Analysis Overview
Threat Level: Shows suspicious behavior
The file https://donorbox.org/onestream8 was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand PAYPAL.
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-16 01:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-16 01:07
Reported
2024-11-16 01:11
Platform
win10ltsc2021-20241023-en
Max time kernel
125s
Max time network
119s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://donorbox.org/onestream8"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://donorbox.org/onestream8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fc5552e-b433-4bd4-9e00-8ade30fe0711} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a0f14da-218b-404a-a8f3-a575b09a4f53} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3152 -childID 1 -isForBrowser -prefsHandle 1444 -prefMapHandle 3360 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8272841-b579-457d-96df-700aec3acf51} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3812 -childID 2 -isForBrowser -prefsHandle 3804 -prefMapHandle 3796 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a55a466-e00a-46df-a280-cda94824fdc5} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4644 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc205b41-4d57-4c89-b7b5-68b44030686c} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5288 -prefMapHandle 5324 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f86c88b2-1953-47bc-8e56-86c5bbaa3a4c} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 4 -isForBrowser -prefsHandle 5344 -prefMapHandle 5340 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6129fc13-93f1-4713-a5fe-6ebe040f458f} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 5 -isForBrowser -prefsHandle 5476 -prefMapHandle 5332 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67d21aed-08db-42ca-a54b-0c5c4204f0b5} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6000 -childID 6 -isForBrowser -prefsHandle 3508 -prefMapHandle 6008 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2555e1a7-1e1c-4a93-969f-40e02c57b7f3} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6184 -childID 7 -isForBrowser -prefsHandle 6116 -prefMapHandle 3508 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32ffdf20-058f-4add-bbc1-443ef0359163} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3472 -childID 8 -isForBrowser -prefsHandle 2572 -prefMapHandle 5088 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63bef66c-6131-4eaa-abca-e95b9f202566} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:49740 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | donorbox.org | udp |
| US | 104.22.50.249:443 | donorbox.org | tcp |
| US | 104.22.50.249:443 | donorbox.org | tcp |
| US | 8.8.8.8:53 | donorbox.org | udp |
| US | 8.8.8.8:53 | donorbox.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 249.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 149.234.200.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | stripecdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | stripecdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | code.getmdl.io | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| GB | 172.217.169.51:443 | code.getmdl.io | tcp |
| US | 8.8.8.8:53 | ghs.google.com | udp |
| US | 151.101.0.176:443 | stripecdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | ghs.google.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.169.217.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:49749 | tcp | |
| US | 151.101.65.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | paypal-dynamic.map.fastly.net | udp |
| US | 8.8.8.8:53 | paypal-dynamic.map.fastly.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| BE | 18.239.208.87:443 | static-cdn.hotjar.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.67.1:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | paypal-dynamic-cdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | paypal-dynamic-cdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| BE | 18.239.208.36:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | 87.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.67.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vc.hotjar.io | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| BE | 18.239.208.35:443 | vc.hotjar.io | tcp |
| US | 8.8.8.8:53 | vc-live-cf.hotjar.io | udp |
| US | 8.8.8.8:53 | vc-live-cf.hotjar.io | udp |
| US | 8.8.8.8:53 | 35.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 8.8.8.8:53 | d1tcqh4bio8cty.cloudfront.net | udp |
| BE | 18.239.208.66:443 | d1tcqh4bio8cty.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1tcqh4bio8cty.cloudfront.net | udp |
| US | 8.8.8.8:53 | 66.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 35.81.89.16:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 8.8.8.8:53 | 16.89.81.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| FR | 20.74.47.205:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | cs1150.wpc.betacdn.net | udp |
| US | 8.8.8.8:53 | cs1150.wpc.betacdn.net | udp |
| US | 8.8.8.8:53 | paypal-dynamic.map.fastly.net | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | paypal-dynamic.map.fastly.net | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 151.101.65.21:443 | c.paypal.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 8.8.8.8:53 | dualstack.paypal-dynamic-2.map.fastly.net | udp |
| US | 151.101.129.35:443 | dualstack.paypal-dynamic-2.map.fastly.net | tcp |
| GB | 34.147.177.40:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | stats.glb.paypal.com | udp |
| US | 8.8.8.8:53 | dualstack.paypal-dynamic-2.map.fastly.net | udp |
| US | 8.8.8.8:53 | stats.glb.paypal.com | udp |
| US | 8.8.8.8:53 | lhr.stats.paypal.com | udp |
| US | 8.8.8.8:53 | 35.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.177.147.34.in-addr.arpa | udp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | lhr.stats.paypal.com | udp |
| US | 8.8.8.8:53 | lhr.stats.paypal.com | udp |
| US | 8.8.8.8:53 | paypal-dynamic.map.fastly.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 151.101.65.21:443 | c.paypal.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\be627361-a774-4d92-98a2-ca70f2a82488
| MD5 | 9b61bab5626fbbd1dbe209a020a17ae7 |
| SHA1 | b30b37a3cd013bb25b513e228bf90b40b116c017 |
| SHA256 | cb945a8991afd059a1b6d605df076cea2a4843827d320a0588ac1b17f3d56c94 |
| SHA512 | de71e216a634b744fe3c3512a6580d1bd9dbd78b279646f5ada55322a1759ae1d04d4bd2020935c3b78453e00f12bf5c8a4b6b94adc7cc0ca5ebf6d7f6d52a45 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\6c316b98-4064-4f74-8d46-47ed3546988d
| MD5 | 31bdc3e8c38bbe6754ededde94deb257 |
| SHA1 | 117706c4e2f77d6696fee477b98903d3bc082f3a |
| SHA256 | 32fffd0c97909ff394083d15a94e88b70bd2634dd0e2762194f6274b321cf51a |
| SHA512 | 914dcab4e4f3acc046fc5c21849a533b1f749bdc7aa7fa2a5b135b6fd95dec60189f8f48242ee505cfd8894f41539c8b79e32d5db66fc8b31ced714fe87afb32 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e0b7e5e619993cad3473cb40ddf0484c |
| SHA1 | 60393477f22910b4782655e079b4ad44cbc5514f |
| SHA256 | 18f1eb3db2b9c4bdc153f088c02161ea1feed2fdbf75f727ca93c7f3bad4dcdd |
| SHA512 | 38ce69aebd2d604ab9abc0f919be049ce8cc5b9f610975295405d83993d8cd5948df71d5e2431907e4992bc8470deb27b5b861419a423ccb1741255777acd9e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs.js
| MD5 | 0b22b4764631d3508e814aee652d1d5c |
| SHA1 | ea4722cfff0fa88a20e8e29837a6073da67af1e8 |
| SHA256 | be99a1b941c6ba0aa46ca250387dedeb3b7b7de357755e7910b21039bfba53ab |
| SHA512 | b8e71eb5f4e19fcdd98730e24162f4f81b66c8634666d5a80f4991d3a43eeeb6f95659b91c418a5a828425242a3cb8417d6400b3a08cc21d66a8a0dae07f29d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\AlternateServices.bin
| MD5 | d5e7e5bc7940502eb23441b9d1bf2e37 |
| SHA1 | d6deb39c54bd670b9d356905937c042efa512a88 |
| SHA256 | 192c83b32ef2bb9e0eea5dc8d3b3d281d22a384e873beae91de901a71a33fcfc |
| SHA512 | c48c1e9910735b2f9f627a134725a6ddb0e9374e32242819ecfe488e816419564a97d5a70f092e4dc067d43a21ad9719544e449fc32b5095c71c44a3b3e5704f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d3d0449b031f70c4ea205bc755ad5c4b |
| SHA1 | 8f47a68b7d73fe8799231fda0d5137b59c0dfd9f |
| SHA256 | cc7d8dffd2c44ff39765ded0e65d6830878858ce7c33919e3f9f879c641919f0 |
| SHA512 | 15e3cbcaa58e573fca68a48afcc7f6f3525803cbcff8f83b60e0ee2e237f1c64f0eb1eea4d6ce4c64e8340cda83d62dc23d937c4cdbb869a1bcf89235d893950 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs-1.js
| MD5 | cbe26248cf0fcd510963619f78847463 |
| SHA1 | e2620db4dc89ea14604c8aa724a2dcbaa8668641 |
| SHA256 | a6f250d3bbd030139a46fa6a1ed7659ecbfac67fa8bce66168fa4e7fa1f5148b |
| SHA512 | babe62c33a506fb2959658b510a3329ff879c7114b7230ebd30cbb21038b1a370c47a1fb59a6c61ce0aeb42a5eaaaf88b32d325f95f2bb3310c0751812db1499 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\AlternateServices.bin
| MD5 | 381cc8a9806388342e2dd45ca14fb52a |
| SHA1 | 1d4fe3e747057b1692761be3bb045a382b9b7428 |
| SHA256 | 3506fd60fc963ebe46e9fc455519e5b75d4adafba647be498f97db4060d64aba |
| SHA512 | f25363d227b5ba4cc341a8d86c3c7c9089fc6784bd468e527feb1c48b036dcfab56cda3f92ff8d2aadfb50af600cb92f7a39ac72783328da696bb0db327dfb9f |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | fb7521fe06eb5f6616ff294c0ac09b5d |
| SHA1 | 6b0aff7faa62c29e2f25959dd42ec06bf0f1187a |
| SHA256 | c87d1eac7b0410cd9461881a60758cddf6fa55c848e452f985de22ce2805d707 |
| SHA512 | c68e98c21974a0dc1d7a18f925b109912ddffaadb121c3e3ab77a37a783e1d915a43baf9dd1030be55f29e2ab0a8831497aa9fb4e1de88c084a4e2ecf675b160 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\cache2\entries\FAB526ED156BA5829F803AD075592261B1CD4CFB
| MD5 | 39f3d554d5f1b14c46485ab6abb9f032 |
| SHA1 | 40b2e8a30f27b68f94160ddbb04863b92017b72b |
| SHA256 | 76f67d9bf2134769757619beb214b655676195c95f6ebc29c341fbbe438c1341 |
| SHA512 | 931c03e88846e776b0e3c14ed5e50b7cb5ebeba6073a7b7f9bf81e784db8f3b4ae355af5d5a7ee0a863238f89909e9723acc1f24b132b540b9f2824ec1838bf6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6ca91b23d0cda65f4ad39b4a4a057e1a |
| SHA1 | 3e011b8a4641200c2169199a179887d6a02dfa9b |
| SHA256 | 37ca4c57c011bb67cbd03638c08f972323102978b0a9fa6a42468412d206030e |
| SHA512 | 14a3e31d488ee856f61e87470c9b11487ceaaf5a864ce3b85c98cc93000888b1ea6404426880bca2f1514c96ff5fa8190ee37cdc9c04917631c170667bb4c93c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a077e82e76e300a0c89ca8f4ec640568 |
| SHA1 | c4f05809d8a12ea21ac9534d2dc4f3b80c8f46dc |
| SHA256 | d06dedf94b7abf3bb032eb1f543997a09f862ac80b35d305fc36aa38a0a4437c |
| SHA512 | 240dbd5c87ffa748fd9a46ade5f43cd9ea3b847757f46feb509cafe9516bd601a5d244efcf025b4c0d3b0ee6fad5d9bfb828faf87b1a7596a54095b766fb8f0b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 596a894db7cb3737f0e52f4ee8bc00fe |
| SHA1 | 3aba1c6527edc33f2ebcbfb6f70c47124f076f27 |
| SHA256 | 70d6b71a62dccc1cb5c69af4a426de1c944615d06a552a708a14886b33c9896c |
| SHA512 | 0c7741b3688c019cb905028be126f4d90227be2f0945a7db3bcdda2744f43fdd96e669ce2260f93d2d79cc1a29c23b31b6e562c18b377af72eefcc69b8be664c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-16 01:07
Reported
2024-11-16 01:11
Platform
win11-20241007-en
Max time kernel
101s
Max time network
106s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand PAYPAL.
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://donorbox.org/onestream8"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://donorbox.org/onestream8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1928 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63015bca-869d-4223-9622-3593cedf1458} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3aec6dc-516c-457e-aa35-790f179eaa6a} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2688 -childID 1 -isForBrowser -prefsHandle 1360 -prefMapHandle 2772 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10bd8b20-05ca-4e8d-891e-d75a05946a46} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -childID 2 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {937243af-3e25-46ff-8b82-95ae411be9a7} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4848 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f067fc87-ed83-4b51-a1ac-cac2cc7fe7f4} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 3 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10712c0a-b7da-410f-99fb-9384ef755657} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5636 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4735a579-e12c-4343-b494-d6a67d44b177} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 5 -isForBrowser -prefsHandle 5900 -prefMapHandle 5896 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f155fd2-41ec-45e1-8dd3-f96483d91b9d} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 6 -isForBrowser -prefsHandle 5860 -prefMapHandle 5864 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fd305fd-41f0-41b7-8c44-272e19943a64} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6372 -childID 7 -isForBrowser -prefsHandle 6384 -prefMapHandle 6216 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {312ff51a-ea89-40e2-9962-de8ce3022481} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6580 -childID 8 -isForBrowser -prefsHandle 6572 -prefMapHandle 6568 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba19e878-45f7-4614-a54b-a751be646862} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3448 -childID 9 -isForBrowser -prefsHandle 2628 -prefMapHandle 2532 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efac8c62-94d1-49cf-aecd-2f2a94d32886} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6508 -parentBuildID 20240401114208 -prefsHandle 2736 -prefMapHandle 4556 -prefsLen 34035 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21461c48-a48c-4b46-b297-0a2ee3c98e4f} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 4532 -prefMapHandle 6264 -prefsLen 34035 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {360e1207-7539-4695-9684-ef6d6af19911} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7100 -childID 10 -isForBrowser -prefsHandle 7092 -prefMapHandle 7088 -prefsLen 31031 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f468baa-a109-4988-ba85-7a4a1e265e8f} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7232 -childID 11 -isForBrowser -prefsHandle 7240 -prefMapHandle 7244 -prefsLen 31031 -prefMapSize 244658 -jsInitHandle 1016 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2203ede7-c09e-4d3a-91f4-57ab31cd010a} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | donorbox.org | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 104.22.50.249:443 | donorbox.org | tcp |
| US | 104.22.50.249:443 | donorbox.org | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| BE | 18.239.208.88:443 | dexeqbeb7giwr.cloudfront.net | tcp |
| US | 151.101.193.21:443 | paypal-dynamic.map.fastly.net | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| GB | 172.217.169.51:443 | ghs.google.com | tcp |
| BE | 18.239.208.88:443 | dexeqbeb7giwr.cloudfront.net | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| BE | 18.239.208.87:443 | static.hotjar.com | tcp |
| SE | 192.229.221.25:443 | t.paypal.com | tcp |
| US | 151.101.67.1:443 | t.paypal.com | tcp |
| BE | 18.239.208.34:443 | script.hotjar.com | tcp |
| N/A | 127.0.0.1:49730 | tcp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:49737 | tcp | |
| US | 151.101.64.176:443 | stripecdn.map.fastly.net | tcp |
| US | 34.208.96.219:443 | m.stripe.com | tcp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | tcp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.161.2.58:443 | m.stripe.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 104.22.50.249:443 | donorbox.org | tcp |
| SE | 192.229.221.25:443 | t.paypal.com | tcp |
| US | 151.101.193.21:443 | c.paypal.com | tcp |
| SE | 192.229.221.25:443 | t.paypal.com | tcp |
| US | 151.101.193.21:443 | c.paypal.com | tcp |
| BE | 18.239.208.32:443 | ddbm2.paypal.com.first-party-js.datadome.co | tcp |
| US | 151.101.67.1:443 | t.paypal.com | tcp |
| GB | 142.250.200.35:443 | www.recaptcha.net | tcp |
| US | 151.101.129.21:443 | c.paypal.com | tcp |
| GB | 142.250.200.35:443 | www.recaptcha.net | udp |
| US | 151.101.129.35:443 | dualstack.paypal-dynamic-2.map.fastly.net | tcp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| SE | 192.229.221.25:443 | t.paypal.com | tcp |
| BE | 18.239.208.32:443 | ddbm2.paypal.com.first-party-js.datadome.co | tcp |
| BE | 18.239.208.32:443 | ddbm2.paypal.com.first-party-js.datadome.co | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| SE | 192.229.221.25:443 | t.paypal.com | tcp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c15de9e750d400a2c8ee66a47bd60bf8 |
| SHA1 | 2a8e84ca89f5d8e982910f40d5b85ef7841f26c0 |
| SHA256 | 1a740be55f5bcd15c82b59983f815175020d5a47476035587111f7f1d9090023 |
| SHA512 | 7f7fcb87d950c72400e33ec91fe98c9231b282d9147bb70c236f76d8bba361d1ea7710fb44a5624e45c1d160f5fb59f8c4f6612e4316e2eeded77dffa54f75d1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\6545fc4c-e192-4108-8848-6d7e129314ec
| MD5 | 5626f29566650d666b080868fb2359aa |
| SHA1 | d935a788c2d208c649175685f0b6cf1d070aaa9f |
| SHA256 | 53ee137e2c9a47411a66ebcc93e59020dd70aed67601e89ab6eeb4cb800c6834 |
| SHA512 | 21ce268975532d5f93248f81790d64b2d07899d0dc5320c73da909a3e148aa2532accc91d71944ab46922ab131aa84d26d0260030420536b9960822f963375d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\1118b019-47e6-4001-b70b-c5f41b087aad
| MD5 | ec2c97f902c8640a33a06270dbefa9bd |
| SHA1 | 209cc62786144840806272f2c9cd189f9c95c500 |
| SHA256 | b168d2e2797f236f3be49032c3b4fd26433a9a0aea173f3f960f7988f4775f8d |
| SHA512 | 2f853431505cde49f2418346412774f3874ae73212b264dd6a4fc10e3f43c3bb20d331a2c1f9347252b9cb089f25e6eccb530fac046802b1684b84734381f74e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a7be7264d839f55e2361e73214177b48 |
| SHA1 | 7e389efe1a90d22670698c5d07dcead160e5e4c5 |
| SHA256 | 075c7ac89d6777430f80b3d46778306355f103532ae700954f6ca5c742bc64a8 |
| SHA512 | 35b1ea9483447debf5de4d6ff2ef5988b334580dc00f96f2c31a57bcf2a4d994af7b6e7f194b46ac16fe22808ae8c0cbff1397a889fc9ef754aaeaf894358947 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\activity-stream.discovery_stream.json
| MD5 | f9a13ce981d4e4e917d1f6e803957011 |
| SHA1 | 551192135ec0e2d19fc8477aedc0d454c418079b |
| SHA256 | 3b4d3c5d5e1ca890def368898ec791117e1faa20a68646d299632138fb89123b |
| SHA512 | 77b930fa1abdcc91b37fdb3367e246ae1d59f10f37b46163b58969dc76ae2bf33dcb7acff1c5470d668235f2954955120a2bd48cbc64bc50d289002d834b9398 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | dd39ab0f11d863594a2fc47797e45701 |
| SHA1 | 8f1a14884ffe3bd249ee88ada078cd4304ab5f02 |
| SHA256 | b0f069ce186b69ad169e37874848725e7414d9251279e40298b09175ffdef225 |
| SHA512 | d6b22d1042dbee4a3f7ad2fa580c897a796e5623d40b3b25fb8a651efdf65072c41f4f94da8cf3d337e2a3fb153261214591972046fb79cf9d513a593f10c208 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\AlternateServices.bin
| MD5 | 3469742a33b73c9befb884d181df1856 |
| SHA1 | 366bc570f55a1c074f118c0d8ded9dfd29883b98 |
| SHA256 | 1592337fd113a1fea3418a5cd420fe69745b37a3c83f7edf7c17f452b2e674a9 |
| SHA512 | a51d36819334c7e65d64b077c7a8ae37dec6f9ba4a9cd2335187f4a1705e7f4b5718e8459044411a0e07aabb19e16f7103cd4d46a98a00004f4ddecb28cb8c07 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs.js
| MD5 | bcb78412e682d1ba83150300f6a03e70 |
| SHA1 | 44451065295d1eabab011239e5a544b4b388e1f4 |
| SHA256 | c89265c62a1d1240ea132b668bae95a2992b39c383be2cc1387bab7cb0ff8e59 |
| SHA512 | 4ab19a672e2d427adff81ad8d39913513ed2033ddf7426445acfee2341b26bb2bc53f6d96b7275e3cfab5de320527b29849112ae657a51dabc1e4292eea92799 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c8cd82c18a6682d501c5a9da0f5d3a8c |
| SHA1 | f3fd8a019e1135fecb2b6288b4c84c045951d9c3 |
| SHA256 | dcd9f3634a8b43fdc74427967523c4beb966094b9ff83185044cebd35785fbd8 |
| SHA512 | dfa04eb37055ecdfe775e212b11b68059cb387d5d2510f869b0eb5ed29dd03362dd1d357abadaff0e9afaa213a072bde7d63ad65ded5df79543d6b013f956906 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a6251d686367a196021326b17265961c |
| SHA1 | a0256035e0529fade063c5b46f35f90c29eada07 |
| SHA256 | 04effd551f7507a490574233fa72ad5ad777aa714fffc6dfeaac6ef808c007ec |
| SHA512 | 1e31448720da9cc45e76f17875a918cf9ed74c62775aafb800d5a843867272d155532239e9cb81aced94f23e9c33f334a001a52912069df38483a31755258bca |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
| MD5 | 7b102168171010c2dbbbc4026cb8ce6e |
| SHA1 | 7e514290f66e242f335452ec4e3c166263bd6ae8 |
| SHA256 | 3afe90bcad3e01baee3227c369eb4ec54dd08cf8300cc3759934b8883a6cfd3c |
| SHA512 | d316c8a7719766ed543346b845cfcd2cc8e807d5585e87d0b8a77eda5f03744c2f210948498997d4b1b2d7845ff45a285fb5f801d84a3171d61b61996665a3c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs-1.js
| MD5 | 33e3d949143b75f2f17f8b28305c80b4 |
| SHA1 | f8eeb6e9ff894811ee381336ede29e501873e230 |
| SHA256 | 64bd04540a793c5677abc850f0765fad673c7d4d0721f1757123956eafb3b533 |
| SHA512 | 5902ea357a0293bfea18e2d93f8348dc293387a2d08489a62cb29d14dcbeaa38fcc1dd2042f5d8b08129440f0c244f4655dca19c7efa427fff1b7a401f203fb7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | d733f9444c15cff33ea8cc33b06aba72 |
| SHA1 | 598bfc04cc27f5326316ddcf46e62dcbef981cf9 |
| SHA256 | 2a6fb92a8c9cc0cdae35f03e60339dd51a2b56bdaf3e4c988f047af526421dcc |
| SHA512 | 7deb26ade550d3ff3de89bfcc131aae9cb3d0ec74964f4cb54bae07f17323a44a559e0b2027d2e625c63998aaf15565b91564457b779b23b370e2c4fe995c066 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs-1.js
| MD5 | 44e782524460d86082857545cb22d7e1 |
| SHA1 | 02f56ff9e6134836f2580aa32fc7eb3e65d5ed12 |
| SHA256 | e72e70055239cdd84e9486ffac8ff180c2a900fbd643d361d758fd316d5ac49b |
| SHA512 | fab10808c9324fef7aa61810e1d90d2d2d90388c883ba2bf3ec9e8c4154f94010173c0c803f4b8b08d749425e7b1c686ac4dcdc1816780904ddc3f7e869ddb2b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3b852a24054135c650f9c2b4df1a0ce5 |
| SHA1 | 8458db9fab53ad8b6bb0454e8838b9470976d59d |
| SHA256 | 360074cdb621eb4a4e4c0014e645b2699ccffbec8d0c2697105f1954f1dfea70 |
| SHA512 | a615c4a065f6e83f56082bceacad347381d2430fec8bdfd08582d2573b7c63c980a67e106c249430453220565ffa24bcf13bfa22f7d9a1fafd0322651a383cdb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ecb6c9911dd253a7ec830c7d07b0cc92 |
| SHA1 | 6cf236f43b93d1335f1ef4050de77a1f06f3c569 |
| SHA256 | c5fcb29e22a6d24c2f99ee25ffb64bb829a4898a87a4669e690536c4c20a08eb |
| SHA512 | 8ceddcab6669502dc446936eacacf54df950f3e70026c6bb3f0d143053ff59b02415f3c537317ceebe1ece0f3849f3bca8cc8c4ff49253738c78b65b1c9b4e3c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\AlternateServices.bin
| MD5 | 2135cfe2012bffe6bcce2b546c97c6ea |
| SHA1 | bbf6f6ff2803359d4e3aad1a52b9ed3e586f796b |
| SHA256 | 08410b35d21d5425cdad3b3db5e1c38ebae7d86c9a8c0d645b6c005e1c312dd6 |
| SHA512 | cdfdf9c1bcd045b497cbec06ccfe44c0775a64b761a7383c5913e385764656da6b6606182bc06de48083bb8c80b03160e1cb62eff8c179e88a41935a3491bc07 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | d93c3d8beca8bf772619211bdad7b4ba |
| SHA1 | 2316d00c3c6d7ca5c27528ef13824e58d2a6342c |
| SHA256 | d53a1ca59a035cb33f736e7ddc9b8292b0ec654e864f9ebd75856e6da7ec4781 |
| SHA512 | 7a5eae42445ec13a15dfe338d63a85ac71a1c343da420c30c3064b5ffd5488690c0bbf57a2c57ccbcf89ca2978c6a916444d92ba097978eca85feeabb26ae81e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 148f647fbf28be598568d51cd0f124f2 |
| SHA1 | 545ca4615521542d91f364a171c1322d0b359564 |
| SHA256 | 4c0fb82ba483abd13343e1fa09702fb7545588c33e313a10e8954b35b8c52a44 |
| SHA512 | a4627aeb7d0662343e35f23f7f4d3acb72e18ba213beb7dc65aa3d70dafc9c4f44160cfc161f76467b6f5ea7d3ead8960af9b9a0830dc1c8656d15f3239fd993 |