hxxps://lnks[.]gd/l/eyJhbGciOiJIUzI1NiJ9[.]eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vcHVibGljLmdvdmRlbGl2ZXJ5LmNvbS9hY2NvdW50cy9VU0RPVE5IVFNBL3N1YnNjcmliZXIvbmV3IiwiYnVsbGV0aW5faWQiOiIyMDI0MDEyNS44OTEzOTIxMSJ9[.]-g3v7A58IVR95FjuvbslzRW3JwsA4s3qVtWbB3rWku0/s/797982325/br/235999603562-l

Analysis

max time kernel
275s
max time network
271s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
25/01/2024, 20:06 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vcHVibGljLmdvdmRlbGl2ZXJ5LmNvbS9hY2NvdW50cy9VU0RPVE5IVFNBL3N1YnNjcmliZXIvbmV3IiwiYnVsbGV0aW5faWQiOiIyMDI0MDEyNS44OTEzOTIxMSJ9.-g3v7A58IVR95FjuvbslzRW3JwsA4s3qVtWbB3rWku0/s/797982325/br/235999603562-l

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	5032	firefox.exe
Token: SeDebugPrivilege	5032	firefox.exe
Token: SeDebugPrivilege	5032	firefox.exe
Token: SeDebugPrivilege	5032	firefox.exe
Token: SeDebugPrivilege	5032	firefox.exe
Token: SeDebugPrivilege	5032	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5032	firefox.exe
5032	firefox.exe
5032	firefox.exe
5032	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5032	firefox.exe
5032	firefox.exe
5032	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5032	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 3776 wrote to memory of 5032	3776	firefox.exe	18
PID 5032 wrote to memory of 3904	5032	firefox.exe	80
PID 5032 wrote to memory of 3904	5032	firefox.exe	80
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 1312	5032	firefox.exe	81
PID 5032 wrote to memory of 2212	5032	firefox.exe	82
PID 5032 wrote to memory of 2212	5032	firefox.exe	82
PID 5032 wrote to memory of 2212	5032	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vcHVibGljLmdvdmRlbGl2ZXJ5LmNvbS9hY2NvdW50cy9VU0RPVE5IVFNBL3N1YnNjcmliZXIvbmV3IiwiYnVsbGV0aW5faWQiOiIyMDI0MDEyNS44OTEzOTIxMSJ9.-g3v7A58IVR95FjuvbslzRW3JwsA4s3qVtWbB3rWku0/s/797982325/br/235999603562-l"
1⤵
- Suspicious use of WriteProcessMemory
PID:3776
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vcHVibGljLmdvdmRlbGl2ZXJ5LmNvbS9hY2NvdW50cy9VU0RPVE5IVFNBL3N1YnNjcmliZXIvbmV3IiwiYnVsbGV0aW5faWQiOiIyMDI0MDEyNS44OTEzOTIxMSJ9.-g3v7A58IVR95FjuvbslzRW3JwsA4s3qVtWbB3rWku0/s/797982325/br/235999603562-l
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5032.0.844257742\461896419" -parentBuildID 20221007134813 -prefsHandle 1788 -prefMapHandle 1776 -prefsLen 20669 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51fb9d40-8f56-429a-9d13-e14df9ec12fe} 5032 "\\.\pipe\gecko-crash-server-pipe.5032" 1880 2172e9f4b58 gpu
    3⤵
    PID:3904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5032.1.187221075\1569819523" -parentBuildID 20221007134813 -prefsHandle 2268 -prefMapHandle 2256 -prefsLen 21485 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e117ee76-4654-4fca-b353-32545239700d} 5032 "\\.\pipe\gecko-crash-server-pipe.5032" 2280 2172e130858 socket
    3⤵
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5032.2.1734202315\1493356837" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 2864 -prefsLen 21588 -prefMapSize 233414 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53514347-7287-4ad6-bbee-4f7ddc01ce2f} 5032 "\\.\pipe\gecko-crash-server-pipe.5032" 3132 217327c7258 tab
    3⤵
    PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5032.3.816484321\1506474539" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 25986 -prefMapSize 233414 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fdfb588-c6da-490a-87a4-41c052438764} 5032 "\\.\pipe\gecko-crash-server-pipe.5032" 3520 21722669058 tab
    3⤵
    PID:1700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5032.6.2086845977\1696682077" -childID 5 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26220 -prefMapSize 233414 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfd9f8bf-48ae-4206-9bd7-86920bead786} 5032 "\\.\pipe\gecko-crash-server-pipe.5032" 5288 217355f0e58 tab
    3⤵
    PID:2688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5032.5.1348808751\1714194608" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26220 -prefMapSize 233414 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a29db0f7-d964-4f80-99fe-8b800804170a} 5032 "\\.\pipe\gecko-crash-server-pipe.5032" 5092 217355f0858 tab
    3⤵
    PID:3108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5032.4.1416242822\1156925458" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4960 -prefsLen 26220 -prefMapSize 233414 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c387d4b-1135-4500-8bdb-b61560d1ad06} 5032 "\\.\pipe\gecko-crash-server-pipe.5032" 4976 2173282c058 tab
    3⤵
    PID:4300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5032.7.1184579968\1158871784" -childID 6 -isForBrowser -prefsHandle 3080 -prefMapHandle 2844 -prefsLen 26220 -prefMapSize 233414 -jsInitHandle 1028 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ad7719b-55ee-4681-ab43-01300a08373d} 5032 "\\.\pipe\gecko-crash-server-pipe.5032" 2856 21732845758 tab
    3⤵
    PID:2812

Network

DNS

lnks.gd

firefox.exe

Remote address:

8.8.8.8:53

Request

lnks.gd

IN A

Response

lnks.gd

IN A

209.134.144.229
DNS

lnks.gd

firefox.exe

Remote address:

8.8.8.8:53

Request

lnks.gd

IN A

Response

lnks.gd

IN A

209.134.144.229
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

229.144.134.209.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

229.144.134.209.in-addr.arpa

IN PTR

Response

229.144.134.209.in-addr.arpa

IN PTR

hyrulegovdeliverycom
DNS

tracking-protection.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN A

Response

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

e6276.dscf.akamaiedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

e6276.dscf.akamaiedge.net

IN A

Response

e6276.dscf.akamaiedge.net

IN A

104.84.65.154
DNS

e10218.dsca.akamaiedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

e10218.dsca.akamaiedge.net

IN AAAA

Response

e10218.dsca.akamaiedge.net

IN AAAA

2a02:26f0:e8:187::27ea

e10218.dsca.akamaiedge.net

IN AAAA

2a02:26f0:e8:1a4::27ea
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.243
DNS

201.181.244.35.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

r1.sn-4g5ednde.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-4g5ednde.gvt1.com

IN AAAA

Response

r1.sn-4g5ednde.gvt1.com

IN AAAA

2a00:1450:4001:17::6
DNS

self.events.data.microsoft.com

firefox.exe

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdwus00.westus.cloudapp.azure.com

onedscolprdwus00.westus.cloudapp.azure.com

IN A

20.189.173.1
DNS

ocsp.digicert.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

ocsp.digicert.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

175.128.216.34.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

175.128.216.34.in-addr.arpa

IN PTR

Response

175.128.216.34.in-addr.arpa

IN PTR

ec2-34-216-128-175 us-west-2compute amazonawscom
DNS

tracking-protection.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

content.govdelivery.com

firefox.exe

Remote address:

8.8.8.8:53

Request

content.govdelivery.com

IN A

Response

content.govdelivery.com

IN CNAME

content.govdelivery.com-v1.edgekey.net

content.govdelivery.com-v1.edgekey.net

IN CNAME

e6276.dscf.akamaiedge.net

e6276.dscf.akamaiedge.net

IN A

104.84.65.154
DNS

e10218.dsca.akamaiedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

e10218.dsca.akamaiedge.net

IN A

Response

e10218.dsca.akamaiedge.net

IN A

104.84.84.54
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.187.238
DNS

r1.sn-4g5ednde.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-4g5ednde.gvt1.com

IN A

Response

r1.sn-4g5ednde.gvt1.com

IN A

74.125.162.134
DNS

13.227.111.52.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

ctldl.windowsupdate.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

wu-bg-shim.trafficmanager.net

wu-bg-shim.trafficmanager.net

IN CNAME

wu.azureedge.net

wu.azureedge.net

IN CNAME

wu.ec.azureedge.net

wu.ec.azureedge.net

IN CNAME

bg.apr-52dd2-0503.edgecastdns.net

bg.apr-52dd2-0503.edgecastdns.net

IN CNAME

hlb.apr-52dd2-0.edgecastdns.net

hlb.apr-52dd2-0.edgecastdns.net

IN CNAME

cs11.wpc.v0cdn.net

cs11.wpc.v0cdn.net

IN A

93.184.221.240
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

lnks.gd

firefox.exe

Remote address:

8.8.8.8:53

Request

lnks.gd

IN AAAA

Response

lnks.gd

IN AAAA

2001:18c8:17f:fc75::d186:90e5
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

public.govdelivery.com

firefox.exe

Remote address:

8.8.8.8:53

Request

public.govdelivery.com

IN A

Response

public.govdelivery.com

IN A

209.134.144.21
DNS

tracking-protection.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

154.65.84.104.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

154.65.84.104.in-addr.arpa

IN PTR

Response

154.65.84.104.in-addr.arpa

IN PTR

a104-84-65-154deploystaticakamaitechnologiescom
DNS

aus5.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86f3

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:820::200e
DNS

134.162.125.74.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

134.162.125.74.in-addr.arpa

IN PTR

Response

134.162.125.74.in-addr.arpa

IN PTR

fra16s61-in-f61e100net
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

34.216.128.175

shavar.prod.mozaws.net

IN A

52.11.178.236

shavar.prod.mozaws.net

IN A

50.112.167.115
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

34.216.128.175

shavar.prod.mozaws.net

IN A

50.112.167.115

shavar.prod.mozaws.net

IN A

52.11.178.236
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

public.govdelivery.com

firefox.exe

Remote address:

8.8.8.8:53

Request

public.govdelivery.com

IN A

Response

public.govdelivery.com

IN A

209.134.144.21
DNS

tracking-protection.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
DNS

e6276.dscf.akamaiedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

e6276.dscf.akamaiedge.net

IN AAAA

Response

e6276.dscf.akamaiedge.net

IN AAAA

2a02:26f0:fd00:109d::1884

e6276.dscf.akamaiedge.net

IN AAAA

2a02:26f0:fd00:10aa::1884
DNS

54.84.84.104.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

54.84.84.104.in-addr.arpa

IN PTR

Response

54.84.84.104.in-addr.arpa

IN PTR

a104-84-84-54deploystaticakamaitechnologiescom
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.243
DNS

155.134.221.88.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

155.134.221.88.in-addr.arpa

IN PTR

Response

155.134.221.88.in-addr.arpa

IN PTR

a88-221-134-155deploystaticakamaitechnologiescom
DNS

238.187.250.142.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.237.239:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

public.govdelivery.com

firefox.exe

Remote address:

8.8.8.8:53

Request

public.govdelivery.com

IN AAAA

Response

public.govdelivery.com

IN AAAA

2001:18c8:17f:fc75:20:1:1:2
DNS

21.144.134.209.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

21.144.134.209.in-addr.arpa

IN PTR

Response

21.144.134.209.in-addr.arpa

IN PTR

public-dc2govdeliverycom

21.144.134.209.in-addr.arpa

IN PTR

public�D

21.144.134.209.in-addr.arpa

IN PTR

service�D
DNS

www.nhtsa.gov

firefox.exe

Remote address:

8.8.8.8:53

Request

www.nhtsa.gov

IN A

Response

www.nhtsa.gov

IN CNAME

www.nhtsa.gov.edgekey.net

www.nhtsa.gov.edgekey.net

IN CNAME

e10218.dsca.akamaiedge.net

e10218.dsca.akamaiedge.net

IN A

104.84.84.54
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.187.238
DNS

r1---sn-4g5ednde.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1---sn-4g5ednde.gvt1.com

IN A

Response

r1---sn-4g5ednde.gvt1.com

IN CNAME

r1.sn-4g5ednde.gvt1.com

r1.sn-4g5ednde.gvt1.com

IN A

74.125.162.134
DNS

nexusrules.officeapps.live.com

firefox.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.227.13
DNS

1.173.189.20.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

1.173.189.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

firefox.exe

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-modified-since: Fri, 25 Mar 2022 17:45:46 GMT
if-none-match: "1648230346554"
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Backoff, Content-Type, Content-Length
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Thu, 25 Jan 2024 20:03:38 GMT
age: 188
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=partitioning-exempt-urls&bucket=main&_expected=0

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/monitor/collections/changes/changeset?collection=partitioning-exempt-urls&bucket=main&_expected=0 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Backoff, Content-Type, Content-Length
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Thu, 25 Jan 2024 20:03:38 GMT
age: 188
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Backoff, Content-Type, Content-Length
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Thu, 25 Jan 2024 20:03:38 GMT
age: 188
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221706208810251%22

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Backoff, Content-Type, Content-Length
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Thu, 25 Jan 2024 20:03:38 GMT
age: 188
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json

Request

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221706208810251%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Backoff, Content-Type, Content-Length
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Thu, 25 Jan 2024 20:03:38 GMT
age: 188
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Backoff, Content-Type, Content-Length
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Thu, 25 Jan 2024 20:03:38 GMT
age: 188
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 2376
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Retry-After, Alert, Content-Length
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Thu, 25 Jan 2024 19:16:26 GMT
age: 3020
last-modified: Fri, 19 Jan 2024 00:00:05 GMT
content-type: application/json
last-modified: Thu, 25 Jan 2024 18:53:30 GMT
content-type: application/json
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.107.243.93:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UvyLsleD79x86vpK6ROwEw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

sec-websocket-accept: 6jof0GWCHU6x+RB1z8nidPWQt+A=
date: Thu, 25 Jan 2024 20:06:44 GMT
Via: 1.1 google
Upgrade: websocket
Connection: Upgrade
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tracking-protection.cdn.mozilla.net/ads-track-digest256/105.0/1684443982

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /ads-track-digest256/105.0/1684443982 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/social-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /analytics-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/content-track-digest256/105.0/1684443982

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /content-track-digest256/105.0/1684443982 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/105.0/1684443982

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /mozstd-trackwhite-digest256/105.0/1684443982 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /google-trackwhite-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /base-fingerprinting-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /base-cryptomining-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-tracking-protection-facebook-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-tracking-protection-linkedin-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-tracking-protection-twitter-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /base-email-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://www.nhtsa.gov/favicon.ico

firefox.exe

Remote address:

104.84.84.54:443

Request

GET /favicon.ico HTTP/2.0
host: www.nhtsa.gov
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://public.govdelivery.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
content-type: image/x-icon
x-content-type-options: nosniff
last-modified: Sat, 06 May 2023 14:24:58 GMT
cache-control: max-age=1209600
expires: Thu, 08 Feb 2024 12:02:30 GMT
x-request-id: v-9dc81104-bb79-11ee-8618-7368d5e96fae
x-ah-environment: prod
x-cache-hits: 1
x-age: 0
accept-ranges: bytes
content-encoding: gzip
content-length: 637
date: Thu, 25 Jan 2024 20:06:48 GMT
vary: Accept-Encoding
set-cookie: akamai_tls_version=tls1.3; path=/
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /content-email-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

firefox.exe

Remote address:

88.221.134.155:80

Request

GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 Nov 2023 07:38:17 GMT
ETag: 85430baed3398695717b0263807cf97c
Content-Length: 453023
Accept-Ranges: bytes
X-Timestamp: 1700120296.01123
Content-Type: application/zip
X-Trans-Id: tx83dabe2b359f4df0880f4-00655605b9dfw1
Cache-Control: public, max-age=92553
Expires: Fri, 26 Jan 2024 21:50:12 GMT
Date: Thu, 25 Jan 2024 20:07:39 GMT
Connection: keep-alive

127.0.0.1:49746

firefox.exe
209.134.144.229:443

lnks.gd

tls

firefox.exe

2.0kB
6.3kB
12
14
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

2.6kB
18.0kB
27
33
34.216.128.175:443

shavar.services.mozilla.com

tls

firefox.exe

2.0kB
5.8kB
10
11
34.117.237.239:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

2.0kB
8.0kB
19
21

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221706208810251%22

tls, http2

firefox.exe

3.4kB
35.7kB
37
49

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=partitioning-exempt-urls&bucket=main&_expected=0

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221706208810251%22
34.107.243.93:443

https://push.services.mozilla.com/

tls, http

firefox.exe

1.9kB
6.0kB
10
12

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
209.134.144.21:443

public.govdelivery.com

tls

firefox.exe

3.2kB
68.0kB
32
80
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/ads-track-digest256/105.0/1684443982

tls, http2

firefox.exe

2.2kB
64.8kB
23
56

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/ads-track-digest256/105.0/1684443982
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
3.8kB
14
12

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-track-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/105.0/1663274228

tls, http2

firefox.exe

2.0kB
12.0kB
17
17

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/content-track-digest256/105.0/1684443982

tls, http2

firefox.exe

1.8kB
17.8kB
13
20

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/content-track-digest256/105.0/1684443982
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/105.0/1684443982

tls, http2

firefox.exe

5.1kB
348.1kB
84
257

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/105.0/1684443982
104.84.65.154:443

content.govdelivery.com

tls

firefox.exe

1.1kB
4.5kB
10
10
104.84.65.154:443

content.govdelivery.com

tls

firefox.exe

2.7kB
41.9kB
33
49
104.84.65.154:443

content.govdelivery.com

tls

firefox.exe

6.4kB
231.2kB
109
185
104.84.65.154:443

content.govdelivery.com

tls

firefox.exe

11.7kB
381.9kB
206
295
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

firefox.exe

978 B
5.3kB
10
10
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/105.0/1663274228

tls, http2

firefox.exe

22.5kB
1.5MB
398
1108

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.8kB
5.4kB
12
15

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.8kB
4.0kB
12
12

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/105.0/1663274228
104.84.65.154:443

content.govdelivery.com

tls

firefox.exe

3.1kB
89.1kB
41
83
104.84.65.154:443

content.govdelivery.com

tls

firefox.exe

2.3kB
25.6kB
23
38
104.84.65.154:443

content.govdelivery.com

tls

firefox.exe

2.4kB
25.8kB
24
37
104.84.65.154:443

content.govdelivery.com

tls

firefox.exe

2.4kB
25.9kB
24
37
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/105.0/1663274228

tls, http2

firefox.exe

1.8kB
2.1kB
12
10

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/105.0/1663274228

tls, http2

firefox.exe

1.8kB
1.8kB
12
10

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/105.0/1663274228
127.0.0.1:49753

firefox.exe
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/105.0/1663274228

tls, http2

firefox.exe

2.0kB
1.9kB
16
11

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/105.0/1663274228

tls, http2

firefox.exe

2.1kB
9.0kB
18
17

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/105.0/1663274228
104.84.84.54:443

https://www.nhtsa.gov/favicon.ico

tls, http2

firefox.exe

2.1kB
8.2kB
20
26

HTTP Request

GET https://www.nhtsa.gov/favicon.ico

HTTP Response

200
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
7.8kB
13
14

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/105.0/1663274228
35.244.181.201:443

aus5.mozilla.org

tls

firefox.exe

1.9kB
5.8kB
20
20
88.221.134.155:80

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

http

firefox.exe

8.5kB
467.5kB
178
349

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

HTTP Response

200
142.250.187.238:443

redirector.gvt1.com

tls

firefox.exe

1.6kB
9.0kB
16
21
74.125.162.134:443

r1---sn-4g5ednde.gvt1.com

tls

firefox.exe

35.0kB
2.0MB
672
1486
52.111.229.19:443

322 B
7

8.8.8.8:53

lnks.gd

dns

firefox.exe

1.1kB
1.8kB
15
14

DNS Request

lnks.gd

DNS Response

209.134.144.229

DNS Request

lnks.gd

DNS Response

209.134.144.229

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::

DNS Request

shavar.prod.mozaws.net

DNS Request

229.144.134.209.in-addr.arpa

DNS Request

tracking-protection.prod.mozaws.net

DNS Response

34.120.158.37

DNS Request

e6276.dscf.akamaiedge.net

DNS Response

104.84.65.154

DNS Request

e10218.dsca.akamaiedge.net

DNS Response

2a02:26f0:e8:187::27ea

2a02:26f0:e8:1a4::27ea

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.155

88.221.134.243

DNS Request

201.181.244.35.in-addr.arpa

DNS Request

r1.sn-4g5ednde.gvt1.com

DNS Response

2a00:1450:4001:17::6

DNS Request

self.events.data.microsoft.com

DNS Response

20.189.173.1

DNS Request

ocsp.digicert.com

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

891 B
1.7kB
12
12

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

175.128.216.34.in-addr.arpa

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37

DNS Request

content.govdelivery.com

DNS Response

104.84.65.154

DNS Request

e10218.dsca.akamaiedge.net

DNS Response

104.84.84.54

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

redirector.gvt1.com

DNS Response

142.250.187.238

DNS Request

r1.sn-4g5ednde.gvt1.com

DNS Response

74.125.162.134

DNS Request

13.227.111.52.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

93.184.221.240
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

766 B
1.4kB
11
11

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191

DNS Request

lnks.gd

DNS Response

2001:18c8:17f:fc75::d186:90e5

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93

DNS Request

public.govdelivery.com

DNS Response

209.134.144.21

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37

DNS Request

154.65.84.104.in-addr.arpa

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:86f3

2a02:26f0:a1::58dd:869b

DNS Request

redirector.gvt1.com

DNS Response

2a00:1450:4009:820::200e

DNS Request

134.162.125.74.in-addr.arpa
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

720 B
1.3kB
10
10

DNS Request

shavar.services.mozilla.com

DNS Response

34.216.128.175

52.11.178.236

50.112.167.115

DNS Request

shavar.prod.mozaws.net

DNS Response

34.216.128.175

50.112.167.115

52.11.178.236

DNS Request

contile.services.mozilla.com

DNS Request

public.govdelivery.com

DNS Response

209.134.144.21

DNS Request

tracking-protection.prod.mozaws.net

DNS Request

e6276.dscf.akamaiedge.net

DNS Response

2a02:26f0:fd00:109d::1884

2a02:26f0:fd00:10aa::1884

DNS Request

54.84.84.104.in-addr.arpa

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.155

88.221.134.243

DNS Request

155.134.221.88.in-addr.arpa

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

1.0kB
1.6kB
14
12

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209

DNS Request

autopush.prod.mozaws.net

DNS Request

public.govdelivery.com

DNS Response

2001:18c8:17f:fc75:20:1:1:2

DNS Request

21.144.134.209.in-addr.arpa

DNS Request

www.nhtsa.gov

DNS Response

104.84.84.54

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201

DNS Request

redirector.gvt1.com

DNS Response

142.250.187.238

DNS Request

r1---sn-4g5ednde.gvt1.com

DNS Response

74.125.162.134

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.227.13

DNS Request

1.173.189.20.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa
142.250.187.238:443

redirector.gvt1.com

https

firefox.exe

3.4kB
9.5kB
10
10
74.125.162.134:443

r1---sn-4g5ednde.gvt1.com

https

firefox.exe

1.8kB
6.5kB
5
7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
327KB

MD5
9dcf518a7101ec5a6c7f353fa5462a76

SHA1
a46a56984fba9203741ca37d17c8b1f5d255ed8b

SHA256
97a97dcd526b5af95f05087bc25f7c432e0a49adf8e2bf7c8a6f60ee946a7ffa

SHA512
341ea03d1dabe6d7e38c135197a9924c2f30643e08e59c97788cfea6eb473d6cbac15f2ba10778e7e5938fc072e1974653aa86f037bafa0733eea13e9f73d5b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
caa896f653b535bbb2453aabb2521a6d

SHA1
4f7043140b7df1216db3fe552f4891412f9ba347

SHA256
a59b1a69ba4c39dc8308eb36bfb36f544f8845aef32b30f24f0d9c2e05b5aabb

SHA512
9a7e6aff36e7ce9f715e838301accb8384fb887e348204bcbe303016c8aae7855992f975f268e9ba06be25435a31129907046270b8fd8c0b425b6a526c91ab7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\bookmarkbackups\bookmarks-2024-01-25_11_89l--Wt1R2LXEc2xdxrIng==.jsonlz4

Filesize
939B

MD5
dca540197238ae500d11737a3d6db09d

SHA1
1428be3d7d152c781a4deff78ae8c1a5f498fb74

SHA256
12c3b71dcd23eb2b0fd6be28a568e22ef989de13924bda6861852648c0dec6b2

SHA512
b0e8341bc9a7f5c44fd0edbcca48a194c9730134fffbbc62cca7a08e40e33acab953a031628fbb570fa1e60b8e10a1fb4ba75eea4c87943c045ca2d647bbdbed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
9a9171dc8cd9e32ccc96fb350016f413

SHA1
547e0067b9c4aaf5f2d2336e0966071e3b987ac2

SHA256
503c6f118e1875465aa4ff7cc099a11d5287d432ff5e94dfe0865b381867281f

SHA512
c8889fe7a31764dff2d5ebbaa5f7e5b81c85d2aa65308d14ee1bfd2f3bea1a32d08d6f9a88f0885d98cd49bc16484f68ed8f24605d7ba747884e0a1ed12dd576

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\datareporting\glean\pending_pings\12bdd30e-a588-4869-8756-4d3b445f2d5c

Filesize
746B

MD5
ad7d39e3ab58acc9d43e60cc4e110b50

SHA1
c5c3d8ffe80c226523200cc7cddbdf947352c2ab

SHA256
e4a5d64d2223d8a3912aca9d00124f8ddeef9d982a9aa13323609509b552f1ac

SHA512
13c3d2da8fbe8c832794fac40c70b04dad4d6d5ac2c9b13e1b8d424b180995eabcb0789d4c26eb5bb80a12515a31a282a6a99c4bc3752f2888594ff73d7e3519

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\datareporting\glean\pending_pings\4e632e2d-a102-424d-b89a-7425d62ff1d3

Filesize
10KB

MD5
035aaa7ac14a883778b4e742a9654dd7

SHA1
1d8d818027cd0a4546373eba8d3b086091fa0cb4

SHA256
b432aae1001452fc3f70cff0e132b5fbb2f0cd9c6092232b567ac4d5d0dcdeee

SHA512
d4d7be70b34e8c2eea71ebdb07837ed5b496416a1a453630c0c9056b53943770ccd29a8590f2ee4401196fd95f963de159df0ba6981e1c82fb7380333e01d59b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
353KB

MD5
3fe4376a8b4cd1f96240e9f8471a1f07

SHA1
82d3ff03409c9a1bbdcd07f59d7a93e9e22292d1

SHA256
e4f79b5fa37f45e476e601801783731954e0f0ab82917ebbdfde87e615e5a799

SHA512
bcb22602415cdcafb058e3e298a4b08c9da1f7309de9c14b1d75baf13a96902a35a3644dcd7b54d0fcfa32b658ecf1f82e3de02b8b040fba5ad00b7a4286b7b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\prefs-1.js

Filesize
7KB

MD5
f6dcdf21e007712c7bed61d77c44a72f

SHA1
b05cbf81883b09e6f4afe32a63cecf444ea6393f

SHA256
15f5c54b56a14e5372a8086998f5b87d6858e26e11fe5892bf057b92a67854e5

SHA512
0aedc8bcad952ed93dab3a997f1155948046b5c39150b19cef2b15c96a1746932daab6392e20cf38e213aca3b3d734f335eab187a635f284a95ba826bffe3120

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\prefs-1.js

Filesize
7KB

MD5
9c49663ea871bc9c5dbb9cd64b32f97a

SHA1
675a9bb452f5471c9d1c83ee221d5635a0214866

SHA256
314d04eb437421644af409fc9df04cb855527cba2f8ad2834234a485d5e67521

SHA512
b5e1aacc3fd15a8e6501d70307712bc2aa1a0067840f5c0817e94907d61841f95c0f9783ff77aaab9644967e1194a555097460beca0ed9f57cd1622ba8cb1f74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\prefs-1.js

Filesize
6KB

MD5
34f5be32c638778bc535ec9363107890

SHA1
fe2070a35075163d3846cf0e2cab443b4b15f644

SHA256
6279fa43c03114f00c55265150d7289d50e8bd9d8a371e726198540ddcc1ed21

SHA512
abccb432e604738bed8260d8c7a7edbb84eec1d1a241da54223293702fa43ccaefafd374bfdafd3d2e7df37616fb923c37e1f4b9cd4192c3798bcbc72816135a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\prefs.js

Filesize
5KB

MD5
56b3bd9fd7062fd69ef21b483a3bb0e2

SHA1
6f6f04bb2b993b5e912fe97aee62923dc9c6f213

SHA256
5ffb99500c1978969ec7b2ea29a9339f2165148e99cfd9eb192a59760f017633

SHA512
8d9f58e9d9bd4ea5edf5193311414f840b0f4ed502535741371dab7a008c6f0073a34375e718abfb4711f877c31786b0d5659ed663ff2e9b463e77c21dafde36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\prefs.js

Filesize
6KB

MD5
8ec454323f588c9a6479bf06c58a309e

SHA1
637c52ecf4408d64f2d780929049b5696087c112

SHA256
23fbe8b4078eebc668c57b86f9212a25518ca9865c683de32ee66627b2b9634d

SHA512
2b7bbbacab6e6015ea57123166ac6c17406d90a5b6f78ee58b75eb68c670fbf793a7e2e26fc7e329586ab406f1904335b4ce78c86612d1895f8f00f65323f1ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a5db672d0d294c2a48fd42997c1f25d0

SHA1
4052efc1744d92d1b51d99a99d4c32234fbb82d3

SHA256
58e8fb7a2efede4d3f4a37f0ad601ea1cd7c5de61cf4ea4d3b9464eeb1be88ef

SHA512
bc4c71b3d8f4d01a7b2fe5190e942bf11642c2a9e4b38cc2eb4ea23e61cc30f89017c7961d56cbd880af3921522c5886ecc04aff5c2504bac126dff72dd71a71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
efd466bad684fbdedff73846e4e04bf6

SHA1
97115525482f0c33c319a3c867bd90f4063526b5

SHA256
719ed9840c7a7a723f37d1f3278e09efb42f0a45e9769252c7b14186133fe1ca

SHA512
60c94e9a85abb5bc88004dca6004400636ca51bc040c06a8cba345b928a5bf005e202ade4d8e5661a4acd5fcf01c2c79cd13c2add610d76bb410ab5f634c549b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1f7a918b2fe0cd3c01893e9d30e5480d

SHA1
4d1ba5c5b3c5e426a63c70db3bd0cc92eb464f8c

SHA256
e72523a435b3cf1daae76dc7a6796ae010efc4e66543f4cef461ac3cba610b2c

SHA512
bd0b5d7f8a7452b0fdd0367d4a59af827982bd071f8ad537ad30760ca5e43d03f90c6b478469dde101eb89a1787b99ed005a07d9ec51c829dac00e6ad9051df7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
60267c05eb88b782ce451419ae479b77

SHA1
da32791af5adcd59580307e4fa8279871bb09334

SHA256
201cf90dc47c826bbf0a2e8ca14a760ecac5a2329d6fc83bb122ce21e527106e

SHA512
71b68fc685433bc6e6bddda0740b591c69a65bd5176b3833fdd3179a3b8cb030964a44d24feec01a967e079c1cce188edc9c030f21e1350c407edf526ec021b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4uf7yb.default-release\targeting.snapshot.json

Filesize
3KB

MD5
74f5f7eac2bf952e0e313529500ab288

SHA1
5ea0bb054b4442dfc18457f13ea31b2e96fceec1

SHA256
f9f7bcf492b89678dc77d3c96465deb4f885fa50d25761eac566b78df60b50f6

SHA512
74060da80dbd2d7889f819f4c2c2f27cb0d3c146ac8faa0bfc09dc56d8af582439a16706822ad0685ac3e389ad8ec8c5b05c492316f5c4b584c362551fc79676

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request