hxxp://yakutaconsulting[.]com

Resubmissions

26/04/2023, 11:29 UTC

230426-nlk3taag8s 1

26/04/2023, 11:26 UTC

230426-njywwsgh79 6

Analysis

max time kernel
63s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2023, 11:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://yakutaconsulting.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3336	firefox.exe
Token: SeDebugPrivilege	3336	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3336	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 2128 wrote to memory of 3336	2128	firefox.exe	85
PID 3336 wrote to memory of 1308	3336	firefox.exe	87
PID 3336 wrote to memory of 1308	3336	firefox.exe	87
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 1952	3336	firefox.exe	88
PID 3336 wrote to memory of 940	3336	firefox.exe	89
PID 3336 wrote to memory of 940	3336	firefox.exe	89
PID 3336 wrote to memory of 940	3336	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" http://yakutaconsulting.com
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" http://yakutaconsulting.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.0.1740205003\406539341" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d83e823-e163-4900-832f-f7e6dd8a9d3d} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 1916 21de9aeec58 gpu
    3⤵
    PID:1308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.1.1733783845\1764764551" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce7b37b3-727b-4e5a-90ba-4adb6601b5be} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 2424 21ddcb72858 socket
    3⤵
    PID:1952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.2.116175039\850995091" -childID 1 -isForBrowser -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eec728e-d907-406b-b0ed-b3ec13606463} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 3280 21ded7f5758 tab
    3⤵
    PID:940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.3.554940483\191558681" -childID 2 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b82cbfdc-4cec-4cc0-b311-9aebf7d033a5} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 3980 21ddcb62558 tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.4.1963525086\1699214876" -childID 3 -isForBrowser -prefsHandle 4540 -prefMapHandle 4556 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a83319cc-be61-425b-bb7b-41248a2f2885} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 4584 21defaa5b58 tab
    3⤵
    PID:1432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.5.506173619\881955162" -childID 4 -isForBrowser -prefsHandle 5060 -prefMapHandle 5036 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d25da45-074f-41c7-9cde-be0f007e8f2e} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5072 21df1798e58 tab
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.6.936202033\360073072" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74ca35c1-71c2-494a-8aa9-8b3552cd970a} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5176 21df1398b58 tab
    3⤵
    PID:396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.7.159515623\329421737" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00dffd30-9c6c-4c72-b97e-848b6fc3a289} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5364 21df139b858 tab
    3⤵
    PID:4056

Network

DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

assets.msn.com

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN A

Response

assets.msn.com

IN CNAME

assets.msn.com.edgekey.net

assets.msn.com.edgekey.net

IN CNAME

e28578.d.akamaiedge.net

e28578.d.akamaiedge.net

IN A

96.17.193.51

e28578.d.akamaiedge.net

IN A

96.17.193.56

e28578.d.akamaiedge.net

IN A

96.17.193.60

e28578.d.akamaiedge.net

IN A

96.17.193.59

e28578.d.akamaiedge.net

IN A

96.17.193.50

e28578.d.akamaiedge.net

IN A

96.17.193.5

e28578.d.akamaiedge.net

IN A

96.17.193.61

e28578.d.akamaiedge.net

IN A

96.17.193.49

e28578.d.akamaiedge.net

IN A

96.17.193.4
GET

https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=2674e138-6799-4a9a-b6f1-35bb9cef0d01&ocid=windows-windowsShell-feeds&user=m-d4eafa4aa86940188882725c6e2ef215&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

Remote address:

96.17.193.51:443

Request

GET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=2674e138-6799-4a9a-b6f1-35bb9cef0d01&ocid=windows-windowsShell-feeds&user=m-d4eafa4aa86940188882725c6e2ef215&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/2.0
host: assets.msn.com
x-search-account: None
accept-encoding: gzip, deflate
x-device-machineid: {46CAA714-52CC-4AB9-A019-1AE3E3C36027}
x-userageclass: Unknown
x-bm-market: US
x-bm-dateformat: M/d/yyyy
x-device-ossku: 48
x-bm-dtz: 0
x-deviceid: 0100B2E609000CC3
x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:129135BB
sitename: www.msn.com
x-bm-theme: 000000;0078d7
muid: D4EAFA4AA86940188882725C6E2EF215
x-agent-deviceid: 0100B2E609000CC3
x-bm-onlinesearchdisabled: true
x-bm-cbt: 1682508557
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
x-device-isoptin: false
accept-language: en-US, en
x-device-touch: false
x-device-clientsession: 59EEEF0F0547445B81DDB5EBDD6601D3
cookie: MUID=D4EAFA4AA86940188882725C6E2EF215

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: *.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
content-encoding: gzip
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: SportsMatch_all:1;tbn:0;TeaserVisibility_cold:1;SevereWeather_cold:1;partialResponse:1;TeaserTemp_cold:1;lowC:0;coldStart:1;coldStartUpsell:1;lowT:0;winbadge:1;Nowcast_cold:1;WildFire_cold:1
ddd-feednewsitemcount: 0
x-wpo-activityid: F338CADA-0F92-4F38-9EAE-DF33E839BABF|2023-04-26T11:29:20.4414815Z|fabric:/wpo|WEU|WPO_65
ddd-activityid: f338cada-0f92-4f38-9eae-df33e839babf
ddd-strategyexecutionlatency: 00:00:00.2122675
ddd-debugid: f338cada-0f92-4f38-9eae-df33e839babf|2023-04-26T11:29:20.4568062Z|fabric:/winfeed|WEU|WinFeed_250
onewebservicelatency: 213
x-msedge-responseinfo: 213
x-ceto-ref: 64490b1065f543f7b8ede7d963f2fc60|2023-04-26T11:29:20.240Z
expires: Wed, 26 Apr 2023 11:29:20 GMT
date: Wed, 26 Apr 2023 11:29:20 GMT
content-length: 1855
akamai-request-bc: [a=96.17.104.51,b=844129465,c=g,n=FR_IDF_PARIS,o=20940],[a=20.23.114.34,c=o]
server-timing: clientrtt; dur=16, clienttt; dur=227, origin; dur=227 , cdntime; dur=0
akamai-cache-status: Miss from child
akamai-server-ip: 96.17.104.51
akamai-request-id: 325064b9
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
vary: Origin
DNS

51.193.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

51.193.17.96.in-addr.arpa

IN PTR

Response

51.193.17.96.in-addr.arpa

IN PTR

a96-17-193-51deploystaticakamaitechnologiescom
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

yakutaconsulting.com

firefox.exe

Remote address:

8.8.8.8:53

Request

yakutaconsulting.com

IN A

Response

yakutaconsulting.com

IN A

141.193.213.20

yakutaconsulting.com

IN A

141.193.213.21
GET

http://yakutaconsulting.com/

firefox.exe

Remote address:

141.193.213.20:80

Request

GET / HTTP/1.1
Host: yakutaconsulting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 26 Apr 2023 11:29:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://yakutaconsulting.com/
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7bde7ccf2b410e44-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

yakutaconsulting.com

firefox.exe

Remote address:

8.8.8.8:53

Request

yakutaconsulting.com

IN A

Response

yakutaconsulting.com

IN A

141.193.213.21

yakutaconsulting.com

IN A

141.193.213.20
DNS

yakutaconsulting.com

firefox.exe

Remote address:

8.8.8.8:53

Request

yakutaconsulting.com

IN AAAA

Response
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.237.239:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

getpocket.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

getpocket.cdn.mozilla.net

IN A

Response

getpocket.cdn.mozilla.net

IN CNAME

getpocket-cdn.prod.mozaws.net

getpocket-cdn.prod.mozaws.net

IN CNAME

prod.pocket.prod.cloudops.mozgcp.net

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
GET

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

firefox.exe

Remote address:

34.120.5.221:443

Request

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30 HTTP/2.0
host: getpocket.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:524c::
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

35.241.9.150
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

35.241.9.150
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN AAAA

Response
GET

https://yakutaconsulting.com/

firefox.exe

Remote address:

141.193.213.20:443

Request

GET / HTTP/2.0
host: yakutaconsulting.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 200

date: Wed, 26 Apr 2023 11:29:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept-Encoding,Cookie
link: <https://yakutaconsulting.com/wp-json/>; rel="https://api.w.org/"
link: <https://yakutaconsulting.com/wp-json/wp/v2/pages/74>; rel="alternate"; type="application/json"
link: <https://yakutaconsulting.com/>; rel=shortlink
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 14
x-cache-group: normal
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7bde7cd248d70bb0-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

20.213.193.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.213.193.141.in-addr.arpa

IN PTR

Response
DNS

239.237.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.237.117.34.in-addr.arpa

IN PTR

Response

239.237.117.34.in-addr.arpa

IN PTR

23923711734bcgoogleusercontentcom
DNS

221.5.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

221.5.120.34.in-addr.arpa

IN PTR

Response

221.5.120.34.in-addr.arpa

IN PTR

221512034bcgoogleusercontentcom
DNS

150.9.241.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.9.241.35.in-addr.arpa

IN PTR

Response

150.9.241.35.in-addr.arpa

IN PTR

150924135bcgoogleusercontentcom
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

34.211.203.81

shavar.prod.mozaws.net

IN A

54.149.234.21

shavar.prod.mozaws.net

IN A

35.160.145.179

shavar.prod.mozaws.net

IN A

34.215.121.165

shavar.prod.mozaws.net

IN A

54.148.4.3

shavar.prod.mozaws.net

IN A

54.189.57.246
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

34.215.121.165

shavar.prod.mozaws.net

IN A

54.189.57.246

shavar.prod.mozaws.net

IN A

54.148.4.3

shavar.prod.mozaws.net

IN A

54.149.234.21

shavar.prod.mozaws.net

IN A

35.160.145.179

shavar.prod.mozaws.net

IN A

34.211.203.81
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.117.65.55
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.117.65.55
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.117.65.55:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OS6uAcdMp8i2mouIyIbDZg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9ArUPP0vZQ4aLNK+kjjXlmRIjnQ=
Date: Wed, 26 Apr 2023 11:29:22 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

55.65.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.65.117.34.in-addr.arpa

IN PTR

Response

55.65.117.34.in-addr.arpa

IN PTR

556511734bcgoogleusercontentcom
DNS

81.203.211.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.203.211.34.in-addr.arpa

IN PTR

Response

81.203.211.34.in-addr.arpa

IN PTR

ec2-34-211-203-81 us-west-2compute amazonawscom
DNS

191.144.160.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

191.144.160.34.in-addr.arpa

IN PTR

Response

191.144.160.34.in-addr.arpa

IN PTR

19114416034bcgoogleusercontentcom
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f101e100net

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f106�I
DNS

stats.wpmucdn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.wpmucdn.com

IN A

Response

stats.wpmucdn.com

IN CNAME

wpmu-stats.b-cdn.net

wpmu-stats.b-cdn.net

IN A

103.180.115.13
GET

https://stats.wpmucdn.com/analytics.js

firefox.exe

Remote address:

103.180.115.13:443

Request

GET /analytics.js HTTP/2.0
host: stats.wpmucdn.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://yakutaconsulting.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Wed, 26 Apr 2023 11:29:27 GMT
content-type: application/javascript
vary: Accept-Encoding
server: BunnyCDN-CEN1-1045
cdn-pullzone: 1121147
cdn-uid: 778bbc1f-fc99-4e43-843d-a54ddaa69624
cdn-requestcountrycode: IN
vary: Accept-Encoding
cache-control: public, max-age=86400
etag: W/"620551e5-1131c"
last-modified: Thu, 10 Feb 2022 17:56:53 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 12/30/2022 23:31:01
cdn-edgestorageid: 1045
cdn-status: 200
cdn-requestid: 6321d4761bd3bbfb2f972e37bd5d7f07
cdn-cache: HIT
content-encoding: br
DNS

wpmu-stats.b-cdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

wpmu-stats.b-cdn.net

IN A

Response

wpmu-stats.b-cdn.net

IN A

103.180.115.13
DNS

wpmu-stats.b-cdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

wpmu-stats.b-cdn.net

IN AAAA

Response
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

13.115.180.103.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.115.180.103.in-addr.arpa

IN PTR

Response
DNS

stats1.wpmudev.com

firefox.exe

Remote address:

8.8.8.8:53

Request

stats1.wpmudev.com

IN A

Response

stats1.wpmudev.com

IN CNAME

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

IN A

3.19.40.173

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

IN A

3.18.76.176
DNS

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

firefox.exe

Remote address:

8.8.8.8:53

Request

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

IN A

Response

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

IN A

3.19.40.173

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

IN A

3.18.76.176
DNS

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

firefox.exe

Remote address:

8.8.8.8:53

Request

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

IN AAAA

Response
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:400e:80e::200e
DNS

joshpaschall.com

firefox.exe

Remote address:

8.8.8.8:53

Request

joshpaschall.com

IN A

Response

joshpaschall.com

IN A

141.193.213.21

joshpaschall.com

IN A

141.193.213.20
DNS

joshpaschall.com

firefox.exe

Remote address:

8.8.8.8:53

Request

joshpaschall.com

IN A

Response

joshpaschall.com

IN A

141.193.213.21

joshpaschall.com

IN A

141.193.213.20
GET

https://joshpaschall.com/wp-content/uploads/2022/07/josh-paschall-web-developer-designer.jpg

firefox.exe

Remote address:

141.193.213.21:443

Request

GET /wp-content/uploads/2022/07/josh-paschall-web-developer-designer.jpg HTTP/2.0
host: joshpaschall.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://yakutaconsulting.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 404

date: Wed, 26 Apr 2023 11:29:28 GMT
content-type: text/html
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept-Encoding
cf-cache-status: HIT
age: 155
server: cloudflare
cf-ray: 7bde7cf66f21b915-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

joshpaschall.com

firefox.exe

Remote address:

8.8.8.8:53

Request

joshpaschall.com

IN AAAA

Response
DNS

173.40.19.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.40.19.3.in-addr.arpa

IN PTR

Response

173.40.19.3.in-addr.arpa

IN PTR

ec2-3-19-40-173 us-east-2compute amazonawscom
DNS

21.213.193.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.213.193.141.in-addr.arpa

IN PTR

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

aus5.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
GET

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

firefox.exe

Remote address:

88.221.134.155:80

Request

GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 11 Apr 2023 02:04:26 GMT
ETag: 85430baed3398695717b0263807cf97c
Content-Length: 453023
Accept-Ranges: bytes
X-Timestamp: 1681178665.34700
Content-Type: application/zip
X-Trans-Id: tx4e2c4b994efc4d14abc43-0064361dbfdfw1
Cache-Control: public, max-age=31785
Expires: Wed, 26 Apr 2023 20:19:27 GMT
Date: Wed, 26 Apr 2023 11:29:42 GMT
Connection: keep-alive
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

155.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.134.221.88.in-addr.arpa

IN PTR

Response

155.134.221.88.in-addr.arpa

IN PTR

a88-221-134-155deploystaticakamaitechnologiescom
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

216.58.208.110
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

216.58.208.110
DNS

r4---sn-4g5ednld.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r4---sn-4g5ednld.gvt1.com

IN A

Response

r4---sn-4g5ednld.gvt1.com

IN CNAME

r4.sn-4g5ednld.gvt1.com

r4.sn-4g5ednld.gvt1.com

IN A

173.194.182.105
DNS

r4.sn-4g5ednld.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r4.sn-4g5ednld.gvt1.com

IN A

Response

r4.sn-4g5ednld.gvt1.com

IN A

173.194.182.105
DNS

r4.sn-4g5ednld.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r4.sn-4g5ednld.gvt1.com

IN AAAA

Response

r4.sn-4g5ednld.gvt1.com

IN AAAA

2a00:1450:4001:5d::9
DNS

105.182.194.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.182.194.173.in-addr.arpa

IN PTR

Response

105.182.194.173.in-addr.arpa

IN PTR

fra16s26-in-f91e100net
DNS

105.182.194.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.182.194.173.in-addr.arpa

IN PTR

Response

105.182.194.173.in-addr.arpa

IN PTR

fra16s26-in-f91e100net
DNS

110.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.208.58.216.in-addr.arpa

IN PTR

Response

110.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f141e100net

110.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f110�I
DNS

110.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.208.58.216.in-addr.arpa

IN PTR

Response

110.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f141e100net

110.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f110�I
DNS

firefox-settings-attachments.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-settings-attachments.cdn.mozilla.net

IN A

Response

firefox-settings-attachments.cdn.mozilla.net

IN CNAME

fennec-catalog-cdn.prod.mozaws.net

fennec-catalog-cdn.prod.mozaws.net

IN A

34.111.73.144
DNS

fennec-catalog-cdn.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

fennec-catalog-cdn.prod.mozaws.net

IN A

Response

fennec-catalog-cdn.prod.mozaws.net

IN A

34.111.73.144
DNS

fennec-catalog-cdn.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

fennec-catalog-cdn.prod.mozaws.net

IN AAAA

Response
DNS

144.73.111.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.73.111.34.in-addr.arpa

IN PTR

Response

144.73.111.34.in-addr.arpa

IN PTR

1447311134bcgoogleusercontentcom
DNS

45.8.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.8.109.52.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response

127.0.0.1:49735

firefox.exe
96.17.193.51:443

https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=2674e138-6799-4a9a-b6f1-35bb9cef0d01&ocid=windows-windowsShell-feeds&user=m-d4eafa4aa86940188882725c6e2ef215&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

tls, http2

2.6kB
11.1kB
21
20

HTTP Request

GET https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=2674e138-6799-4a9a-b6f1-35bb9cef0d01&ocid=windows-windowsShell-feeds&user=m-d4eafa4aa86940188882725c6e2ef215&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

HTTP Response

200
127.0.0.1:49742

firefox.exe
141.193.213.20:80

http://yakutaconsulting.com/

http

firefox.exe

820 B
969 B
10
10

HTTP Request

GET http://yakutaconsulting.com/

HTTP Response

301
34.117.237.239:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

1.7kB
7.4kB
14
15

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
34.120.5.221:443

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

tls, http2

firefox.exe

2.3kB
46.5kB
26
39

HTTP Request

GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30
35.241.9.150:443

firefox.settings.services.mozilla.com

tls

firefox.exe

14.9kB
1.2MB
192
984
141.193.213.20:443

https://yakutaconsulting.com/

tls, http2

firefox.exe

2.1kB
22.7kB
22
27

HTTP Request

GET https://yakutaconsulting.com/

HTTP Response

200
34.211.203.81:443

shavar.services.mozilla.com

tls

firefox.exe

2.2kB
4.1kB
10
9
34.117.65.55:443

https://push.services.mozilla.com/

tls, http

firefox.exe

1.9kB
6.1kB
11
12

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

2.4kB
29.7kB
24
44
35.241.9.150:443

firefox.settings.services.mozilla.com

tls, http2

firefox.exe

1.3kB
5.6kB
11
10
103.180.115.13:443

https://stats.wpmucdn.com/analytics.js

tls, http2

firefox.exe

1.8kB
32.7kB
17
31

HTTP Request

GET https://stats.wpmucdn.com/analytics.js

HTTP Response

200
3.19.40.173:443

stats1.wpmudev.com

tls

firefox.exe

1.9kB
6.6kB
12
17
141.193.213.21:443

https://joshpaschall.com/wp-content/uploads/2022/07/josh-paschall-web-developer-designer.jpg

tls, http2

firefox.exe

1.8kB
7.4kB
15
14

HTTP Request

GET https://joshpaschall.com/wp-content/uploads/2022/07/josh-paschall-web-developer-designer.jpg

HTTP Response

404
35.244.181.201:443

aus5.mozilla.org

tls

firefox.exe

1.4kB
5.5kB
11
13
88.221.134.155:80

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

http

firefox.exe

2.2kB
467.0kB
41
339

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

HTTP Response

200
216.58.208.110:443

redirector.gvt1.com

tls

firefox.exe

1.6kB
9.1kB
16
21
173.194.182.105:443

r4---sn-4g5ednld.gvt1.com

tls

firefox.exe

33.6kB
8.7MB
707
6230
52.152.108.96:443

260 B
5
20.189.173.12:443

322 B
7
34.111.73.144:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

378.7kB
3.6MB
3550
6404
34.111.73.144:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.1kB
5.4kB
12
11
34.111.73.144:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

985 B
5.4kB
10
11
34.111.73.144:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.1kB
6.0kB
13
12
34.111.73.144:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.0kB
5.5kB
11
12
34.111.73.144:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.0kB
5.4kB
11
10
8.238.20.126:80

138 B
3

8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

assets.msn.com

dns

60 B
278 B
1
1

DNS Request

assets.msn.com

DNS Response

96.17.193.51

96.17.193.56

96.17.193.60

96.17.193.59

96.17.193.50

96.17.193.5

96.17.193.61

96.17.193.49

96.17.193.4
8.8.8.8:53

51.193.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

51.193.17.96.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

yakutaconsulting.com

dns

firefox.exe

66 B
98 B
1
1

DNS Request

yakutaconsulting.com

DNS Response

141.193.213.20

141.193.213.21
8.8.8.8:53

yakutaconsulting.com

dns

firefox.exe

66 B
98 B
1
1

DNS Request

yakutaconsulting.com

DNS Response

141.193.213.21

141.193.213.20
8.8.8.8:53

yakutaconsulting.com

dns

firefox.exe

66 B
126 B
1
1

DNS Request

yakutaconsulting.com
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

getpocket.cdn.mozilla.net

dns

firefox.exe

71 B
174 B
1
1

DNS Request

getpocket.cdn.mozilla.net

DNS Response

34.120.5.221
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.120.5.221
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
110 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:524c::
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
99 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

35.241.9.150
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
99 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

35.241.9.150
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
167 B
1
1

DNS Request

firefox.settings.services.mozilla.com
8.8.8.8:53

20.213.193.141.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

20.213.193.141.in-addr.arpa
8.8.8.8:53

239.237.117.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

239.237.117.34.in-addr.arpa
8.8.8.8:53

221.5.120.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

221.5.120.34.in-addr.arpa
8.8.8.8:53

150.9.241.35.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

150.9.241.35.in-addr.arpa
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
205 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

34.211.203.81

54.149.234.21

35.160.145.179

34.215.121.165

54.148.4.3

54.189.57.246
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
164 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

34.215.121.165

54.189.57.246

54.148.4.3

54.149.234.21

35.160.145.179

34.211.203.81
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.117.65.55
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.117.65.55
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
141.193.213.20:443

yakutaconsulting.com

https

firefox.exe

28.2kB
1.1MB
139
972
8.8.8.8:53

55.65.117.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

55.65.117.34.in-addr.arpa
8.8.8.8:53

81.203.211.34.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

81.203.211.34.in-addr.arpa
8.8.8.8:53

191.144.160.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

191.144.160.34.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

stats.wpmucdn.com

dns

firefox.exe

63 B
113 B
1
1

DNS Request

stats.wpmucdn.com

DNS Response

103.180.115.13
8.8.8.8:53

wpmu-stats.b-cdn.net

dns

firefox.exe

66 B
82 B
1
1

DNS Request

wpmu-stats.b-cdn.net

DNS Response

103.180.115.13
8.8.8.8:53

wpmu-stats.b-cdn.net

dns

firefox.exe

66 B
66 B
1
1

DNS Request

wpmu-stats.b-cdn.net
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

13.115.180.103.in-addr.arpa

dns

73 B
161 B
1
1

DNS Request

13.115.180.103.in-addr.arpa
8.8.8.8:53

stats1.wpmudev.com

dns

firefox.exe

64 B
160 B
1
1

DNS Request

stats1.wpmudev.com

DNS Response

3.19.40.173

3.18.76.176
8.8.8.8:53

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

dns

firefox.exe

99 B
131 B
1
1

DNS Request

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

DNS Response

3.19.40.173

3.18.76.176
8.8.8.8:53

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

dns

firefox.exe

164 B
274 B
2
2

DNS Request

matomo-wpmudev-1288779782.us-east-2.elb.amazonaws.com

DNS Request

redirector.gvt1.com

DNS Response

2a00:1450:400e:80e::200e
8.8.8.8:53

joshpaschall.com

dns

firefox.exe

62 B
94 B
1
1

DNS Request

joshpaschall.com

DNS Response

141.193.213.21

141.193.213.20
8.8.8.8:53

joshpaschall.com

dns

firefox.exe

62 B
94 B
1
1

DNS Request

joshpaschall.com

DNS Response

141.193.213.21

141.193.213.20
8.8.8.8:53

joshpaschall.com

dns

firefox.exe

62 B
122 B
1
1

DNS Request

joshpaschall.com
141.193.213.21:443

joshpaschall.com

https

firefox.exe

3.2kB
8.6kB
7
13
8.8.8.8:53

173.40.19.3.in-addr.arpa

dns

70 B
131 B
1
1

DNS Request

173.40.19.3.in-addr.arpa
8.8.8.8:53

21.213.193.141.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

21.213.193.141.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

aus5.mozilla.org

dns

firefox.exe

62 B
180 B
1
1

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
175 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net
8.8.8.8:53

ciscobinary.openh264.org

dns

firefox.exe

70 B
286 B
1
1

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.155

88.221.134.209
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
99 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.155

88.221.134.209
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
123 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:869b

2a02:26f0:a1::58dd:86d1
8.8.8.8:53

201.181.244.35.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

201.181.244.35.in-addr.arpa
8.8.8.8:53

155.134.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

155.134.221.88.in-addr.arpa
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

216.58.208.110
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

216.58.208.110
216.58.208.110:443

redirector.gvt1.com

https

firefox.exe

2.1kB
10.9kB
10
12
8.8.8.8:53

r4---sn-4g5ednld.gvt1.com

dns

firefox.exe

71 B
116 B
1
1

DNS Request

r4---sn-4g5ednld.gvt1.com

DNS Response

173.194.182.105
8.8.8.8:53

r4.sn-4g5ednld.gvt1.com

dns

firefox.exe

69 B
85 B
1
1

DNS Request

r4.sn-4g5ednld.gvt1.com

DNS Response

173.194.182.105
8.8.8.8:53

r4.sn-4g5ednld.gvt1.com

dns

firefox.exe

69 B
97 B
1
1

DNS Request

r4.sn-4g5ednld.gvt1.com

DNS Response

2a00:1450:4001:5d::9
173.194.182.105:443

r4.sn-4g5ednld.gvt1.com

https

firefox.exe

1.8kB
6.5kB
5
8
8.8.8.8:53

105.182.194.173.in-addr.arpa

dns

148 B
224 B
2
2

DNS Request

105.182.194.173.in-addr.arpa

DNS Request

105.182.194.173.in-addr.arpa
8.8.8.8:53

110.208.58.216.in-addr.arpa

dns

146 B
286 B
2
2

DNS Request

110.208.58.216.in-addr.arpa

DNS Request

110.208.58.216.in-addr.arpa
8.8.8.8:53

firefox-settings-attachments.cdn.mozilla.net

dns

firefox.exe

90 B
151 B
1
1

DNS Request

firefox-settings-attachments.cdn.mozilla.net

DNS Response

34.111.73.144
8.8.8.8:53

fennec-catalog-cdn.prod.mozaws.net

dns

firefox.exe

80 B
96 B
1
1

DNS Request

fennec-catalog-cdn.prod.mozaws.net

DNS Response

34.111.73.144
8.8.8.8:53

fennec-catalog-cdn.prod.mozaws.net

dns

firefox.exe

80 B
165 B
1
1

DNS Request

fennec-catalog-cdn.prod.mozaws.net
8.8.8.8:53

144.73.111.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

144.73.111.34.in-addr.arpa
8.8.8.8:53

45.8.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

45.8.109.52.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
140KB

MD5
96412b8feed5de9ce8a582476dfce608

SHA1
ab0807e9a36eaba24a7145c93a924311e0b85e22

SHA256
40463dd3deab6a20e65ba5d35c82ab9eff1ef9b54a7ba0e614faa3f1fc4da705

SHA512
fc11cb1d968d3ca1de963f2f9362812a8a84bd135f54d95901562e51b1a3000d3ed35237066a1b79f15137e6ac736408540d1c649c86354272012a59966a273c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

Filesize
14KB

MD5
6dd37d045dd8f384125b23d32a895420

SHA1
817c337f3f9935916bbf4eba11f66c47f82ac952

SHA256
f6fbdbd062b26662e94876d4ac83950931ac99ea67e80410d6c9a247565191df

SHA512
ab6533e32bbdae482a608b7cfe24320fd96a2b997834c391d7f3cfeecf59aff482e6fcb898d8166c0bc2f33547ce7661caf83a3d84b5b908a4b29878f25f1810

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
d0701f4db874e0497c6873c8b61cb9fa

SHA1
2fbe0b3e77c08c46d2cb8a82b7678b48202cfa6f

SHA256
d74dd16fadd894dc15732fa590a2460ff1209f5a9fb4ee6d8e8bc694fe07ed52

SHA512
3d2dc3a25d96248d3ae97cb1a4fcd38bae49c43d18c82da7139b0528487c5673e8ec4a0f75ec15dbae859039a438792da8bf99a1a03ffda5b640268cebdf61b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
8KB

MD5
e87d189a73f1ea04b8dae699bd73cc8d

SHA1
4183b24a1751a3334b156512e6a0cb709b405d2e

SHA256
0a6f9ff4cde28aae2493c6f8b480839c6945fbc9fc283440ad50ea890f816201

SHA512
e969c9450ac57d6579ceb748e775ec5040ab6e7b539e3004baa224d5ce1ceb7f8037d98d5f0fff7853e4cda507433e78e7fba805bb98fb59534c5d778c4567cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
10KB

MD5
829c5922c4a84c17bd1cf8044bdf0954

SHA1
147edee42d72987f8c1b00a73554cf05f6bb3514

SHA256
c6909495da189fa91b8cf30de90da7d9d40be6feda05e934441420285adad93e

SHA512
f57368b8403df03ca143bc070926fdf64517bf5cc4ffaf60eab614b0b4a54848cc5c2ab6035b67567d7918e385353209210f631f766aedf7dabc013929f55f5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
3bee9a9c0135595424a3b743a4da5a64

SHA1
6a178a5d91c6bfca3eafb745770194a84e95e38e

SHA256
c757d10a1e220a5d113efe36761c58ee7a8e3c7815e93ab69cc4ca6712f333b0

SHA512
0dcd5368a79f75a16d7c940f68bdf14c97e46b5ab28887e679151b64fdeed48258cd2e3a304d16912add6e41a2677cfc159a458c8fb94ad7951024a66e6c5f2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js

Filesize
6KB

MD5
f73e52d124620d05267ba934f3b312d3

SHA1
34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

SHA256
fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

SHA512
4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ded0024bd41bc27506baa63ca38b04ba

SHA1
3167e4a1debf710d89389e4ff05659c83e39509d

SHA256
383c6f22de2d6d20ff757d2b4d565e79a8cf00501fbf3d73b73cb6efbfd951fe

SHA512
75fff2456f282194ebc65e04f5b06f9bc37b6478f347769468b73144cfa8561896b23ea4edaa630f31320e3e07f41fb51a09afdcf6ec55897d08d7b92530e853

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
45cbd8d2b2d8a708d0c7cb2f73dd00b6

SHA1
7f3712048c43b03b3b44749942a1bb54e0cf375a

SHA256
41b8e48f52ceeab9c6359f94a6e71cc9f7b912d34f3768e68c9d42592aa7ddd8

SHA512
69222616777476de48c83c8b7c1718b58252baa48fb593bc5de6fa27e31730250485a82fda94665f1aad0773fb0a0fe0bf95870f0f7f8ed45315066c05597c6c

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request