd3c |
| SHA1 | c9c5dfb93f0b4e8d9d2207a6f0314fc65e046592 |
| SHA256 | 4c838e0b1bce5349affb64f68b478a8d7c035551293866fa7a2d6c4fccf36a9e |
| SHA512 | 5b17ec6e70791ccbc70cc80ea4e073cf05e659ff3cd3d387b3c232c433bf360ffa4a9f70e6087580284c5859159c56504c846a8b4445b3c5411a0e2879324235 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js
| MD5 | ff32565bfca95da9789fe8e4d8982900 |
| SHA1 | 497790f6bc2664aa02e8ce4f2f84ce7f1c8e8fcc |
| SHA256 | 8b2e7a8fc9fefd0c67dbd3b131bea4bafbb2c9082a74002936f5c6771fd807dc |
| SHA512 | 5f0319c4d318e5d0f3bb34dde70ff85161f758822d3cf1f8bee0983ff1d9b4c6dd53236ba48ad674fae222d507d35208624334162afd936b1616c07811dfefed |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-10 19:41
Reported
2024-10-10 19:44
Platform
win10v2004-20241007-en
Max time kernel
144s
Max time network
156s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Bon(1).zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a0998eb-c002-4070-a153-28cc7e16a013} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22b1f2be-c0d5-4547-8834-0df58653518b} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2824 -childID 1 -isForBrowser -prefsHandle 2820 -prefMapHandle 2652 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1b54f54-e7bb-4e1d-bc96-fc83ee3f44e2} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3324 -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 2728 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5ad6a67-741a-4241-84f0-98530ec51bae} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4704 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4676 -prefMapHandle 4684 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92cdc8b2-2ef4-4589-b932-8168984387d4} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 3 -isForBrowser -prefsHandle 5560 -prefMapHandle 5556 -prefsLen 27093 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f218c477-10ec-4b69-84c0-0c5e7172baec} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 4 -isForBrowser -prefsHandle 5804 -prefMapHandle 5788 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {065069b7-28bd-471e-9e65-375c45cf1ba9} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 5 -isForBrowser -prefsHandle 6020 -prefMapHandle 6016 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41ca56d0-88f5-4d80-9456-2e60dc818be3} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6116 -childID 6 -isForBrowser -prefsHandle 6128 -prefMapHandle 6132 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {337a5ad8-e020-42c0-b988-675a7fb4ea17} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6524 -childID 7 -isForBrowser -prefsHandle 6516 -prefMapHandle 6512 -prefsLen 27253 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7f56324-6423-435a-9c32-cdd6273b132d} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 8 -isForBrowser -prefsHandle 3080 -prefMapHandle 6864 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67314e20-0a31-4f2e-b22d-19702b9cf7e7} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4584 -childID 9 -isForBrowser -prefsHandle 4456 -prefMapHandle 4588 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ada5aaa-bc80-4e09-bbd9-9bb079a510a6} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6684 -childID 10 -isForBrowser -prefsHandle 7368 -prefMapHandle 7364 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc771383-affb-4cec-ab1e-c577753ef38a} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 11 -isForBrowser -prefsHandle 6088 -prefMapHandle 6100 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02637284-ee44-4696-ab90-68b64e377db4} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3148 -parentBuildID 20240401114208 -prefsHandle 5584 -prefMapHandle 2808 -prefsLen 30614 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1302adf-108f-4bad-9639-ed01c1c067c9} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6056 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7800 -prefMapHandle 3188 -prefsLen 30614 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddf4bfa6-8d7b-4aa3-bf84-818f95f4ed53} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7756 -childID 12 -isForBrowser -prefsHandle 7784 -prefMapHandle 7780 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5d59261-1033-46e0-baee-34e804a1f2fa} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5888 -childID 13 -isForBrowser -prefsHandle 5792 -prefMapHandle 5896 -prefsLen 30614 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4893ad55-339d-4759-b102-8d32e5d954fd} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7940 -childID 14 -isForBrowser -prefsHandle 7952 -prefMapHandle 7948 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d4fc3f-9a7a-40e0-99d3-e323ca03d22b} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4852 -childID 15 -isForBrowser -prefsHandle 4888 -prefMapHandle 4664 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f61d58d-3080-434b-85a7-cab02dde9850} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 16 -isForBrowser -prefsHandle 6328 -prefMapHandle 6012 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35a8aaa8-46c6-4fd6-95f6-f57f10d31710} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8452 -childID 17 -isForBrowser -prefsHandle 8444 -prefMapHandle 8440 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35103efc-b76f-452a-a01c-502d08fab514} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8568 -childID 18 -isForBrowser -prefsHandle 8676 -prefMapHandle 8680 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b94d1b7-631a-4796-8648-21f2c3574d7b} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8756 -childID 19 -isForBrowser -prefsHandle 8712 -prefMapHandle 8708 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56ec9c04-1b3e-4542-bbb9-c4cf738993dd} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9020 -childID 20 -isForBrowser -prefsHandle 8940 -prefMapHandle 8948 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {842348cc-d1c2-434d-b836-da8564829686} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8972 -childID 21 -isForBrowser -prefsHandle 8960 -prefMapHandle 8976 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cc62a39-90b8-45cf-aead-10f1798bb27f} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9320 -childID 22 -isForBrowser -prefsHandle 9172 -prefMapHandle 9232 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4da988c6-dab7-4169-b52f-1ff60f6d6930} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3528 -childID 23 -isForBrowser -prefsHandle 7980 -prefMapHandle 3108 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33ff800b-b3da-4c04-8def-535c87030200} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7968 -childID 24 -isForBrowser -prefsHandle 9508 -prefMapHandle 4656 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25547ded-cf6a-4a88-a44e-f2a7f0c05cbb} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8540 -childID 25 -isForBrowser -prefsHandle 8504 -prefMapHandle 8500 -prefsLen 28080 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a02a2107-9800-40b9-aee6-4b2591567391} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:51687 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | maps.google.de | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | maps.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | news.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | maps.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.de | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 42.63.224.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.97.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| N/A | 127.0.0.1:51695 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| IT | 92.122.225.225:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4---sn-aigl6ner.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.225.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.201.113:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.201.113:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.201.58.216.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | youtube-ui.l.google.com | tcp |
| GB | 142.250.187.238:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | udp |
| US | 8.8.8.8:53 | d36ee2fcip1434.cloudfront.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 82.4.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.200.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | www3.l.google.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.178.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.201.113:443 | csp.withgoogle.com | udp |
| GB | 142.250.178.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | tcp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.38:443 | static.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yahho.com | udp |
| US | 76.223.84.192:80 | yahho.com | tcp |
| US | 76.223.84.192:80 | yahho.com | tcp |
| US | 8.8.8.8:53 | yahho.com | udp |
| US | 8.8.8.8:53 | yahho.com | udp |
| US | 8.8.8.8:53 | www.yahoo.com | udp |
| GB | 87.248.114.11:443 | www.yahoo.com | tcp |
| US | 8.8.8.8:53 | me-ycpi-cf-www.g06.yahoodns.net | udp |
| US | 8.8.8.8:53 | me-ycpi-cf-www.g06.yahoodns.net | udp |
| US | 8.8.8.8:53 | guce.yahoo.com | udp |
| IE | 52.208.147.119:443 | guce.yahoo.com | tcp |
| US | 8.8.8.8:53 | prod-rotation-v2.guce.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | prod-rotation-v2.guce.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | consent.yahoo.com | udp |
| US | 8.8.8.8:53 | 192.84.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.147.208.52.in-addr.arpa | udp |
| IE | 34.240.205.15:443 | consent.yahoo.com | tcp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | edge.gycpi.b.yahoodns.net | udp |
| US | 8.8.8.8:53 | edge.gycpi.b.yahoodns.net | udp |
| IE | 34.240.205.15:443 | consent.yahoo.com | tcp |
| US | 8.8.8.8:53 | 15.205.240.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| GB | 87.248.114.12:443 | edge.gycpi.b.yahoodns.net | tcp |
| US | 8.8.8.8:53 | uk.yahoo.com | udp |
| US | 8.8.8.8:53 | fp-ycpi.g03.yahoodns.net | udp |
| GB | 87.248.114.12:443 | uk.yahoo.com | tcp |
| US | 8.8.8.8:53 | fp-ycpi.g03.yahoodns.net | udp |
| US | 8.8.8.8:53 | geo.yahoo.com | udp |
| US | 8.8.8.8:53 | geo.query.yahoo.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 188.125.72.139:443 | geo.query.yahoo.com | tcp |
| US | 8.8.8.8:53 | geo-atsv2.media.g03.yahoodns.net | udp |
| US | 8.8.8.8:53 | udc-ats.media.g03.yahoodns.net | udp |
| IE | 188.125.72.139:443 | udc-ats.media.g03.yahoodns.net | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | ds-global3.l7.search.ystg1.b.yahoo.com | udp |
| US | 8.8.8.8:53 | udc-ats.media.g03.yahoodns.net | udp |
| US | 8.8.8.8:53 | geo-atsv2.media.g03.yahoodns.net | udp |
| US | 8.8.8.8:53 | consent.cmp.oath.com | udp |
| US | 8.8.8.8:53 | ds-global3.l7.search.ystg1.b.yahoo.com | udp |
| FR | 3.164.163.116:443 | consent.cmp.oath.com | tcp |
| US | 8.8.8.8:53 | consent-cmp-prod.dcs-core-dmp-prd.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | consent-cmp-prod.dcs-core-dmp-prd.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | edge-mcdn.secure.yahoo.com | udp |
| GB | 87.248.114.11:443 | edge-mcdn.secure.yahoo.com | tcp |
| US | 8.8.8.8:53 | noa.yahoo.com | udp |
| US | 8.8.8.8:53 | ganon.yahoo.com | udp |
| IE | 188.125.72.139:443 | ganon.yahoo.com | tcp |
| IE | 188.125.72.139:443 | ganon.yahoo.com | tcp |
| IE | 188.125.72.139:443 | ganon.yahoo.com | tcp |
| US | 8.8.8.8:53 | noa-atsv2.media.g03.yahoodns.net | udp |
| IE | 188.125.72.139:443 | noa-atsv2.media.g03.yahoodns.net | tcp |
| US | 8.8.8.8:53 | fam-geo-atsv2.prod.media.g03.yahoodns.net | udp |
| US | 8.8.8.8:53 | noa-atsv2.media.g03.yahoodns.net | udp |
| US | 8.8.8.8:53 | fam-geo-atsv2.prod.media.g03.yahoodns.net | udp |
| US | 8.8.8.8:53 | uk.news.yahoo.com | udp |
| GB | 87.248.114.11:443 | uk.news.yahoo.com | tcp |
| US | 8.8.8.8:53 | intl-ycpi-cf.news.g06.yahoodns.net | udp |
| US | 8.8.8.8:53 | intl-ycpi-cf.news.g06.yahoodns.net | udp |
| US | 8.8.8.8:53 | udc.yahoo.com | udp |
| IE | 188.125.72.139:443 | udc.yahoo.com | tcp |
| US | 8.8.8.8:53 | 139.72.125.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | opus.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tls13.taboola.map.fastly.net | udp |
| US | 152.199.23.180:443 | opus.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | cs964199420.wpc.mucdn.net | udp |
| US | 8.8.8.8:53 | tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cs964199420.wpc.mucdn.net | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | wnsrvbjmeprtfrnfx.ay.delivery | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 104.21.41.177:443 | wnsrvbjmeprtfrnfx.ay.delivery | tcp |
| US | 8.8.8.8:53 | wnsrvbjmeprtfrnfx.ay.delivery | udp |
| US | 8.8.8.8:53 | wnsrvbjmeprtfrnfx.ay.delivery | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 104.21.41.177:443 | wnsrvbjmeprtfrnfx.ay.delivery | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 151.101.65.44:443 | tls13.taboola.map.fastly.net | tcp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 180.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.41.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | intl-ycpi-cf.news.g06.yahoodns.net | udp |
| US | 8.8.8.8:53 | video-api.yql.yahoo.com | udp |
| US | 8.8.8.8:53 | bats.video.yahoo.com | udp |
| GB | 87.248.114.12:443 | bats.video.yahoo.com | tcp |
| GB | 87.248.114.12:443 | bats.video.yahoo.com | tcp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | pbs.yahoo.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | c2shb-oao.ssp.yahoo.com | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| GB | 87.248.114.11:443 | pbs.yahoo.com | tcp |
| GB | 87.248.114.11:443 | pbs.yahoo.com | tcp |
| US | 8.8.8.8:53 | edge-prebid-cdn.g03.yahoodns.net | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| IE | 52.208.121.83:443 | c2shb-oao.ssp.yahoo.com | tcp |
| IE | 52.208.121.83:443 | c2shb-oao.ssp.yahoo.com | tcp |
| IE | 52.208.121.83:443 | c2shb-oao.ssp.yahoo.com | tcp |
| IE | 52.208.121.83:443 | c2shb-oao.ssp.yahoo.com | tcp |
| IE | 52.208.121.83:443 | c2shb-oao.ssp.yahoo.com | tcp |
| US | 8.8.8.8:53 | edge-prebid-cdn.g03.yahoodns.net | udp |
| US | 8.8.8.8:53 | dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud | udp |
| IE | 52.208.121.83:443 | dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud | tcp |
| US | 8.8.8.8:53 | players.brightcove.net | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud | udp |
| FR | 23.54.140.171:443 | players.brightcove.net | tcp |
| FR | 23.54.140.171:443 | players.brightcove.net | tcp |
| FR | 23.54.140.171:443 | players.brightcove.net | tcp |
| FR | 23.54.140.171:443 | players.brightcove.net | tcp |
| FR | 23.54.140.171:443 | players.brightcove.net | tcp |
| FR | 23.54.140.171:443 | players.brightcove.net | tcp |
| US | 8.8.8.8:53 | e9573.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e9573.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| FR | 23.51.108.179:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | pm-widget.taboola.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | api.taboola.com | udp |
| US | 8.8.8.8:53 | am-trc-events.taboola.com | udp |
| US | 8.8.8.8:53 | am-vip001.taboola.com | udp |
| US | 8.8.8.8:53 | am-vip001.taboola.com | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.121.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.140.54.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.108.51.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images.taboola.com | udp |
| US | 8.8.8.8:53 | metrics.brightcove.com | udp |
| US | 35.244.232.184:443 | metrics.brightcove.com | tcp |
| US | 8.8.8.8:53 | metrics.brightcove.com | udp |
| US | 8.8.8.8:53 | metrics.brightcove.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 35.244.232.184:443 | metrics.brightcove.com | tcp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 35.244.232.184:443 | metrics.brightcove.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | beacon.taboola.com | udp |
| US | 151.101.193.44:443 | beacon.taboola.com | tcp |
| US | 151.101.193.44:443 | beacon.taboola.com | tcp |
| US | 8.8.8.8:53 | edge-auth.api.brightcove.com | udp |
| US | 151.101.130.27:443 | edge-auth.api.brightcove.com | tcp |
| US | 8.8.8.8:53 | dualstack.brightcove.map.fastly.net | udp |
| GB | 79.127.237.132:443 | compass.opinary.com | tcp |
| US | 8.8.8.8:53 | compass-opinary-com.b-cdn.net | udp |
| NL | 141.226.228.48:443 | am-vip001.taboola.com | tcp |
| FR | 13.249.9.46:443 | sb.scorecardresearch.com | tcp |
| IE | 34.255.72.0:443 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | tcp |
| US | 151.101.129.44:443 | beacon.taboola.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 151.101.1.44:443 | beacon.taboola.com | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| US | 151.101.65.44:443 | beacon.taboola.com | tcp |
| US | 151.101.193.44:443 | beacon.taboola.com | tcp |
| US | 151.101.193.44:443 | beacon.taboola.com | tcp |
| US | 151.101.193.44:443 | beacon.taboola.com | tcp |
| US | 8.8.8.8:53 | compass-opinary-com.b-cdn.net | udp |
| US | 8.8.8.8:53 | dualstack.brightcove.map.fastly.net | udp |
| US | 151.101.130.27:443 | dualstack.brightcove.map.fastly.net | tcp |
| NL | 141.226.228.48:443 | am-vip001.taboola.com | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | cds.taboola.com | udp |
| US | 141.226.224.32:443 | cds.taboola.com | tcp |
| US | 8.8.8.8:53 | us-cds.taboola.com | udp |
| US | 8.8.8.8:53 | 184.232.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.72.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us-cds.taboola.com | udp |
| US | 8.8.8.8:53 | tsdtocl.com | udp |
| US | 8.8.8.8:53 | manifest.prod.boltdns.net | udp |
| US | 8.8.8.8:53 | yahoo-match.dotomi.com | udp |
| US | 151.101.1.44:443 | tsdtocl.com | tcp |
| US | 8.8.8.8:53 | tsdtocl.com | udp |
| US | 8.8.8.8:53 | tb.pbs.yahoo.com | udp |
| US | 8.8.8.8:53 | widgets.opinary.com | udp |
| US | 151.101.2.27:443 | manifest.prod.boltdns.net | tcp |
| US | 151.101.2.27:443 | manifest.prod.boltdns.net | tcp |
| US | 8.8.8.8:53 | bfp.global.dual.dotomi.weighted.com.akadns.net | udp |
| US | 8.8.8.8:53 | d89bc6780c2f421acfeeaa7ad45f7193.safeframe.googlesyndication.com | udp |
| GB | 87.248.114.11:443 | tb.pbs.yahoo.com | tcp |
| US | 8.8.8.8:53 | tsdtocl.com | udp |
| GB | 79.127.237.132:443 | widgets.opinary.com | tcp |
| US | 8.8.8.8:53 | widgets2-opinary-com.b-cdn.net | udp |
| US | 8.8.8.8:53 | uk.search.yahoo.com | udp |
| US | 8.8.8.8:53 | bfp.global.dual.dotomi.weighted.com.akadns.net | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 142.250.180.1:443 | pagead-googlehosted.l.google.com | tcp |
| GB | 216.58.201.102:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | widgets2-opinary-com.b-cdn.net | udp |
| IE | 212.82.100.137:443 | uk.search.yahoo.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 79.127.237.132:443 | widgets2-opinary-com.b-cdn.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | pagead-googlehosted.l.google.com | udp |
| GB | 216.58.201.102:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | midgard.opinary.com | udp |
| US | 8.8.8.8:53 | midgard-opinary-com.b-cdn.net | udp |
| GB | 143.244.38.136:443 | midgard.opinary.com | tcp |
| US | 8.8.8.8:53 | midgard-opinary-com.b-cdn.net | udp |
| US | 8.8.8.8:53 | bcbolt446c5271-a.akamaihd.net | udp |
| GB | 2.19.117.140:443 | bcbolt446c5271-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | a162.dscg2.akamai.net | udp |
| GB | 143.244.38.136:443 | midgard.opinary.com | udp |
| US | 8.8.8.8:53 | a162.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | 32.224.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.30.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.117.19.2.in-addr.arpa | udp |
| NL | 63.215.202.172:443 | yahoo-match.dotomi.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 8.8.8.8:53 | ssp-sync.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | api.opinary.com | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | api.opinary.com | udp |
| US | 34.149.254.152:443 | api.opinary.com | tcp |
| US | 34.149.254.152:443 | api.opinary.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 8.8.8.8:53 | api.opinary.com | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 2.19.117.140:443 | a162.dscg2.akamai.net | tcp |
| GB | 2.19.117.140:443 | a162.dscg2.akamai.net | tcp |
| GB | 2.19.117.140:443 | a162.dscg2.akamai.net | tcp |
| GB | 2.19.117.140:443 | a162.dscg2.akamai.net | tcp |
| GB | 2.19.117.140:443 | a162.dscg2.akamai.net | tcp |
| GB | 2.19.117.140:443 | a162.dscg2.akamai.net | tcp |
| US | 8.8.8.8:53 | crb.kargo.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 34.149.254.152:443 | api.opinary.com | udp |
| DE | 18.196.164.227:443 | crb.kargo.com | tcp |
| US | 8.8.8.8:53 | crb.kargo.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | crb.kargo.com | udp |
| US | 8.8.8.8:53 | 172.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.254.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.opinary.com | udp |
| US | 8.8.8.8:53 | cdn-opinary-com.b-cdn.net | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | cdn-opinary-com.b-cdn.net | udp |
| US | 8.8.8.8:53 | iad-2-sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | 227.164.196.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iad-2-sync.go.sonobi.com | udp |
| US | 34.149.254.152:443 | api.opinary.com | udp |
| GB | 79.127.237.132:443 | cdn-opinary-com.b-cdn.net | tcp |
| GB | 79.127.237.132:443 | cdn-opinary-com.b-cdn.net | tcp |
| GB | 79.127.237.132:443 | cdn-opinary-com.b-cdn.net | tcp |
| GB | 79.127.237.132:443 | cdn-opinary-com.b-cdn.net | tcp |
| US | 69.166.1.34:443 | iad-2-sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | vidanalytics.taboola.com | udp |
| US | 8.8.8.8:53 | tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | pn.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | ds-pn-final.ybp.gysm.yahoodns.net | udp |
| US | 8.8.8.8:53 | ds-pn-final.ybp.gysm.yahoodns.net | udp |
| US | 151.101.65.44:443 | vidanalytics.taboola.com | tcp |
| US | 8.8.8.8:53 | ask.com | udp |
| GB | 151.101.190.114:80 | ask.com | tcp |
| GB | 151.101.190.114:80 | ask.com | tcp |
| US | 8.8.8.8:53 | ask.com | udp |
| US | 8.8.8.8:53 | ask.com | udp |
| US | 8.8.8.8:53 | www.ask.com | udp |
| US | 151.101.130.114:443 | www.ask.com | tcp |
| US | 8.8.8.8:53 | askmedia.map.fastly.net | udp |
| US | 8.8.8.8:53 | askmedia.map.fastly.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | ak.staticimgfarm.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| FR | 2.17.39.90:443 | ak.staticimgfarm.com | tcp |
| US | 8.8.8.8:53 | e205694.g.akamaiedge.net | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | e205694.g.akamaiedge.net | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 114.190.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.86.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.39.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | 8.180.250.142.in-addr.arpa | udp |
| US | 104.20.95.138:443 | www.statcounter.com | tcp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | cdn.aimtell.com | udp |
| US | 8.8.8.8:53 | s3.amazonaws.com | udp |
| US | 104.18.4.165:443 | cdn.aimtell.com | tcp |
| US | 8.8.8.8:53 | cdn.aimtell.com.cdn.cloudflare.net | udp |
| US | 16.182.106.104:443 | s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | s3.amazonaws.com | udp |
| US | 104.20.95.138:443 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | cdn.aimtell.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.95.138:443 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | signals.aimtell.com | udp |
| US | 8.8.8.8:53 | cdn.aimtell.io | udp |
| US | 104.18.5.165:443 | signals.aimtell.com | tcp |
| US | 8.8.8.8:53 | signals.aimtell.com.cdn.cloudflare.net | udp |
| US | 104.22.71.231:443 | cdn.aimtell.io | tcp |
| US | 8.8.8.8:53 | cdn.aimtell.io | udp |
| US | 8.8.8.8:53 | signals.aimtell.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | cdn.aimtell.io | udp |
| US | 8.8.8.8:53 | 138.95.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.106.182.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.71.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.aimtell.com | udp |
| US | 104.18.4.165:443 | analytics.aimtell.com | tcp |
| US | 8.8.8.8:53 | analytics.aimtell.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | analytics.aimtell.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | parallax.askmediagroup.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 151.101.130.114:443 | parallax.askmediagroup.com | tcp |
| US | 151.101.130.114:443 | parallax.askmediagroup.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | lss.ask.com | udp |
| US | 35.175.99.80:443 | lss.ask.com | tcp |
| US | 8.8.8.8:53 | 9e32beea-lss-lssserviceing-4156-1460167234.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | 9e32beea-lss-lssserviceing-4156-1460167234.us-east-1.elb.amazonaws.com | udp |
| US | 35.175.99.80:443 | 9e32beea-lss-lssserviceing-4156-1460167234.us-east-1.elb.amazonaws.com | tcp |
| US | 35.175.99.80:443 | 9e32beea-lss-lssserviceing-4156-1460167234.us-east-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 80.99.175.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1kbztgrksg.execute-api.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | beacon.aimtell.com | udp |
| US | 8.8.8.8:53 | beacon.aimtell.com.cdn.cloudflare.net | udp |
| US | 104.18.4.165:443 | beacon.aimtell.com.cdn.cloudflare.net | tcp |
| US | 3.219.226.21:443 | 1kbztgrksg.execute-api.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 1kbztgrksg.execute-api.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | 1kbztgrksg.execute-api.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | beacon.aimtell.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 21.226.219.3.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 5b2ea43749900ebd73ac5ed6dd95188a |
| SHA1 | 14adbdcde87736447fc9d8cef7811bf8cacb5415 |
| SHA256 | 147972b2565c084839cf30970b77024a882db1d67401980c8f87c54bc9ecc023 |
| SHA512 | 906a9910f719a4bd2d7b010862efba0c14bc415cc6900bd7b3fa60bd3847e2342f3e7fe12f1fde6c7d3d8ee6d5dd99397b9dcb18b6979e1159e61cd72402bcd2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fac167ba4e969ad5e146720a3bd7dd91 |
| SHA1 | 69be96fc786267fecc2dabca7af940e976832137 |
| SHA256 | 3a09e81e58b280622e242d358136943a98afba19b694594cf3e4613b82b35ddf |
| SHA512 | 4778fa24adfc25449f6952ea25b52bcbb7a9c85d70d82305d068eee4f18311dd7e67fec08904d38ea9da8fb28ca9bef715b239953cd94143f68603263bdfb7d1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\05f12669-8588-4f1f-baa5-9852d5b30ef9
| MD5 | ec0454d7b9233b6014c358b8247f9519 |
| SHA1 | fc8d5085cb64220c741800c7c9861e56caf2c7f7 |
| SHA256 | 871e336cf39627eb832174d9cc0677304227090696425c810cb7d5f9ae88db5c |
| SHA512 | 3b50bd5bae7a543befb8fc8f97a56cc1f937fbd90036bfb092b24f736e798cf5fb85e4aa91d71483af1dfe4dd1af179f0fc73a08f5fdb2edd1b33a426fd3ba71 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\c99cc180-d5b0-492e-90f5-121fec10344e
| MD5 | 647d600ace9681be2253ceb20fa0deea |
| SHA1 | b788f10adbb664f96dc99c18629a19c90bb4908a |
| SHA256 | 280e64eb962bc41512fe112be9442edeea888b72829c0e1a2d231714ab081b41 |
| SHA512 | da6a2e3dc6412c502c3992fbf2c62095f3a27d286ec5bdad827fdbc6e1e821a05a947f0e1f5efad8928bf6b585a4bbf537505821406c2e77b3e869b44b3671bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\9cf452a3-3597-446f-9a3e-28aedba7d01c
| MD5 | cd083b8f53516b980809785e1265abc1 |
| SHA1 | a01c2aa114fef16585d366b485b29b58e4fc65ad |
| SHA256 | cc2b3c5c2e63c71e422fb184d9ae6b18f4434211b31b9f6954d5331e0d3c3bf3 |
| SHA512 | 851fdc701ab185be3b194459abb7628317c237a318a0d2a7b5a881313f71c5211cb7497a20f408d9adaede137018473e7a3f21e9aedf069b6304e66d9404b0a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js
| MD5 | f9408778850ac461babc9a0baefa7c54 |
| SHA1 | 4450d75c7093702ed86fa1d2fae62dd639c5d3ef |
| SHA256 | 3410e412649df7db022f314c571df823ca591fd19a24b0ce5a28a2018f86bbe9 |
| SHA512 | 810ac1c7a67108f8ecff25d8133b7388f0adb06f97ff45d5ccb1dc4766389c6b09cd078a400b7c9a1192e19862662f756f1da778cf31453d33bff646e3938422 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
| MD5 | 344eea8d341db0198d721d085af894b8 |
| SHA1 | 785d045bd562a67b13d9d60f4507a7eedfb7d0f5 |
| SHA256 | 4f324203be2aebd7429d15b01076e0ea96b6138705e596c4c52aef0432d39dbd |
| SHA512 | 9aa9943763002b0cdeabb66ee62395cc4f3eb541e06d8dc47f4b86dad99b37838c2513df985e60a89d6133942d99309f6a8aeafd6e3385534ba0c2cca073c681 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin
| MD5 | b30c909d4d672a330831c430e818d07e |
| SHA1 | f63867d17bd196076df7c5c3ae29b8f9a4325365 |
| SHA256 | 56535bd413014e7fb0a05a68ec748e90d2473dabb8937a7bdbc7e59ef15881c3 |
| SHA512 | d48ba0f09c2cba82ab193383b5775bb32ccd9076898086710ec66d13fcf71f355fc0bd1eaace275b1f2cb0245f651c3e3aef6095d0cf15c93dcbc13b7e9507ac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8d6dac6ce6b772ddfbab1a4e4595b513 |
| SHA1 | d46cbbcf810177bd24d60d6dc5e20897e110879c |
| SHA256 | b109c73d10c1d8c25964aa44c95b31ab954dd1dd79eb6182b94e4a1192bc4935 |
| SHA512 | 9bb0c59da8638bb9270f073a6ace50fc6ad9df272de237c2e9b0b54b3ecd23953839c596e7844999186d2d4372b89d39f9f4d92b86739d0ad99abdb4d8fa66d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7ba3898ab06fd139be6f1f1d7a0efe10 |
| SHA1 | 9b73f280ebf2937a849b60c9be513b184605a519 |
| SHA256 | 4f6122760b630e9727904fa3590790a6d69e3cac110366ed36e34f2ebd2c028a |
| SHA512 | 22720c0ae72becff944cca23a674702a9dd62a5dc93595972c16506407cf16bcf88cd328d930511b42cc53f5ba9d4c127136e0a7772f48b8428b7717d82ce62d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin
| MD5 | df6e7145e5c2b0c6cd633f4203ca84a7 |
| SHA1 | fae1b6972081c3e39d7e7a63f02041bae3a5758d |
| SHA256 | b1cad56c6b0ecc4761d45fa0676c3f18c87eae8ce4600187c13e477bff882a77 |
| SHA512 | 5027d3c462b87a2758ee0813e90d5815426bb950432eb03c8a6f3706ae5fcb276c7718fbbbdb1265d0448ac302da03778f7d696d3315f6d3738d6639dd4547c2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js
| MD5 | 994e41e875ee83458e460ad328b45e02 |
| SHA1 | 1b5ef980e6a2fe4d8d33bac2a2ff47dcfc21ef83 |
| SHA256 | 9b1c467554d455df5f646da9efa1258fd74c7fb48410c09ea8fb0ee13dc35080 |
| SHA512 | 1022b53fe519799b9d4b6e048ca3ed9da8cc5c5925482e6362e3046619fe24b06f8b61bdc23286590de4900d695b936f973655c6a4a5c86105a181d018c539a6 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0c7e3052d5cc09bde29f59659953660b |
| SHA1 | e8e1931311d14434e3bc8a4610914b87dfd59d15 |
| SHA256 | b57fd53635bf83bfb00dc6b73448434379a37a0009ede33f0d2271302fd5770b |
| SHA512 | 1d0d32918ecac7467771113d75eee3e9482d6176c7882ee56808adbf2e079470aa37cd3a5c69eae515b82dc88988cd5bc8969a54aaadd4b8aa627cf1b097ae62 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 180265207e51e4ac2099db9f1207b28d |
| SHA1 | 1acaed9cf84c5071c4b9b7a3e56b6dc52b843fba |
| SHA256 | f6d86020fde1f061dc343250f4180de488e683aa887adb6992177474b5abefba |
| SHA512 | de5d367f1ca308b67b99867b067c3cd6b02f06c547a926a0371bf468cc89cd0e042d4dd43ae328a14da898b1cb80cc2d5631a56ad8164b7e1f9ac20eda4689fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0008e960d427ea5cb1af0d9dd51b2c23 |
| SHA1 | b2cd4dc2e6c4a15f219755347c40732f5e754ca5 |
| SHA256 | e563c22771bc16affd27826d6b0a37720ec7a57abdc68cbfa549d7b04638463f |
| SHA512 | 1666b5d64fdb6815d93ff53275215da74a73aa18057ebb583f7ff0403733653a9f13454aaf2c81744f4b7847232a136fef95ea28bdf1415111113e1e772b7f63 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | b2b1f8fd44a171cdd990ab13c21e32eb |
| SHA1 | 4bc6c5ac254d6c489097c5d92fe84a6cf27414ed |
| SHA256 | ca4402eb6e4c80b5fea11e85d9858c14c8c2365e82dab5da7b2c8b0710e0d183 |
| SHA512 | cea1844b900157d1c64df15b0cf415d9e150f5ed85f29b9422c0d8e9ea39f2b0f9d624f28e4860b1b445eb4f290e1e34ad6bc733b25b733b07de5f8a5b34fac0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ebac9b561544b935b25189b53853015e |
| SHA1 | df9ed8b2f905633f0e63c6348986582f0255954b |
| SHA256 | 97151002c97ae2432b17ac67e2c67d66d5f6683ce7aa33940829b5a768bfcfe4 |
| SHA512 | 694416c46748075086e0c45af8c2b07c8a9cc6ff074a92a429a10ddf04e9931b3c3a9962500dd15f7645e548ccfa272ab9deec7b04c82a5d1214e6a5f7a6cf65 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\SiteSecurityServiceState.bin
| MD5 | 35a4d62f6149a0b8dbb5e09172ebedf3 |
| SHA1 | 2a3bb8fd2a380182bfbd820d7f81fd0d22bd8e86 |
| SHA256 | 44806b9590995f9d21d2d63220875fd2e8ba4e088caf72cc6203bee2a500d216 |
| SHA512 | ccd13ae93ea6a36953cb3d1037b99c59f64270d4eaf8210509710dd70e7e9e5b9e0233f4b7d0cdfdf1a0d879309cedfc140203d648283040af168bc2dee4f09a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\E341BFF0045E3E4548552FF65C55A11E31024F9D
| MD5 | 1e2310944bc6544aef27db17dbe6ee54 |
| SHA1 | 2d0c75960682541502b4ea9bd580752bfe2fe84c |
| SHA256 | 4146c516b874d3ba07f48a58af0dd55fcc112083e5bdf1890981abfc74d42e8f |
| SHA512 | b9b5c8f5220278e8cd10c4d1349d28b8d5ba92137fe88b2463d594584d6a8a05feae652ba4da1523f55a46752d4482e8e924cfca35047a5a3a10088d4523d02d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\default\https+++uk.news.yahoo.com\idb\2699850710arretvircelse-.sqlite
| MD5 | b90acc36e864d5996f773147c3f118ee |
| SHA1 | f55a14ba2f743e65eed43664dcec8159ccf33fbc |
| SHA256 | 3bef08a35df23bf68b137da7db588cbfbde71c35a6dc73be5b29f983cd11630d |
| SHA512 | 176094cd1c7bb02debc9622624faff7b1380650bdf1621f1712d985bb63aabaf71bbf2fc703950295e751f20beb140dd036eabe6cd5973de509705de3603bfee |
C:\Users\Admin\Downloads\Bon.IbAJ3fGQ.zip.part
| MD5 | 65259c11e1ff8d040f9ec58524a47f02 |
| SHA1 | 2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd |
| SHA256 | 755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42 |
| SHA512 | 37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\020F18A642442B8CF55FC8BD000D018C2ED7B610
| MD5 | 81b4c0632ee4c183239e4efe959f0875 |
| SHA1 | 67dcdc5d994afc3601fc658b01ed1541169c95f9 |
| SHA256 | 2085b8806a89651b7dcc2e6856f7077cd454e81732f704ad09831ddc6f4287a1 |
| SHA512 | 044b9099b3d831c58bb58e49ba49211e3d1d483ac9049e9c182c953a59148c6e7a70f392fd410cc5922c2dbaaa8b87d11973fc95e5a1b28a85f9e000778d1825 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 241cfc2f97bd3d40e9ca6806a9958873 |
| SHA1 | a50b370cf3b147bcf78015ba8f81ebd92a5451e4 |
| SHA256 | 486d414c9e6c15ca00e1a84f7f84cf63c9730714e85bba2fbd61c630f2da873f |
| SHA512 | 6155e50c7c8d1026ca212b4e5ac3c13cc9b511a9613dbb21380f8e3b24fce0e1469c27da38b25613f2a26603ee2bc56c5c5462e417de1921e68117c820d05fbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\default\https+++www.ask.com\cache\morgue\146\{6aa27784-e54c-4d90-82b5-cb0d37bc2992}.final
| MD5 | f629befe58358986157e2e6b485d7be9 |
| SHA1 | bf75fdd0f2d8e883955dc017ccd5b7c4607791cd |
| SHA256 | 65af7332ca41bca7116593799170965999490c6ffa086d0e6cbc36f508d27fc2 |
| SHA512 | 059a91dab00b1fafb880a84f6391097f07c423970f0f70fa80ac408c06b8325f69f3d297e60ed90e6876e40f7161bc5a8a1b759abf9e56dc294b29f78ef6017f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bdca98d29ff9aa79f4fa9100d04606d8 |
| SHA1 | a08e6c85e98581b737cd7534500770eaa5d3088e |
| SHA256 | 90d76abdc469e2324ce9695bceaa4e31eed590b80f438083d3b9f9b25c867182 |
| SHA512 | c298c976b4396f8600e3f34c4c25b06833fb5df9b1a57719573ad771d9f873e6c645e930b598e22d3d827ddf337b869c8d188e486931b95d7e19b62ebd44ca15 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2d344c24bc10ac8f59ee1a7610eff934 |
| SHA1 | 5d05a2e45eaaeb6063d54f75ca081898110217ba |
| SHA256 | 5185ac41a86e7948040b8c91f4f8eb4704bca6d0cfb4ebb5c144066352783ceb |
| SHA512 | 9821246e67d90df44b7db89746b315085600fc7a18f510e3d88bdefc8459127759edd3098416b40459d35be614111e3509ebfc953099158301329dbdf509a673 |