Analysis Overview
Threat Level: Likely benign
The file https://www.paypal.com/myaccount/transfer/payRequest/U-09584045BD498740V/U-5WG42322692827538?classicUrl=%2FCA%2Fcgi-bin%2F%3Fcmd%3D_prq&id=wL4EKNTPRrsQJS2hjiQ8JLzjEHhfpMd6usIiaA&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&ppid=RT000186&cnac=CA&rsta=en_US%28en-CA%29&unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&calc=f55911288815e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C154413%2C104038&link_ref=u-09584045bd498740v_u-5wg42322692827538 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand PAYPAL.
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies registry class
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-05 18:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-05 18:03
Reported
2024-12-05 18:05
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
163s
Command Line
Signatures
Detected potential entity reuse from brand PAYPAL.
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.paypal.com/myaccount/transfer/payRequest/U-09584045BD498740V/U-5WG42322692827538?classicUrl=%2FCA%2Fcgi-bin%2F%3Fcmd%3D_prq&id=wL4EKNTPRrsQJS2hjiQ8JLzjEHhfpMd6usIiaA&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&ppid=RT000186&cnac=CA&rsta=en_US%28en-CA%29&unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&calc=f55911288815e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C154413%2C104038&link_ref=u-09584045bd498740v_u-5wg42322692827538"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.paypal.com/myaccount/transfer/payRequest/U-09584045BD498740V/U-5WG42322692827538?classicUrl=%2FCA%2Fcgi-bin%2F%3Fcmd%3D_prq&id=wL4EKNTPRrsQJS2hjiQ8JLzjEHhfpMd6usIiaA&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&ppid=RT000186&cnac=CA&rsta=en_US%28en-CA%29&unptid=e1575e15-b31c-11ef-8b1e-3d4444d65b5d&calc=f55911288815e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C154413%2C104038&link_ref=u-09584045bd498740v_u-5wg42322692827538
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1964 -prefMapHandle 1956 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a92f64a4-d06b-476a-94c3-bf96e9e74ee4} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce55f7b2-14a1-4ea3-9ed6-ff686388ee5b} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3188 -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 3272 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03121710-132d-44ea-9658-5c71f0aee2f4} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1128 -childID 2 -isForBrowser -prefsHandle 3920 -prefMapHandle 3932 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b0fb595-0d1a-4973-829d-84af6bf7c4f2} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4744 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4768 -prefMapHandle 4764 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddb8fd16-d274-407a-8fc1-0470ee2817f0} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5316 -prefMapHandle 5312 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {175659c6-4b28-4585-92b2-12881c635582} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 5456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca165263-80e2-408a-a8b7-a85ede12acb9} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5608 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfc352a9-0259-4fee-aa83-6bfba6f01cb9} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -parentBuildID 20240401114208 -prefsHandle 6148 -prefMapHandle 6180 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ce90f9-5a68-4137-9df4-672be08f2c00} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6372 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6364 -prefMapHandle 6360 -prefsLen 29278 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3427ee6-42ca-48cd-af70-17c4eec8cd93} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 6 -isForBrowser -prefsHandle 6788 -prefMapHandle 5324 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bab7caa8-f2b1-4eb0-90c0-ee5321c59da4} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7036 -childID 7 -isForBrowser -prefsHandle 7032 -prefMapHandle 7008 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5d30b0b-4347-4ca2-a4f1-3e9c07a1727a} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:50441 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.193.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | paypal-dynamic.map.fastly.net | udp |
| US | 151.101.193.21:443 | paypal-dynamic.map.fastly.net | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | paypal-dynamic.map.fastly.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 21.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.106.226.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | ddbm2.paypal.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | cs1150.wpc.betacdn.net | udp |
| US | 192.229.210.155:443 | paypalobjects.com | tcp |
| US | 8.8.8.8:53 | paypalobjects.com | udp |
| FR | 3.162.38.12:443 | ddbm2.paypal.com | tcp |
| US | 8.8.8.8:53 | ddbm2.paypal.com.first-party-js.datadome.co | udp |
| US | 8.8.8.8:53 | cs1150.wpc.betacdn.net | udp |
| US | 8.8.8.8:53 | paypalobjects.com | udp |
| US | 8.8.8.8:53 | ddbm2.paypal.com.first-party-js.datadome.co | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.210.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | use1-turn.fpjs.io | udp |
| DE | 35.157.212.223:3478 | use1-turn.fpjs.io | tcp |
| US | 8.8.8.8:53 | 223.212.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.195.1:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | paypal-dynamic-cdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | paypal-dynamic-cdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | browser-intake-us5-datadoghq.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | tcp |
| US | 8.8.8.8:53 | browser-intake-us5-datadoghq.com | udp |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | tcp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | browser-intake-us5-datadoghq.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | udp |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.195.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.66.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 151.101.65.21:443 | c.paypal.com | tcp |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| FR | 3.162.38.12:443 | ddbm2.paypal.com.first-party-js.datadome.co | tcp |
| US | 151.101.65.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | dualstack.paypal-dynamic-2.map.fastly.net | udp |
| US | 8.8.8.8:53 | ddbm2.paypal.com | udp |
| GB | 34.147.177.40:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | stats.glb.paypal.com | udp |
| US | 8.8.8.8:53 | stats.glb.paypal.com | udp |
| US | 8.8.8.8:53 | lhr.stats.paypal.com | udp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | lhr.stats.paypal.com | udp |
| US | 8.8.8.8:53 | lhr.stats.paypal.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.177.147.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| N/A | 127.0.0.1:50452 | tcp | |
| US | 8.8.8.8:53 | paypal-dynamic.map.fastly.net | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hne6n6e.gvt1.com | udp |
| NL | 172.217.132.233:443 | r4---sn-5hne6n6e.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-5hne6n6e.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hne6n6e.gvt1.com | udp |
| NL | 172.217.132.233:443 | r4.sn-5hne6n6e.gvt1.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.132.217.172.in-addr.arpa | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | udp |
| US | 8.8.8.8:53 | ddbm2.paypal.com | udp |
| IE | 3.162.140.68:443 | ddbm2.paypal.com | tcp |
| US | 8.8.8.8:53 | ddbm2.paypal.com.first-party-js.datadome.co | udp |
| IE | 3.162.140.68:443 | ddbm2.paypal.com | tcp |
| US | 8.8.8.8:53 | 68.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\04f8f52b-76db-4a12-aeb5-f4e0e4d8aea9
| MD5 | fc58e9fd4fa3bafff4761817c95c1bd8 |
| SHA1 | b9c5ed5c55f044ea27441258883a94c7a21c8f4e |
| SHA256 | 7244237556434bef85f61b88b0e31ca65559a4a5ab7d559b70c4874b8fc13bbd |
| SHA512 | 68e54b145199be399ac291f8edef8feea077dbf9541932cab1cc970ce1c77858d9414cd28fd8f44ce7f22b2a9e8b1af3c435d6dc542cd473febde0bc311c8ab9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\1369279f-3c9e-4bad-a3d6-33a38f95d771
| MD5 | 072b57795e2051beff5308850cbc8123 |
| SHA1 | 8b8fe2a646174552ce72b1c61191b1c5b465e409 |
| SHA256 | 30fcb56c6bd122e08d59d12fb61309a6b964c63966d56c2d3eb5ead296f1ecb4 |
| SHA512 | cd7d6c742a30f62eab9e2427b38218eaf5d3761013bff8c80d0403e9afda73f25de68df06256d19c460d2847a5bc65fcba076b73d7e323ac73fcf7db732d609a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\d1e33473-0c9e-458a-9941-24afc207bd55
| MD5 | d2023c52f74008d687826824bdca88d8 |
| SHA1 | 58d7ccb304526db2e30761b64c1f25d2a44dead1 |
| SHA256 | b696588e51c810a0aab0f87c73af9e083b3ac4793f5d749c64a726a64768a5f6 |
| SHA512 | 8344650412f149f3537fdd548bcf50aba45cc24f8388a51d592f40a428110c6d426948c35f0abf9f9f45eda002fc3c47f66f908f19b263e4dd8371181ec7d41e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8bac2e2d1b0e9459eb76f72b4bff3115 |
| SHA1 | beecfb911996266d9beb88aee10447267d0f394e |
| SHA256 | 6a0dc5e9f99d704ee32df6e28834daa501b796a81db0da3ceb6dc72a1bbf2e0b |
| SHA512 | a8e12be310068cc75f8b19dceb699aac930fb20dc4f6ef3226adc01adaf6874ca27e4ff986c393b29593c8cd3815591e5f7271e255edba3539caec1cfbb6f2fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 8d7feddf21813d105670bc85c86cbb6b |
| SHA1 | 4083d01fc47782d7848a3956cb6507fbc0dba194 |
| SHA256 | 80bab8a0004acc9c6a35c3f0343f7517fee34c99a33a7500bcdfcacc20a8442f |
| SHA512 | caed21145b80ab2b62f7e2ee21438f9d33cda8c3eb9b0d3561fc80b1c20410d807b357fd2af36ab1569208aea5946e77eb5bd8a2ed26c068c319a9e2113e251c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin
| MD5 | 866e56abfe5a1795ebf3a1c9f025c109 |
| SHA1 | deea38de8a7957498a9906670112dc4839216f81 |
| SHA256 | 4247f6fc2a136f1c8958c604e27e072e1d878e4565bc571b6e5f9147f6a9f48a |
| SHA512 | d0d7c4ea1825df7fcc064ac2bd465eb6c13d81e736477558e7bc44908ac53e957a170724b0cf6787f678b77c77be1627bd25fb0c54f5d504906599405dd45c4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js
| MD5 | 1acdc6c439a23ed50caa03765e4d184a |
| SHA1 | 8e84292f752d500a397f4ec64e997b55cf865b2a |
| SHA256 | da9e7c990a61d711f1cf6178b24f253c067923c535a9d5724dc17919732d2aac |
| SHA512 | 915c2bc919af35ca99c066d8708a622412a6596109fca381b878caa54f1122beccaa98f19d391a98f16818e210d841417cbefedc960462df68f4eaeffc1e04fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin
| MD5 | 58a3d6d4c1a26cc2beb7e8ee9df8f931 |
| SHA1 | d3854076c343d482002e6c0719e77197f63ffd3b |
| SHA256 | f2fffebede5c795faaddfdea4324465869a43b408bf8d9405c94b2a63f79c296 |
| SHA512 | bc82ef4d389c188291b08af77f70768b2606178e1c0b35935f476f29eecfb9eec2bb229fbbdc89843bc2cd1ca7e538cef6dbf2d3a7774f3cf4356bc64ea75bf0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | 96c542dec016d9ec1ecc4dddfcbaac66 |
| SHA1 | 6199f7648bb744efa58acf7b96fee85d938389e4 |
| SHA256 | 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798 |
| SHA512 | cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 04b01b3ef94c8fd7990c2cff3f0cdb31 |
| SHA1 | e1c6f3442e7226f7d247834d3268d54e40a1808c |
| SHA256 | 38057be04aad85cd5a657ef79063fe68d0581a8bebc80bbb27d9879b585641fb |
| SHA512 | 9afc9bbdc61e571321885f42139813ee6667add967b99e047faa85415a3964be4f64824bef2240fc42584c8a07783c157781d36fa2706c07e03834790b15ef5a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js
| MD5 | 6eeb3c82a69f5e294527f3b471dfabe6 |
| SHA1 | 4b1583e38b11f23d44371a7902a99bdaec9bc8ec |
| SHA256 | 56b8fa8f42af4f8ff169bc642429105044a3e0f0746048855ca4fec80e20fbbb |
| SHA512 | a3d15fd4d1b2f5a51061414541c19239f7fc6d529f52ea5c80850129dad8af6ee6925e4e3712cd9208b995db4adc1e899ba8768b30d1154084be2f52839ae772 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984
| MD5 | 783ad73f48b7993662b192eea22b8378 |
| SHA1 | 7b3aa2b68903eb6b11a1bc492fa5f003f618d5a9 |
| SHA256 | d3c682c2f0422f04d8edd330828e517f11d6220b2d73b9a183c57ad769e2347a |
| SHA512 | 796bc9024ecd09ac6f995f8a9295a7eaf2134514c43722be170d7aa8d25a00ae8846afc35febdbf9212b285e6bb173d61a325a4182fdc4b91574656f918e3ca5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js
| MD5 | 4ed3bf5038570744c7885fe53c01bf48 |
| SHA1 | 348c4f39e7c4679f69d704cbe58cc02a06331fe7 |
| SHA256 | b183b75b043f58b5eb074afdb097d807533f71db5856f7b3b596b1100dddb241 |
| SHA512 | 8b53f0282b38d7315070b9eba621c00e139da89f62906ff87d30216b0854ab06e32522bec6148e1112ceb523b929918e4e01abd7c357ab5455ea6605be94b598 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js
| MD5 | 7e89806f4ee4ba30d98af1372aa3e7ef |
| SHA1 | d58d043ef40f45e0aeecc0a7ab47aa40f69e511c |
| SHA256 | 22ca3845d8d1dafa909020659d4bced4588988bbe468d0c1ab2fba0c05507e50 |
| SHA512 | cbfd867c91af56d4eaa52fb5f5d9cf7394e46d83052936deb736afa3447494aa6a236a4bcb6ef0866f8142ffe9869f127bfcad98f7eeba97ed1e6339af8036cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 44470f84a184887662f51d44d01af012 |
| SHA1 | e71424198e8b45302cd1d4e6824f1bfccb8a8934 |
| SHA256 | e6572daad03581f8db5e4661756f37ceec9805b36f568e944838b657a60dad45 |
| SHA512 | df9d33d524c2a81f4e55ab43c1dbca02f4d94814dae5acf326f70c262783b416c608ab8fa09ffdbd1c48dc9ee6a835139b7d605fa3814fe5db912ee7bb7ff925 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 4bc613d13b8103a345a30f380e475081 |
| SHA1 | a8150a59ded06b2ed3540bc5818bb55f5a010550 |
| SHA256 | c1d466391823bfb915607f568ab208eb5f6dbf6d48e7658b20449e1bce1a87af |
| SHA512 | cb4700fbf1e52243fa48e7a736f136753b450ce6a2d23f54edf5da10d6512b7a4f5ebb94ef02d9ab165663d3fdf6470337bbdccf5b359599d24aec6cfc30eea9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 243f562f815f95998cbc9c36059627f1 |
| SHA1 | 30bd17b4a91ffce88d0a714172025a69bb96c212 |
| SHA256 | 94ee4ad8d1b16b54a5f65c3cdb13d41e0dfb3bcb4fde4df719398acac2cc0312 |
| SHA512 | 9f372b679cde214513f86778317bd6bd4688afb13d2a70b3b89a2e71dc553e65c7382b3c6c3fd2facde295a561e70087a29654c2131dfcbc3d17e7696fbe8b32 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 513c93d5f7d02faced255da44d474696 |
| SHA1 | 105de195b974eeb3ffb0f2815fe409055760308b |
| SHA256 | f386096aa2c7d22d95ebc13958cb6be718faf3aff937093cc92a6362bf2fbcec |
| SHA512 | 7252dad041383f4f19cf706c738d0656b37638d4185a21844c4783be06f00515a2f96fb7bea4b619c697c909f52495a496fbc07f9d949e69e256a95991c8fb69 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 82a64bee0290f91bf9216620b2eff55b |
| SHA1 | 2abc3f7bfa630cd63f5e7bba781cd2c92eb58735 |
| SHA256 | 4c0f4e8d3f88be25716920ba381a5558861ee8661ace4232e98f34622a5b1981 |
| SHA512 | e6fd9441e4a5f6a755bb7c9d7238433070796367cc3fc93297af8e35231ebb2df591c5c2f95c6b0d15cfe67c63254ff25682ef490f01d421d1c19b259b73b925 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 68899a31ab50eb0a797468fd1ee91db8 |
| SHA1 | f0b07561ebbe9277f2402bc7b6bdb4d3bde46818 |
| SHA256 | 5ac3d450bbc89506e178bf9e00c3074bddd542955b36532d7f758798de12a1cc |
| SHA512 | 20f43e3a1b4f70de84813fce7e0d53452f254d599ac94c10ef8a151e9d5f4235243c8f79ca901cd65daf3ded630c46ccbdf3e3dad7140c6167b5ef8c7e07bf5a |