asyncrat | 0ccce65290f211bd6c32d4b62267149387be9061a66aaf895e605f44c11501d3

Analysis

max time kernel
304s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 16:06 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox Gen V1.2.7z
Size

18KB
MD5

d2cb69e5d03e5870167a06d93329abd7
SHA1

2a424c8a83089cba8df5122656756409463b0a1b
SHA256

0ccce65290f211bd6c32d4b62267149387be9061a66aaf895e605f44c11501d3
SHA512

089e92ec5d9249fd856f1380c0578cebed9a7d1b78bc371674ad101ff7e8844322a6453b495fd4a7d403451ede7da65bbd734484c4dfcdeb9c01fd5103889e56
SSDEEP

384:R4nVGxinkoNU8khuMwDYZQLUCROQAtO0PrsIuaAcLU+ZoGwjVU:RWVGckhhuMfZQLD/Ao0luaAQUly

Score

10^/10

asyncrat default discovery persistence privilege_escalation rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

PcgXxmrsqCMH

Attributes

delay
3
install
true
install_file
regergerg.exe
install_folder
%AppData%

aes.plain

1
WoSowGWE5psLSg8TQ9toEV4k8iNwPFu6

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	Roblox Gen V1.2.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 5 IoCs

pid	Process
5264	7z2407-x64.exe
5768	7zFM.exe
3944	7zFM.exe
2740	Roblox Gen V1.2.exe
2484	regergerg.exe

Loads dropped DLL 5 IoCs

pid	Process
3372	Process not Found
3372	Process not Found
3372	Process not Found
3944	7zFM.exe
3372	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2407-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
1040	timeout.exe

Modifies registry class 30 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Roblox Gen V1.2(1).7z:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier	firefox.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4244	schtasks.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe
2740	Roblox Gen V1.2.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
3340	OpenWith.exe
5668	OpenWith.exe
116	OpenWith.exe
2964	OpenWith.exe
5536	OpenWith.exe
3944	7zFM.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeDebugPrivilege	2024	firefox.exe
Token: SeDebugPrivilege	2024	firefox.exe
Token: SeDebugPrivilege	2024	firefox.exe
Token: SeDebugPrivilege	5264	7z2407-x64.exe
Token: SeDebugPrivilege	5264	7z2407-x64.exe
Token: SeDebugPrivilege	5264	7z2407-x64.exe
Token: SeDebugPrivilege	5264	7z2407-x64.exe
Token: SeDebugPrivilege	5264	7z2407-x64.exe
Token: SeDebugPrivilege	2024	firefox.exe
Token: SeDebugPrivilege	2024	firefox.exe
Token: SeDebugPrivilege	2024	firefox.exe
Token: SeRestorePrivilege	5768	7zFM.exe
Token: 35	5768	7zFM.exe
Token: SeDebugPrivilege	3984	firefox.exe
Token: SeDebugPrivilege	3984	firefox.exe
Token: SeDebugPrivilege	4296	firefox.exe
Token: SeDebugPrivilege	4296	firefox.exe
Token: SeDebugPrivilege	4296	firefox.exe
Token: SeRestorePrivilege	3944	7zFM.exe
Token: 35	3944	7zFM.exe
Token: SeSecurityPrivilege	3944	7zFM.exe
Token: SeDebugPrivilege	2740	Roblox Gen V1.2.exe
Token: SeDebugPrivilege	2484	regergerg.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
3944	7zFM.exe
3944	7zFM.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
3340	OpenWith.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
5264	7z2407-x64.exe
2024	firefox.exe
2024	firefox.exe
2024	firefox.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
5668	OpenWith.exe
116	OpenWith.exe
3984	firefox.exe
4340	OpenWith.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
2964	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 3916	3340	OpenWith.exe	89
PID 3340 wrote to memory of 3916	3340	OpenWith.exe	89
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 3916 wrote to memory of 2024	3916	firefox.exe	91
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 4452	2024	firefox.exe	92
PID 2024 wrote to memory of 3940	2024	firefox.exe	93
PID 2024 wrote to memory of 3940	2024	firefox.exe	93
PID 2024 wrote to memory of 3940	2024	firefox.exe	93
PID 2024 wrote to memory of 3940	2024	firefox.exe	93
PID 2024 wrote to memory of 3940	2024	firefox.exe	93
PID 2024 wrote to memory of 3940	2024	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Roblox Gen V1.2.7z"
1⤵
- Modifies registry class
PID:3448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3340
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Roblox Gen V1.2.7z"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Roblox Gen V1.2.7z"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2024
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e49e76c-4453-4709-8f4f-58cb1ca23fbb} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" gpu
      4⤵
      PID:4452
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2328 -prefMapHandle 2288 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42c08b2e-af3c-4e7d-bc7f-c418c7c06ab9} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" socket
      4⤵
      Checks processor information in registry
      PID:3940
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3356 -prefMapHandle 3060 -prefsLen 26816 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dab7b2a0-3c11-41b9-a159-f35cafb73959} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" tab
      4⤵
      PID:2244
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4208 -childID 2 -isForBrowser -prefsHandle 1228 -prefMapHandle 876 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be5a549e-5e63-461a-89b0-816a6c4e7c88} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" tab
      4⤵
      PID:3912
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5012 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5016 -prefMapHandle 4980 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0f89606-5657-47ab-9cd4-9734f6f115a1} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" utility
      4⤵
      Checks processor information in registry
      PID:3144
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 3 -isForBrowser -prefsHandle 5412 -prefMapHandle 5028 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a9efea1-df6e-4313-a5a1-bc3b726a22e9} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" tab
      4⤵
      PID:5368
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 4 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f0bd93f-6acc-4e37-8a58-9dc07795a7a5} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" tab
      4⤵
      PID:5380
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 5 -isForBrowser -prefsHandle 5764 -prefMapHandle 5768 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2305751f-fcf5-4437-9ebe-9fdee52bcae5} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" tab
      4⤵
      PID:5392
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2788 -childID 6 -isForBrowser -prefsHandle 2964 -prefMapHandle 3352 -prefsLen 29318 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1257e923-1f85-4d45-a125-4d155543dad2} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" tab
      4⤵
      PID:5920
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6572 -childID 7 -isForBrowser -prefsHandle 6596 -prefMapHandle 6580 -prefsLen 27251 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8e8cf9c-167f-4ef1-b7e2-0c3dd7f4f27d} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" tab
      4⤵
      PID:4252
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 8 -isForBrowser -prefsHandle 5420 -prefMapHandle 5428 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e26c864-23f3-4237-b5ea-19fbe9a330ea} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" tab
      4⤵
      PID:1464
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4416 -childID 9 -isForBrowser -prefsHandle 5692 -prefMapHandle 5708 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b58c46f5-f887-4028-a58e-3d44d462aed7} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" tab
      4⤵
      PID:1108
  - - C:\Users\Admin\Downloads\7z2407-x64.exe
      "C:\Users\Admin\Downloads\7z2407-x64.exe"
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:5264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5668

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5680
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 24856 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e5dcfb2-72e6-4280-a8c8-d90396b2414b} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" gpu
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2316 -parentBuildID 20240401114208 -prefsHandle 2308 -prefMapHandle 2296 -prefsLen 24856 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {334f3681-2ab8-4056-b3b4-d973339b0af0} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" socket
    3⤵
    - Checks processor information in registry
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 3376 -prefsLen 25355 -prefMapSize 245077 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63509088-5c97-4738-9a3e-3e7191caa2a2} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:5912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4012 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3992 -prefsLen 30588 -prefMapSize 245077 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61a8aa21-431e-4319-ae17-0856e1127cff} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:4384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4876 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 30642 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {739f9611-b7df-4719-8a05-df9649b4e165} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" utility
    3⤵
    - Checks processor information in registry
    PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5192 -childID 3 -isForBrowser -prefsHandle 3968 -prefMapHandle 5196 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1806a0a-7ea9-47d3-8317-8d416388742b} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:3652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 4 -isForBrowser -prefsHandle 5432 -prefMapHandle 5428 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {098f30e5-e710-427f-a989-a7a6ac747388} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 5 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f713121d-0dfb-4cac-b68d-189fb42c9338} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab
    3⤵
    PID:1128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3356
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1844 -prefsLen 24856 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d8a8054-f4ac-4ec6-87a7-4ad7b6ad3e92} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" gpu
    3⤵
    PID:1664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20240401114208 -prefsHandle 2268 -prefMapHandle 2264 -prefsLen 24856 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14290fd1-5c48-4a3a-8bbc-72eaebe8e613} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" socket
    3⤵
    - Checks processor information in registry
    PID:4064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3260 -prefsLen 25355 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {132fa0a2-fc95-4870-b51f-680ff2c2422c} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3308 -prefsLen 30588 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20b26218-e719-423f-87c6-9f44d198c906} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4800 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4424 -prefsLen 30642 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cd05dc0-626b-436c-86da-d6c1a91f4e28} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" utility
    3⤵
    - Checks processor information in registry
    PID:3428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5256 -prefMapHandle 5216 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79d5f964-1732-47c0-bdb6-d0f2ef116b85} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:3420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07b7a158-dac0-40f5-8875-f0d0d6d12507} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:3564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 5 -isForBrowser -prefsHandle 5596 -prefMapHandle 5600 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe1c4676-7758-426a-86b4-16282a48e035} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5932 -childID 6 -isForBrowser -prefsHandle 5920 -prefMapHandle 5928 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28590c1b-c0cb-44e8-bdf4-bb3f259e7df2} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:4036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 7 -isForBrowser -prefsHandle 5316 -prefMapHandle 5304 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e544517-2aff-4d19-97bf-58c41832728e} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:1712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6352 -childID 8 -isForBrowser -prefsHandle 6360 -prefMapHandle 6308 -prefsLen 27974 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e1264da-55b3-4ded-b128-26d305a8417a} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -childID 9 -isForBrowser -prefsHandle 5060 -prefMapHandle 4788 -prefsLen 28024 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae158e20-7c46-43cb-82d8-91b3b82fd767} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6540 -childID 10 -isForBrowser -prefsHandle 6184 -prefMapHandle 3844 -prefsLen 28024 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e31381cf-173b-4f5c-b83e-325a91bc4001} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:1832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 11 -isForBrowser -prefsHandle 6644 -prefMapHandle 6640 -prefsLen 28024 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {916543d1-438d-43f3-847c-20a007bb0e52} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:3972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6840 -childID 12 -isForBrowser -prefsHandle 6760 -prefMapHandle 6768 -prefsLen 28024 -prefMapSize 245077 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66d9dd18-d735-4ed6-9428-6a73b60b69a8} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" tab
    3⤵
    PID:3860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:5536

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Roblox Gen V1.2(1).7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3944

C:\Users\Admin\Desktop\Roblox Gen V1.2.exe
"C:\Users\Admin\Desktop\Roblox Gen V1.2.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2740
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "regergerg" /tr '"C:\Users\Admin\AppData\Roaming\regergerg.exe"' & exit
  2⤵
  PID:4184
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /f /sc onlogon /rl highest /tn "regergerg" /tr '"C:\Users\Admin\AppData\Roaming\regergerg.exe"'
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4244
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpEF7D.tmp.bat""
  2⤵
  PID:4996
- - C:\Windows\SysWOW64\timeout.exe
    timeout 3
    3⤵
    - Delays execution with timeout.exe
    PID:1040
- - C:\Users\Admin\AppData\Roaming\regergerg.exe
    "C:\Users\Admin\AppData\Roaming\regergerg.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2484

Network

DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.188.166:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN A

Response

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
GET

https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-08-09-10-34-54.chain

firefox.exe

Remote address:

34.160.144.191:443

Request

GET /chains/remote-settings.content-signature.mozilla.org-2024-08-09-10-34-54.chain HTTP/2.0
host: content-signature-2.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
if-modified-since: Thu, 20 Jun 2024 10:34:55 GMT
if-none-match: "47d6d9d5083484ace8a341375cec41e7"
te: trailers
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

44.238.192.228

shavar.prod.mozaws.net

IN A

52.33.222.107

shavar.prod.mozaws.net

IN A

44.242.121.21
DNS

firefox-api-proxy.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy.cdn.mozilla.net

IN A

Response

firefox-api-proxy.cdn.mozilla.net

IN CNAME

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
if-modified-since: Fri, 25 Mar 2022 17:45:46 GMT
if-none-match: "1648230346554"
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 28965
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Sat, 13 Jul 2024 15:28:10 GMT
age: 2385
last-modified: Sat, 13 Jul 2024 14:47:05 GMT
content-type: application/json
last-modified: Sat, 13 Jul 2024 14:47:05 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=0

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/monitor/collections/changes/changeset?_expected=0 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
POST

https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=124.0&pver=2.2

firefox.exe

Remote address:

44.238.192.228:443

Request

POST /downloads?client=navclient-auto-ffox&appver=124.0&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 582
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Date: Sat, 13 Jul 2024 16:07:27 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

52.33.222.107

shavar.prod.mozaws.net

IN A

44.242.121.21

shavar.prod.mozaws.net

IN A

44.238.192.228
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:74e4::
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.107.243.93:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pcEE+dmL9IqsjLD2T+Ihpg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

sec-websocket-accept: AzdyXN46gfVNamPkVx+MWqbJhig=
date: Sat, 13 Jul 2024 16:07:27 GMT
Via: 1.1 google
Upgrade: websocket
Connection: Upgrade
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

228.192.238.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.192.238.44.in-addr.arpa

IN PTR

Response

228.192.238.44.in-addr.arpa

IN PTR

ec2-44-238-192-228 us-west-2compute amazonawscom
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.180.4
GET

https://www.google.com/search?client=firefox-b-d&q=7+zip

firefox.exe

Remote address:

142.250.180.4:443

Request

GET /search?client=firefox-b-d&q=7+zip HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 429

date: Sat, 13 Jul 2024 16:07:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate
content-type: text/html
server: HTTP server (unknown)
content-length: 3166
content-type: text/html
content-length: 3166
GET

https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fclient%3Dfirefox-b-d%26q%3D7%2Bzip&q=EgTCbg1GGNHMyrQGIjBwYF5FEN3FLKtPDBlBxhgnGPvIMsqmlfn8VqtzC3IGziKIIEVfZ3oz6KaQZq0Z3OwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

firefox.exe

Remote address:

142.250.180.4:443

Request

GET /sorry/index?continue=https://www.google.com/search%3Fclient%3Dfirefox-b-d%26q%3D7%2Bzip&q=EgTCbg1GGNHMyrQGIjBwYF5FEN3FLKtPDBlBxhgnGPvIMsqmlfn8VqtzC3IGziKIIEVfZ3oz6KaQZq0Z3OwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: AEC=AVYB7cq6HS8nAYOa0v6OiB_Oq7WwEviZ5z5QHuL9e3AtHr3X4WbM7CijAWI
cookie: __Secure-ENID=21.SE=nZqyvR1XDaiRJXdBq1F4r-26znFa344yejYh-QqBNl-vG4BymITuxVpMgtL3BBHU_dWQ7cWTjtv_IrhTGmwL9akdDAK3-dQiA6G_YhDx2CNxZ0R3je1PBHyMuceVEeAB_vAzU3QxUYot4AH6H5JtqQGsUrc4MqIiL0Ntk1ShGmZw6Ik
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.180.4
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:81e::2004
DNS

4.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.180.250.142.in-addr.arpa

IN PTR

Response

4.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f41e100net
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f991e100net

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�H

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f3�H
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

192.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.142.123.92.in-addr.arpa

IN PTR

Response

192.142.123.92.in-addr.arpa

IN PTR

a92-123-142-192deploystaticakamaitechnologiescom
DNS

aus5.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

location.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

location.services.mozilla.com

IN A

Response

location.services.mozilla.com

IN CNAME

prod.classify-client.prod.webservices.mozgcp.net

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
GET

https://aus5.mozilla.org/update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml

firefox.exe

Remote address:

35.244.181.201:443

Request

GET /update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml HTTP/2.0
host: aus5.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cache-control: no-cache
pragma: no-cache
te: trailers
GET

https://aus5.mozilla.org/update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml

firefox.exe

Remote address:

35.244.181.201:443

Request

GET /update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml HTTP/2.0
host: aus5.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cache-control: no-cache
pragma: no-cache
te: trailers
GET

https://aus5.mozilla.org/update/3/SystemAddons/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml

firefox.exe

Remote address:

35.244.181.201:443

Request

GET /update/3/SystemAddons/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml HTTP/2.0
host: aus5.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cache-control: no-cache
pragma: no-cache
te: trailers
GET

https://aus5.mozilla.org/update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml

firefox.exe

Remote address:

35.244.181.201:443

Request

GET /update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml HTTP/2.0
host: aus5.mozilla.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cache-control: no-cache
pragma: no-cache
te: trailers
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.classify-client.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN A

Response

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

prod.classify-client.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN AAAA

Response
GET

https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-08-13-18-26-52.chain

firefox.exe

Remote address:

34.160.144.191:443

Request

GET /chains/202402/aus.content-signature.mozilla.org-2024-08-13-18-26-52.chain HTTP/2.0
host: content-signature-2.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
GET

https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-08-13-18-26-52.chain

firefox.exe

Remote address:

34.160.144.191:443

Request

GET /chains/202402/aus.content-signature.mozilla.org-2024-08-13-18-26-52.chain HTTP/2.0
host: content-signature-2.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.209

a19.dscg10.akamai.net

IN A

88.221.134.155
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.209

a19.dscg10.akamai.net

IN A

88.221.134.155
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

172.217.169.46
GET

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

firefox.exe

Remote address:

88.221.134.209:80

Request

GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Wed, 10 Apr 2024 18:35:32 GMT
ETag: 09372174e83dbbf696ee732fd2e875bb
Content-Length: 491284
Accept-Ranges: bytes
X-Timestamp: 1712774131.24210
Content-Type: application/zip
X-Trans-Id: tx0cd7e3822da94e8e8858c-0066280e63dfw1
Cache-Control: public, max-age=107403
Expires: Sun, 14 Jul 2024 21:57:59 GMT
Date: Sat, 13 Jul 2024 16:07:56 GMT
Connection: keep-alive
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
GET

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

firefox.exe

Remote address:

172.217.169.46:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
host: redirector.gvt1.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

172.217.169.46
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:818::200e
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:818::200e
DNS

r1---sn-aigzrnsr.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1---sn-aigzrnsr.gvt1.com

IN A

Response

r1---sn-aigzrnsr.gvt1.com

IN CNAME

r1.sn-aigzrnsr.gvt1.com

r1.sn-aigzrnsr.gvt1.com

IN A

74.125.175.38
GET

https://r1---sn-aigzrnsr.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=194.110.13.70&mm=28&mn=sn-aigzrnsr&ms=nvh&mt=1720886186&mv=m&mvi=1&pl=24&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

firefox.exe

Remote address:

74.125.175.38:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=194.110.13.70&mm=28&mn=sn-aigzrnsr&ms=nvh&mt=1720886186&mv=m&mvi=1&pl=24&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com HTTP/1.1
Host: r1---sn-aigzrnsr.gvt1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 14485862
Content-Security-Policy: default-src 'none'
Content-Type: application/zip
Etag: "1d3918c"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Sat, 13 Jul 2024 13:09:33 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
DNS

r1.sn-aigzrnsr.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-aigzrnsr.gvt1.com

IN A

Response

r1.sn-aigzrnsr.gvt1.com

IN A

74.125.175.38
DNS

r1.sn-aigzrnsr.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-aigzrnsr.gvt1.com

IN AAAA

Response

r1.sn-aigzrnsr.gvt1.com

IN AAAA

2a00:1450:4009:17::6
DNS

216.72.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.72.190.35.in-addr.arpa

IN PTR

Response

216.72.190.35.in-addr.arpa

IN PTR

2167219035bcgoogleusercontentcom
DNS

216.72.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.72.190.35.in-addr.arpa

IN PTR

Response

216.72.190.35.in-addr.arpa

IN PTR

2167219035bcgoogleusercontentcom
DNS

209.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.134.221.88.in-addr.arpa

IN PTR

Response

209.134.221.88.in-addr.arpa

IN PTR

a88-221-134-209deploystaticakamaitechnologiescom
DNS

209.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.134.221.88.in-addr.arpa

IN PTR

Response

209.134.221.88.in-addr.arpa

IN PTR

a88-221-134-209deploystaticakamaitechnologiescom
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

38.175.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.175.125.74.in-addr.arpa

IN PTR

Response

38.175.125.74.in-addr.arpa

IN PTR

lhr48s38-in-f61e100net
DNS

38.175.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.175.125.74.in-addr.arpa

IN PTR

Response

38.175.125.74.in-addr.arpa

IN PTR

lhr48s38-in-f61e100net
DNS

46.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.169.217.172.in-addr.arpa

IN PTR

Response

46.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f141e100net
DNS

46.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.169.217.172.in-addr.arpa

IN PTR

Response

46.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f141e100net
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

7-zip.org

firefox.exe

Remote address:

8.8.8.8:53

Request

7-zip.org

IN A

Response

7-zip.org

IN A

49.12.202.237
GET

http://7-zip.org/

firefox.exe

Remote address:

49.12.202.237:80

Request

GET / HTTP/1.1
Host: 7-zip.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Response

HTTP/1.1 301 Moved Permanently

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 13 Jul 2024 16:08:33 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://7-zip.org/
DNS

7-zip.org

firefox.exe

Remote address:

8.8.8.8:53

Request

7-zip.org

IN A

Response

7-zip.org

IN A

49.12.202.237
DNS

7-zip.org

firefox.exe

Remote address:

8.8.8.8:53

Request

7-zip.org

IN AAAA

Response
GET

https://7-zip.org/

firefox.exe

Remote address:

49.12.202.237:443

Request

GET / HTTP/1.1
Host: 7-zip.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 13 Jul 2024 16:08:33 GMT
Content-Type: text/html
Last-Modified: Wed, 19 Jun 2024 09:26:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6672a44f-1d40"
Content-Encoding: gzip
GET

https://7-zip.org/style.css

firefox.exe

Remote address:

49.12.202.237:443

Request

GET /style.css HTTP/1.1
Host: 7-zip.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7-zip.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 13 Jul 2024 16:08:33 GMT
Content-Type: text/css
Content-Length: 1005
Last-Modified: Sat, 08 Jun 2024 07:40:29 GMT
Connection: keep-alive
ETag: "66640aed-3ed"
Accept-Ranges: bytes
GET

https://7-zip.org/7ziplogo.png

firefox.exe

Remote address:

49.12.202.237:443

Request

GET /7ziplogo.png HTTP/1.1
Host: 7-zip.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7-zip.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 13 Jul 2024 16:08:33 GMT
Content-Type: image/png
Content-Length: 1417
Last-Modified: Tue, 27 Sep 2022 13:14:27 GMT
Connection: keep-alive
ETag: "6332f733-589"
Accept-Ranges: bytes
GET

https://7-zip.org/favicon.ico

firefox.exe

Remote address:

49.12.202.237:443

Request

GET /favicon.ico HTTP/1.1
Host: 7-zip.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7-zip.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 13 Jul 2024 16:08:33 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Tue, 27 Sep 2022 13:14:27 GMT
Connection: keep-alive
ETag: "6332f733-13e"
Accept-Ranges: bytes
DNS

237.202.12.49.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.202.12.49.in-addr.arpa

IN PTR

Response

237.202.12.49.in-addr.arpa

IN PTR

static2372021249clientsyour-serverde
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

aus5.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221720882632032%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221720882632032%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
GET

https://7-zip.org/a/7z2407-x64.exe

firefox.exe

Remote address:

49.12.202.237:443

Request

GET /a/7z2407-x64.exe HTTP/1.1
Host: 7-zip.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7-zip.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

Response

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 13 Jul 2024 16:09:20 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://github.com/ip7z/7zip/releases/download/24.07/7z2407-x64.exe
DNS

github.com

firefox.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

firefox.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/ip7z/7zip/releases/download/24.07/7z2407-x64.exe

firefox.exe

Remote address:

20.26.156.215:443

Request

GET /ip7z/7zip/releases/download/24.07/7z2407-x64.exe HTTP/2.0
host: github.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://7-zip.org/
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 302

server: GitHub.com
date: Sat, 13 Jul 2024 16:09:20 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/466446150/031b16d5-30d3-42fe-a8aa-4e9b7d7c7f20?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240713%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240713T160920Z&X-Amz-Expires=300&X-Amz-Signature=56006e4dd5f52b9d069beae9de9978bbbb00ccffd0e7b5b6585847b6081dd384&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=466446150&response-content-disposition=attachment%3B%20filename%3D7z2407-x64.exe&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: C400:1D345A:4A7C71:562492:6692A6B0
DNS

github.com

firefox.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

firefox.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

firefox.exe

Remote address:

8.8.8.8:53

Request

github.com

IN AAAA

Response
DNS

objects.githubusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.108.133

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.110.133
GET

https://objects.githubusercontent.com/github-production-release-asset-2e65be/466446150/031b16d5-30d3-42fe-a8aa-4e9b7d7c7f20?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240713%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240713T160920Z&X-Amz-Expires=300&X-Amz-Signature=56006e4dd5f52b9d069beae9de9978bbbb00ccffd0e7b5b6585847b6081dd384&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=466446150&response-content-disposition=attachment%3B%20filename%3D7z2407-x64.exe&response-content-type=application%2Foctet-stream

firefox.exe

Remote address:

185.199.109.133:443

Request

GET /github-production-release-asset-2e65be/466446150/031b16d5-30d3-42fe-a8aa-4e9b7d7c7f20?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240713%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240713T160920Z&X-Amz-Expires=300&X-Amz-Signature=56006e4dd5f52b9d069beae9de9978bbbb00ccffd0e7b5b6585847b6081dd384&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=466446150&response-content-disposition=attachment%3B%20filename%3D7z2407-x64.exe&response-content-type=application%2Foctet-stream HTTP/2.0
host: objects.githubusercontent.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://7-zip.org/
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 200

content-type: application/octet-stream
last-modified: Wed, 19 Jun 2024 10:41:59 GMT
etag: "0x8DC904C7281D786"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d9aa0710-801e-0024-4b36-c217f5000000
x-ms-version: 2020-10-02
x-ms-creation-time: Wed, 19 Jun 2024 10:41:59 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=7z2407-x64.exe
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 13 Jul 2024 16:09:20 GMT
age: 3048
x-served-by: cache-iad-kjyo7100102-IAD, cache-lcy-eglc8600059-LCY
x-cache: HIT, HIT
x-cache-hits: 349538, 1
x-timer: S1720886961.666446,VS0,VE320
content-length: 1620576
DNS

objects.githubusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.108.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.109.133
DNS

objects.githubusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.108.133
DNS

objects.githubusercontent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN AAAA

Response
DNS

133.109.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.109.199.185.in-addr.arpa

IN PTR

Response

133.109.199.185.in-addr.arpa

IN PTR

cdn-185-199-109-133githubcom
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.107.243.93:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 222TQ9qrLvehk3NmcS0QEg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

sec-websocket-accept: P5o4lUSwRQYFbOH1dscTwwAp+yU=
date: Sat, 13 Jul 2024 16:10:11 GMT
Via: 1.1 google
Upgrade: websocket
Connection: Upgrade
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.107.243.93:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QYvBzxiaBauNBFK7gSS6dw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

sec-websocket-accept: ZAhj+7HZS17f7lVLp3ufcmdHr4E=
date: Sat, 13 Jul 2024 16:10:42 GMT
Via: 1.1 google
Upgrade: websocket
Connection: Upgrade
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

7-zip.org

firefox.exe

Remote address:

8.8.8.8:53

Request

7-zip.org

IN AAAA

Response
GET

https://www.google.com/search?client=firefox-b-d&q=codedpad

firefox.exe

Remote address:

142.250.180.4:443

Request

GET /search?client=firefox-b-d&q=codedpad HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
alt-used: www.google.com
cookie: AEC=AVYB7cq6HS8nAYOa0v6OiB_Oq7WwEviZ5z5QHuL9e3AtHr3X4WbM7CijAWI
cookie: __Secure-ENID=21.SE=nZqyvR1XDaiRJXdBq1F4r-26znFa344yejYh-QqBNl-vG4BymITuxVpMgtL3BBHU_dWQ7cWTjtv_IrhTGmwL9akdDAK3-dQiA6G_YhDx2CNxZ0R3je1PBHyMuceVEeAB_vAzU3QxUYot4AH6H5JtqQGsUrc4MqIiL0Ntk1ShGmZw6Ik
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A

Response

support.mozilla.org

IN CNAME

prod.sumo.prod.webservices.mozgcp.net

prod.sumo.prod.webservices.mozgcp.net

IN CNAME

us-west1.prod.sumo.prod.webservices.mozgcp.net

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN A

34.149.128.2
DNS

us-west1.prod.sumo.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN A

Response

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN A

34.149.128.2
DNS

us-west1.prod.sumo.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

codedpad.com

firefox.exe

Remote address:

8.8.8.8:53

Request

codedpad.com

IN A

Response

codedpad.com

IN A

172.67.129.236

codedpad.com

IN A

104.21.1.208
GET

http://codedpad.com/

firefox.exe

Remote address:

172.67.129.236:80

Request

GET / HTTP/1.1
Host: codedpad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 13 Jul 2024 16:11:16 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 13 Jul 2024 17:11:16 GMT
Location: https://codedpad.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZ%2FHS8wLe23mRuZ0H%2F%2B4PmtkD%2FREFNhqiFd0ke0vVxTH6p6lw7gwiDm3mK33lAVwCLlfk%2BGSR7psVZoJCE27waMRsGD%2BxD8fpPsNoV3MBOq97Ukf2yihzj%2BOBQcU%2BIc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8a2a8c41786b955d-LHR
alt-svc: h2=":443"; ma=60
DNS

codedpad.com

firefox.exe

Remote address:

8.8.8.8:53

Request

codedpad.com

IN A

Response

codedpad.com

IN A

104.21.1.208

codedpad.com

IN A

172.67.129.236
DNS

codedpad.com

firefox.exe

Remote address:

8.8.8.8:53

Request

codedpad.com

IN AAAA

Response

codedpad.com

IN AAAA

2606:4700:3032::ac43:81ec

codedpad.com

IN AAAA

2606:4700:3037::6815:1d0
GET

https://codedpad.com/

firefox.exe

Remote address:

172.67.129.236:443

Request

GET / HTTP/2.0
host: codedpad.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 301

date: Sat, 13 Jul 2024 16:11:16 GMT
content-type: text/html
content-length: 167
location: https://www.codedpad.com/
cache-control: max-age=3600
expires: Sat, 13 Jul 2024 17:11:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwj7s3S6UhPt0sbHKiGwMY958n4X0%2BJwDbRe%2BjcH2MLApYTrF6mDRYUEbN7GxDqdhHaU%2B2s9fnQISaEqQitJZZIUn4cOiCZf%2Bq4iXO8k5xkElUf3w%2FfbJ8YGXun39Cw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a2a8c422b1163a0-LHR
alt-svc: h3=":443"; ma=86400
DNS

www.codedpad.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.codedpad.com

IN A

Response

www.codedpad.com

IN A

104.21.1.208

www.codedpad.com

IN A

172.67.129.236
DNS

www.codedpad.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.codedpad.com

IN A

Response

www.codedpad.com

IN A

172.67.129.236

www.codedpad.com

IN A

104.21.1.208
DNS

www.codedpad.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.codedpad.com

IN A

Response

www.codedpad.com

IN A

172.67.129.236

www.codedpad.com

IN A

104.21.1.208
DNS

www.codedpad.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.codedpad.com

IN AAAA

Response

www.codedpad.com

IN AAAA

2606:4700:3037::6815:1d0

www.codedpad.com

IN AAAA

2606:4700:3032::ac43:81ec
DNS

236.129.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

236.129.67.172.in-addr.arpa

IN PTR

Response
DNS

208.1.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.1.21.104.in-addr.arpa

IN PTR

Response
DNS

ajax.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.180.10
GET

https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

firefox.exe

Remote address:

142.250.180.10:443

Request

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.codedpad.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

ajax.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

216.58.201.106
DNS

ajax.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN AAAA

Response

ajax.googleapis.com

IN AAAA

2a00:1450:4009:820::200a
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.32.36

region1.google-analytics.com

IN A

216.239.34.36
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-7B6TPGBSVJ&gtm=45je4790v9116089525z89116081765za200zb9116081765&_p=1720887076498&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=945553925.1720887077&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&_s=1&sid=1720887077&sct=1&seg=0&dl=https%3A%2F%2Fwww.codedpad.com%2F&dt=Encrypted%20online%20notepad%20for%20secret%20and%20secure%20notes.%20Encrypt%20and%20keep%20private%20notes%20with%20password.%20%7C%20Coded%20Pad%E2%84%A2&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1577&_z=fetch

firefox.exe

Remote address:

216.239.32.36:443

Request

POST /g/collect?v=2&tid=G-7B6TPGBSVJ&gtm=45je4790v9116089525z89116081765za200zb9116081765&_p=1720887076498&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=945553925.1720887077&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&_s=1&sid=1720887077&sct=1&seg=0&dl=https%3A%2F%2Fwww.codedpad.com%2F&dt=Encrypted%20online%20notepad%20for%20secret%20and%20secure%20notes.%20Encrypt%20and%20keep%20private%20notes%20with%20password.%20%7C%20Coded%20Pad%E2%84%A2&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1577&_z=fetch HTTP/2.0
host: region1.google-analytics.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.codedpad.com/
origin: https://www.codedpad.com
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
pragma: no-cache
cache-control: no-cache
content-length: 0
te: trailers
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.32.36

region1.google-analytics.com

IN A

216.239.34.36
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN AAAA

Response

region1.google-analytics.com

IN AAAA

2001:4860:4802:32::36

region1.google-analytics.com

IN AAAA

2001:4860:4802:34::36
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN AAAA

Response

region1.google-analytics.com

IN AAAA

2001:4860:4802:34::36

region1.google-analytics.com

IN AAAA

2001:4860:4802:32::36
DNS

10.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR

Response

10.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f101e100net
DNS

72.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.169.217.172.in-addr.arpa

IN PTR

Response

72.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f81e100net
DNS

226.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.187.250.142.in-addr.arpa

IN PTR

Response

226.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f21e100net
DNS

36.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.32.239.216.in-addr.arpa

IN PTR

Response
DNS

fundingchoicesmessages.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

172.217.169.78
DNS

fundingchoicesmessages.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

172.217.169.78
GET

https://fundingchoicesmessages.google.com/i/ca-pub-6818625889483991?href=https%3A%2F%2Fwww.codedpad.com&ers=2

firefox.exe

Remote address:

172.217.169.78:443

Request

GET /i/ca-pub-6818625889483991?href=https%3A%2F%2Fwww.codedpad.com&ers=2 HTTP/2.0
host: fundingchoicesmessages.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.codedpad.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

www3.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www3.l.google.com

IN A

Response

www3.l.google.com

IN A

172.217.169.78
DNS

www3.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www3.l.google.com

IN AAAA

Response

www3.l.google.com

IN AAAA

2a00:1450:4009:819::200e
DNS

78.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.169.217.172.in-addr.arpa

IN PTR

Response

78.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f141e100net
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H
DNS

googleads.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.180.2
GET

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&gdpr_consent=CQBsaMAQBsaMAEsACBENA9EoAP_gAEPgACiQINJB7C7FbSFCwH5zaLsAMAhHRsAAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQIECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgCAAAAAAAAAAAAAAAAAAQOhSD2F2K2kKFkPCmwXYAYBCujYAAhQgAAAkCBMACgAUgQAgFJIAgCIFAAAAAAAAAQEiCQAAQABAAAIACgAAAAAAIAAAAAAAQQAABAAIAAAAAAAAEAAAAIAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~70.89.93.108.122.149.196.236.259.311.313.323.358.415.449.486.494.495.540.574.609.827.864.981.1029.1048.1051.1095.1097.1126.1205.1276.1301.1365.1415.1423.1449.1514.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958.2072.2253.2299.2357.2373.2415.2506.2526.2568.2571.2575.2624.2677~dv.&client=ca-pub-6818625889483991&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1720887079&plaf=2%3A2&plat=1%3A1024%2C2%3A1024%2C3%3A2097152%2C4%3A2097152%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.codedpad.com%2F&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=28~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=28~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=28_16~27_8~29_10~30_19&aiixl=28_4~27_3~29_5~30_6&aslmct=0.7&asamct=0.7&aisaib=1&dt=1720887077007&bpp=4&bdt=516&idt=284&shv=r20240709&mjsv=m202407090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=900x280&nras=1&correlator=644004134330&frm=20&pv=1&ga_vid=945553925.1720887077&ga_sid=1720887079&ga_hid=2008867700&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=595&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31085139%2C31085211%2C44795921%2C95334511%2C95334527%2C95334579%2C95334828%2C95337026%2C95337065%2C31084678%2C95337094&oid=2&pvsid=2835158087758255&tmod=573852419&uas=3&nvt=1&fsapi=1&fc=896&brdim=-8%2C-8%2C-8%2C-8%2C1280%2C0%2C1296%2C696%2C1280%2C595&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.01&ifi=2&uci=a!2&fsb=1&dtd=2254

firefox.exe

Remote address:

142.250.180.2:443

Request

GET /pagead/ads?gdpr=1&gdpr_consent=CQBsaMAQBsaMAEsACBENA9EoAP_gAEPgACiQINJB7C7FbSFCwH5zaLsAMAhHRsAAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQIECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgCAAAAAAAAAAAAAAAAAAQOhSD2F2K2kKFkPCmwXYAYBCujYAAhQgAAAkCBMACgAUgQAgFJIAgCIFAAAAAAAAAQEiCQAAQABAAAIACgAAAAAAIAAAAAAAQQAABAAIAAAAAAAAEAAAAIAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~70.89.93.108.122.149.196.236.259.311.313.323.358.415.449.486.494.495.540.574.609.827.864.981.1029.1048.1051.1095.1097.1126.1205.1276.1301.1365.1415.1423.1449.1514.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958.2072.2253.2299.2357.2373.2415.2506.2526.2568.2571.2575.2624.2677~dv.&client=ca-pub-6818625889483991&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1720887079&plaf=2%3A2&plat=1%3A1024%2C2%3A1024%2C3%3A2097152%2C4%3A2097152%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.codedpad.com%2F&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=28~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=28~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=28_16~27_8~29_10~30_19&aiixl=28_4~27_3~29_5~30_6&aslmct=0.7&asamct=0.7&aisaib=1&dt=1720887077007&bpp=4&bdt=516&idt=284&shv=r20240709&mjsv=m202407090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=900x280&nras=1&correlator=644004134330&frm=20&pv=1&ga_vid=945553925.1720887077&ga_sid=1720887079&ga_hid=2008867700&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=595&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31085139%2C31085211%2C44795921%2C95334511%2C95334527%2C95334579%2C95334828%2C95337026%2C95337065%2C31084678%2C95337094&oid=2&pvsid=2835158087758255&tmod=573852419&uas=3&nvt=1&fsapi=1&fc=896&brdim=-8%2C-8%2C-8%2C-8%2C1280%2C0%2C1296%2C696%2C1280%2C595&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.01&ifi=2&uci=a!2&fsb=1&dtd=2254 HTTP/2.0
host: googleads.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.codedpad.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers
GET

https://googleads.g.doubleclick.net/pagead/html/r20240709/r20110914/zrt_lookup_fy2021.html

firefox.exe

Remote address:

142.250.180.2:443

Request

GET /pagead/html/r20240709/r20110914/zrt_lookup_fy2021.html HTTP/2.0
host: googleads.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.codedpad.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers
GET

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&gdpr_consent=CQBsaMAQBsaMAEsACBENA9EoAP_gAEPgACiQINJB7C7FbSFCwH5zaLsAMAhHRsAAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQIECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgCAAAAAAAAAAAAAAAAAAQOhSD2F2K2kKFkPCmwXYAYBCujYAAhQgAAAkCBMACgAUgQAgFJIAgCIFAAAAAAAAAQEiCQAAQABAAAIACgAAAAAAIAAAAAAAQQAABAAIAAAAAAAAEAAAAIAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~70.89.93.108.122.149.196.236.259.311.313.323.358.415.449.486.494.495.540.574.609.827.864.981.1029.1048.1051.1095.1097.1126.1205.1276.1301.1365.1415.1423.1449.1514.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958.2072.2253.2299.2357.2373.2415.2506.2526.2568.2571.2575.2624.2677~dv.&client=ca-pub-6818625889483991&output=html&h=280&slotname=1836264669&adk=1623672502&adf=4029756731&pi=t.ma~as.1836264669&w=900&abgtt=3&fwrn=4&fwrnh=100&lmt=1720887079&rafmt=1&format=900x280&url=https%3A%2F%2Fwww.codedpad.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1720887077007&bpp=2&bdt=516&idt=262&shv=r20240709&mjsv=m202407090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=644004134330&frm=20&pv=2&ga_vid=945553925.1720887077&ga_sid=1720887079&ga_hid=2008867700&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=510&biw=1263&bih=595&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31085139%2C31085211%2C44795921%2C95334511%2C95334527%2C95334579%2C95334828%2C95337026%2C95337065%2C31084678%2C95337094&oid=2&pvsid=2835158087758255&tmod=573852419&uas=3&nvt=1&fc=896&brdim=-8%2C-8%2C-8%2C-8%2C1280%2C0%2C1296%2C696%2C1280%2C595&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&bz=1.01&ifi=1&uci=a!1&fsb=1&dtd=2241

firefox.exe

Remote address:

142.250.180.2:443

Request

GET /pagead/ads?gdpr=1&gdpr_consent=CQBsaMAQBsaMAEsACBENA9EoAP_gAEPgACiQINJB7C7FbSFCwH5zaLsAMAhHRsAAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQIECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgCAAAAAAAAAAAAAAAAAAQOhSD2F2K2kKFkPCmwXYAYBCujYAAhQgAAAkCBMACgAUgQAgFJIAgCIFAAAAAAAAAQEiCQAAQABAAAIACgAAAAAAIAAAAAAAQQAABAAIAAAAAAAAEAAAAIAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~70.89.93.108.122.149.196.236.259.311.313.323.358.415.449.486.494.495.540.574.609.827.864.981.1029.1048.1051.1095.1097.1126.1205.1276.1301.1365.1415.1423.1449.1514.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958.2072.2253.2299.2357.2373.2415.2506.2526.2568.2571.2575.2624.2677~dv.&client=ca-pub-6818625889483991&output=html&h=280&slotname=1836264669&adk=1623672502&adf=4029756731&pi=t.ma~as.1836264669&w=900&abgtt=3&fwrn=4&fwrnh=100&lmt=1720887079&rafmt=1&format=900x280&url=https%3A%2F%2Fwww.codedpad.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1720887077007&bpp=2&bdt=516&idt=262&shv=r20240709&mjsv=m202407090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=644004134330&frm=20&pv=2&ga_vid=945553925.1720887077&ga_sid=1720887079&ga_hid=2008867700&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=510&biw=1263&bih=595&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31085139%2C31085211%2C44795921%2C95334511%2C95334527%2C95334579%2C95334828%2C95337026%2C95337065%2C31084678%2C95337094&oid=2&pvsid=2835158087758255&tmod=573852419&uas=3&nvt=1&fc=896&brdim=-8%2C-8%2C-8%2C-8%2C1280%2C0%2C1296%2C696%2C1280%2C595&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&bz=1.01&ifi=1&uci=a!1&fsb=1&dtd=2241 HTTP/2.0
host: googleads.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.codedpad.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers
DNS

googleads.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.180.2
DNS

googleads.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN AAAA

Response

googleads.g.doubleclick.net

IN AAAA

2a00:1450:4009:817::2002
DNS

tpc.googlesyndication.com

firefox.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.250.178.1
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

firefox.exe

Remote address:

142.250.178.1:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: tpc.googlesyndication.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.codedpad.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

firefox.exe

Remote address:

142.250.178.1:443

Request

GET /sodar/sodar2/225/runner.html HTTP/2.0
host: tpc.googlesyndication.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.codedpad.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers
DNS

tpc.googlesyndication.com

firefox.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.250.178.1
DNS

tpc.googlesyndication.com

firefox.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN AAAA

Response

tpc.googlesyndication.com

IN AAAA

2a00:1450:4009:815::2001
GET

https://www.google.com/recaptcha/api2/aframe

firefox.exe

Remote address:

142.250.180.4:443

Request

GET /recaptcha/api2/aframe HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.codedpad.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers
DNS

2.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.180.250.142.in-addr.arpa

IN PTR

Response

2.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f21e100net
DNS

1.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.178.250.142.in-addr.arpa

IN PTR

Response

1.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f11e100net
DNS

1.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.178.250.142.in-addr.arpa

IN PTR

Response

1.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f11e100net
DNS

cdn.discordapp.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN A

Response

cdn.discordapp.com

IN A

162.159.130.233

cdn.discordapp.com

IN A

162.159.134.233

cdn.discordapp.com

IN A

162.159.133.233

cdn.discordapp.com

IN A

162.159.129.233

cdn.discordapp.com

IN A

162.159.135.233
GET

https://cdn.discordapp.com/attachments/1261685759107403860/1261691864415998087/Roblox_Gen_V1.2.7z?ex=6693e19d&is=6692901d&hm=b30d39266087d766fdfdb497233be20b62fc9bdbca4d76eaef075b3841ecc611&

firefox.exe

Remote address:

162.159.130.233:443

Request

GET /attachments/1261685759107403860/1261691864415998087/Roblox_Gen_V1.2.7z?ex=6693e19d&is=6692901d&hm=b30d39266087d766fdfdb497233be20b62fc9bdbca4d76eaef075b3841ecc611& HTTP/2.0
host: cdn.discordapp.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 200

date: Sat, 13 Jul 2024 16:11:35 GMT
content-type: application/x-7z-compressed
content-length: 19106
cf-ray: 8a2a8cb8bf7a6331-LHR
cf-cache-status: HIT
accept-ranges: bytes, bytes
age: 2440
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Roblox_Gen_V1.2.7z"; filename*=UTF-8''Roblox%20Gen%20V1.2.7z
etag: "d2cb69e5d03e5870167a06d93329abd7"
expires: Sun, 13 Jul 2025 16:11:35 GMT
last-modified: Sat, 13 Jul 2024 14:33:01 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1720881181636239
x-goog-hash: crc32c=d8NzFQ==
x-goog-hash: md5=0stp5dA+WHAWegbZMymr1w==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 19106
x-guploader-uploadid: ACJd0NqJlc_iAptHfrxVjJQqwzzKsPiNWjJaVdKMzolTSh_uijNnlA83KgvEssbZGefXdJf4F3CP9V9TDQ
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=.nNKEm8BQ8jZhRCXHkmfmQyGMAbLwjp1Yu9WmZ0QVGQ-1720887095-1.0.1.1-0uWjjkZDDT7zYGDKKPnrnbV0FneUEGNcCh0LH0cnoyKig.vzTWIA3.8Dvle6UklFSRNRNRqanm5gc3ZHVWr2Fg; path=/; expires=Sat, 13-Jul-24 16:41:35 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v3QpHSOa9raQRuiUv1Mmm1KGDDv0ShAWnnK7azFlblwTVJImw9l5Du7V9zebG7htFsq9e4tum%2FNIZkbTNHz9VM40yStGhZMREEju%2Fiy%2BFmadtUf26K2VavpsoxlxPt85IBDPAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=dMzcMGkeuEO2slxSx8JwghuIVh2_eLJ2Nls_9qme284-1720887095183-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
DNS

cdn.discordapp.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN A

Response

cdn.discordapp.com

IN A

162.159.135.233

cdn.discordapp.com

IN A

162.159.130.233

cdn.discordapp.com

IN A

162.159.129.233

cdn.discordapp.com

IN A

162.159.134.233

cdn.discordapp.com

IN A

162.159.133.233
DNS

cdn.discordapp.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN AAAA

Response
DNS

233.130.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.130.159.162.in-addr.arpa

IN PTR

Response
DNS

215.143.182.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.143.182.52.in-addr.arpa

IN PTR

Response

127.0.0.1:49514

firefox.exe
127.0.0.1:49522

firefox.exe
34.117.188.166:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

2.1kB
12.7kB
18
21

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
34.160.144.191:443

https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-08-09-10-34-54.chain

tls, http2

firefox.exe

1.8kB
4.2kB
18
15

HTTP Request

GET https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-08-09-10-34-54.chain
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=0

tls, http2

firefox.exe

2.8kB
35.3kB
29
37

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=0

HTTP Response

200
44.238.192.228:443

https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=124.0&pver=2.2

tls, http

firefox.exe

2.4kB
3.7kB
10
9

HTTP Request

POST https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=124.0&pver=2.2

HTTP Response

200
34.107.243.93:443

push.services.mozilla.com

tls, http2

firefox.exe

1.8kB
4.3kB
16
13
34.107.243.93:443

https://push.services.mozilla.com/

tls, http

firefox.exe

2.7kB
1.8kB
13
14

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
142.250.180.4:443

www.google.com

tls, http2

firefox.exe

1.4kB
5.1kB
10
9
142.250.180.4:443

https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fclient%3Dfirefox-b-d%26q%3D7%2Bzip&q=EgTCbg1GGNHMyrQGIjBwYF5FEN3FLKtPDBlBxhgnGPvIMsqmlfn8VqtzC3IGziKIIEVfZ3oz6KaQZq0Z3OwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

tls, http2

firefox.exe

2.7kB
11.0kB
20
27

HTTP Request

GET https://www.google.com/search?client=firefox-b-d&q=7+zip

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fclient%3Dfirefox-b-d%26q%3D7%2Bzip&q=EgTCbg1GGNHMyrQGIjBwYF5FEN3FLKtPDBlBxhgnGPvIMsqmlfn8VqtzC3IGziKIIEVfZ3oz6KaQZq0Z3OwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Response

429
34.149.100.209:443

firefox.settings.services.mozilla.com

tls, http2

firefox.exe

1.1kB
3.9kB
12
10
35.244.181.201:443

https://aus5.mozilla.org/update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml

tls, http2

firefox.exe

2.6kB
7.5kB
25
30

HTTP Request

GET https://aus5.mozilla.org/update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml

HTTP Request

GET https://aus5.mozilla.org/update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml

HTTP Request

GET https://aus5.mozilla.org/update/3/SystemAddons/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml

HTTP Request

GET https://aus5.mozilla.org/update/3/GMP/124.0.2/20240401114208/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19041.1288%2520(x64)/default/default/update.xml
35.244.181.201:443

aus5.mozilla.org

tls, http2

firefox.exe

1.0kB
4.2kB
11
10
35.244.181.201:443

aus5.mozilla.org

tls, http2

firefox.exe

1.0kB
4.2kB
12
10
34.160.144.191:443

https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-08-13-18-26-52.chain

tls, http2

firefox.exe

2.3kB
16.0kB
26
27

HTTP Request

GET https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-08-13-18-26-52.chain

HTTP Request

GET https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-08-13-18-26-52.chain
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls, http2

firefox.exe

1.0kB
3.8kB
11
10
88.221.134.209:80

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

http

firefox.exe

9.6kB
506.7kB
189
373

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

HTTP Response

200
172.217.169.46:443

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

tls, http2

firefox.exe

1.5kB
8.7kB
16
19

HTTP Request

GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
74.125.175.38:443

https://r1---sn-aigzrnsr.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=194.110.13.70&mm=28&mn=sn-aigzrnsr&ms=nvh&mt=1720886186&mv=m&mvi=1&pl=24&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

tls, http

firefox.exe

406.0kB
15.0MB
6468
10743

HTTP Request

GET https://r1---sn-aigzrnsr.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=194.110.13.70&mm=28&mn=sn-aigzrnsr&ms=nvh&mt=1720886186&mv=m&mvi=1&pl=24&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

HTTP Response

200
49.12.202.237:80

http://7-zip.org/

http

firefox.exe

757 B
656 B
9
6

HTTP Request

GET http://7-zip.org/

HTTP Response

301
49.12.202.237:80

7-zip.org

firefox.exe

190 B
92 B
4
2
49.12.202.237:443

https://7-zip.org/favicon.ico

tls, http

firefox.exe

3.3kB
10.5kB
20
21

HTTP Request

GET https://7-zip.org/

HTTP Response

200

HTTP Request

GET https://7-zip.org/style.css

HTTP Response

200

HTTP Request

GET https://7-zip.org/7ziplogo.png

HTTP Response

200

HTTP Request

GET https://7-zip.org/favicon.ico

HTTP Response

200
49.12.202.237:443

7-zip.org

tls

firefox.exe

1.3kB
615 B
8
7
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls, http2

firefox.exe

1.4kB
3.9kB
14
12
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221720882632032%22

tls, http2

firefox.exe

2.3kB
34.9kB
28
36

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221720882632032%22
49.12.202.237:443

https://7-zip.org/a/7z2407-x64.exe

tls, http

firefox.exe

1.7kB
4.3kB
11
13

HTTP Request

GET https://7-zip.org/a/7z2407-x64.exe

HTTP Response

302
49.12.202.237:443

7-zip.org

tls

firefox.exe

1.0kB
3.4kB
8
6
49.12.202.237:443

7-zip.org

tls

firefox.exe

1.0kB
3.4kB
8
6
20.26.156.215:443

https://github.com/ip7z/7zip/releases/download/24.07/7z2407-x64.exe

tls, http2

firefox.exe

2.0kB
8.3kB
15
15

HTTP Request

GET https://github.com/ip7z/7zip/releases/download/24.07/7z2407-x64.exe

HTTP Response

302
185.199.109.133:443

https://objects.githubusercontent.com/github-production-release-asset-2e65be/466446150/031b16d5-30d3-42fe-a8aa-4e9b7d7c7f20?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240713%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240713T160920Z&X-Amz-Expires=300&X-Amz-Signature=56006e4dd5f52b9d069beae9de9978bbbb00ccffd0e7b5b6585847b6081dd384&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=466446150&response-content-disposition=attachment%3B%20filename%3D7z2407-x64.exe&response-content-type=application%2Foctet-stream

tls, http2

firefox.exe

24.9kB
1.7MB
459
1219

HTTP Request

GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/466446150/031b16d5-30d3-42fe-a8aa-4e9b7d7c7f20?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240713%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240713T160920Z&X-Amz-Expires=300&X-Amz-Signature=56006e4dd5f52b9d069beae9de9978bbbb00ccffd0e7b5b6585847b6081dd384&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=466446150&response-content-disposition=attachment%3B%20filename%3D7z2407-x64.exe&response-content-type=application%2Foctet-stream

HTTP Response

200
127.0.0.1:50551

firefox.exe
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls, http2

firefox.exe

1.2kB
3.9kB
13
12
34.117.188.166:443

contile.services.mozilla.com

tls, http2

firefox.exe

1.6kB
4.5kB
13
12
34.149.100.209:443

firefox.settings.services.mozilla.com

tls, http2

firefox.exe

1.5kB
4.2kB
12
11
34.107.243.93:443

push.services.mozilla.com

tls, http2

firefox.exe

1.5kB
4.2kB
12
11
34.107.243.93:443

https://push.services.mozilla.com/

tls, http

firefox.exe

2.6kB
4.6kB
12
13

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
34.149.100.209:443

firefox.settings.services.mozilla.com

tls, http2

firefox.exe

1.0kB
3.9kB
11
10
127.0.0.1:50570

firefox.exe
127.0.0.1:50965

firefox.exe
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls, http2

firefox.exe

1.3kB
4.0kB
15
14
34.117.188.166:443

contile.services.mozilla.com

tls, http2

firefox.exe

1.7kB
4.3kB
14
14
34.149.100.209:443

firefox.settings.services.mozilla.com

tls, http2

firefox.exe

1.7kB
4.3kB
14
12
34.107.243.93:443

push.services.mozilla.com

tls, http2

firefox.exe

1.6kB
4.2kB
14
12
34.107.243.93:443

https://push.services.mozilla.com/

tls, http

firefox.exe

2.6kB
1.7kB
11
12

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
34.149.100.209:443

firefox.settings.services.mozilla.com

tls, http2

firefox.exe

1.1kB
3.9kB
12
10
127.0.0.1:50974

firefox.exe
49.12.202.237:443

7-zip.org

tls

firefox.exe

1.1kB
3.8kB
9
12
49.12.202.237:443

7-zip.org

tls

firefox.exe

1.1kB
3.7kB
9
10
49.12.202.237:443

7-zip.org

tls

firefox.exe

1.1kB
3.8kB
9
12
142.250.180.4:443

https://www.google.com/search?client=firefox-b-d&q=codedpad

tls, http2

firefox.exe

2.2kB
6.8kB
15
18

HTTP Request

GET https://www.google.com/search?client=firefox-b-d&q=codedpad
172.67.129.236:80

codedpad.com

firefox.exe

190 B
132 B
4
3
172.67.129.236:80

http://codedpad.com/

http

firefox.exe

806 B
1.2kB
10
8

HTTP Request

GET http://codedpad.com/

HTTP Response

301
172.67.129.236:443

https://codedpad.com/

tls, http2

firefox.exe

1.9kB
5.0kB
13
13

HTTP Request

GET https://codedpad.com/

HTTP Response

301
104.21.1.208:443

www.codedpad.com

tls, http2

firefox.exe

1.4kB
4.1kB
10
8
142.250.180.10:443

https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

tls, http2

firefox.exe

2.2kB
41.4kB
21
38

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
216.239.32.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-7B6TPGBSVJ&gtm=45je4790v9116089525z89116081765za200zb9116081765&_p=1720887076498&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=945553925.1720887077&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&_s=1&sid=1720887077&sct=1&seg=0&dl=https%3A%2F%2Fwww.codedpad.com%2F&dt=Encrypted%20online%20notepad%20for%20secret%20and%20secure%20notes.%20Encrypt%20and%20keep%20private%20notes%20with%20password.%20%7C%20Coded%20Pad%E2%84%A2&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1577&_z=fetch

tls, http2

firefox.exe

2.4kB
6.3kB
15
16

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-7B6TPGBSVJ&gtm=45je4790v9116089525z89116081765za200zb9116081765&_p=1720887076498&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=945553925.1720887077&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&_s=1&sid=1720887077&sct=1&seg=0&dl=https%3A%2F%2Fwww.codedpad.com%2F&dt=Encrypted%20online%20notepad%20for%20secret%20and%20secure%20notes.%20Encrypt%20and%20keep%20private%20notes%20with%20password.%20%7C%20Coded%20Pad%E2%84%A2&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1577&_z=fetch
172.217.169.78:443

https://fundingchoicesmessages.google.com/i/ca-pub-6818625889483991?href=https%3A%2F%2Fwww.codedpad.com&ers=2

tls, http2

firefox.exe

3.2kB
80.3kB
40
67

HTTP Request

GET https://fundingchoicesmessages.google.com/i/ca-pub-6818625889483991?href=https%3A%2F%2Fwww.codedpad.com&ers=2
142.250.180.2:443

googleads.g.doubleclick.net

tls, http2

firefox.exe

1.4kB
5.4kB
10
9
142.250.180.2:443

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&gdpr_consent=CQBsaMAQBsaMAEsACBENA9EoAP_gAEPgACiQINJB7C7FbSFCwH5zaLsAMAhHRsAAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQIECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgCAAAAAAAAAAAAAAAAAAQOhSD2F2K2kKFkPCmwXYAYBCujYAAhQgAAAkCBMACgAUgQAgFJIAgCIFAAAAAAAAAQEiCQAAQABAAAIACgAAAAAAIAAAAAAAQQAABAAIAAAAAAAAEAAAAIAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~70.89.93.108.122.149.196.236.259.311.313.323.358.415.449.486.494.495.540.574.609.827.864.981.1029.1048.1051.1095.1097.1126.1205.1276.1301.1365.1415.1423.1449.1514.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958.2072.2253.2299.2357.2373.2415.2506.2526.2568.2571.2575.2624.2677~dv.&client=ca-pub-6818625889483991&output=html&h=280&slotname=1836264669&adk=1623672502&adf=4029756731&pi=t.ma~as.1836264669&w=900&abgtt=3&fwrn=4&fwrnh=100&lmt=1720887079&rafmt=1&format=900x280&url=https%3A%2F%2Fwww.codedpad.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1720887077007&bpp=2&bdt=516&idt=262&shv=r20240709&mjsv=m202407090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=644004134330&frm=20&pv=2&ga_vid=945553925.1720887077&ga_sid=1720887079&ga_hid=2008867700&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=510&biw=1263&bih=595&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31085139%2C31085211%2C44795921%2C95334511%2C95334527%2C95334579%2C95334828%2C95337026%2C95337065%2C31084678%2C95337094&oid=2&pvsid=2835158087758255&tmod=573852419&uas=3&nvt=1&fc=896&brdim=-8%2C-8%2C-8%2C-8%2C1280%2C0%2C1296%2C696%2C1280%2C595&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&bz=1.01&ifi=1&uci=a!1&fsb=1&dtd=2241

tls, http2

firefox.exe

5.6kB
54.4kB
28
58

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&gdpr_consent=CQBsaMAQBsaMAEsACBENA9EoAP_gAEPgACiQINJB7C7FbSFCwH5zaLsAMAhHRsAAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQIECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgCAAAAAAAAAAAAAAAAAAQOhSD2F2K2kKFkPCmwXYAYBCujYAAhQgAAAkCBMACgAUgQAgFJIAgCIFAAAAAAAAAQEiCQAAQABAAAIACgAAAAAAIAAAAAAAQQAABAAIAAAAAAAAEAAAAIAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~70.89.93.108.122.149.196.236.259.311.313.323.358.415.449.486.494.495.540.574.609.827.864.981.1029.1048.1051.1095.1097.1126.1205.1276.1301.1365.1415.1423.1449.1514.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958.2072.2253.2299.2357.2373.2415.2506.2526.2568.2571.2575.2624.2677~dv.&client=ca-pub-6818625889483991&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1720887079&plaf=2%3A2&plat=1%3A1024%2C2%3A1024%2C3%3A2097152%2C4%3A2097152%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwww.codedpad.com%2F&pra=7&wgl=1&easpi=0&aihb=0&asro=0&ailel=28~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=28~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=28_16~27_8~29_10~30_19&aiixl=28_4~27_3~29_5~30_6&aslmct=0.7&asamct=0.7&aisaib=1&dt=1720887077007&bpp=4&bdt=516&idt=284&shv=r20240709&mjsv=m202407090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=900x280&nras=1&correlator=644004134330&frm=20&pv=1&ga_vid=945553925.1720887077&ga_sid=1720887079&ga_hid=2008867700&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=595&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31085139%2C31085211%2C44795921%2C95334511%2C95334527%2C95334579%2C95334828%2C95337026%2C95337065%2C31084678%2C95337094&oid=2&pvsid=2835158087758255&tmod=573852419&uas=3&nvt=1&fsapi=1&fc=896&brdim=-8%2C-8%2C-8%2C-8%2C1280%2C0%2C1296%2C696%2C1280%2C595&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.01&ifi=2&uci=a!2&fsb=1&dtd=2254

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/html/r20240709/r20110914/zrt_lookup_fy2021.html

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&gdpr_consent=CQBsaMAQBsaMAEsACBENA9EoAP_gAEPgACiQINJB7C7FbSFCwH5zaLsAMAhHRsAAQoQAAASBAmABQAKQIAQCgkAQFASgBAACAAAAICZBIQIECAAACUAAQAAAAAAEAAAAAAAIIAAAgAEAAAAIAAACAAAAEAAIAAAAEAAAmAgAAIIACAAAhAAAAAAAAAAAAAAAAgCAAAAAAAAAAAAAAAAAAQOhSD2F2K2kKFkPCmwXYAYBCujYAAhQgAAAkCBMACgAUgQAgFJIAgCIFAAAAAAAAAQEiCQAAQABAAAIACgAAAAAAIAAAAAAAQQAABAAIAAAAAAAAEAAAAIAAQAAAAIAABEhCAAQQAEAAAAAAAQAAAAAAAAAAABAAA&addtl_consent=2~70.89.93.108.122.149.196.236.259.311.313.323.358.415.449.486.494.495.540.574.609.827.864.981.1029.1048.1051.1095.1097.1126.1205.1276.1301.1365.1415.1423.1449.1514.1570.1577.1598.1651.1716.1735.1753.1765.1870.1878.1889.1958.2072.2253.2299.2357.2373.2415.2506.2526.2568.2571.2575.2624.2677~dv.&client=ca-pub-6818625889483991&output=html&h=280&slotname=1836264669&adk=1623672502&adf=4029756731&pi=t.ma~as.1836264669&w=900&abgtt=3&fwrn=4&fwrnh=100&lmt=1720887079&rafmt=1&format=900x280&url=https%3A%2F%2Fwww.codedpad.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1720887077007&bpp=2&bdt=516&idt=262&shv=r20240709&mjsv=m202407090101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=644004134330&frm=20&pv=2&ga_vid=945553925.1720887077&ga_sid=1720887079&ga_hid=2008867700&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=510&biw=1263&bih=595&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31085139%2C31085211%2C44795921%2C95334511%2C95334527%2C95334579%2C95334828%2C95337026%2C95337065%2C31084678%2C95337094&oid=2&pvsid=2835158087758255&tmod=573852419&uas=3&nvt=1&fc=896&brdim=-8%2C-8%2C-8%2C-8%2C1280%2C0%2C1296%2C696%2C1280%2C595&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&bz=1.01&ifi=1&uci=a!1&fsb=1&dtd=2241
142.250.180.2:443

googleads.g.doubleclick.net

tls, http2

firefox.exe

1.4kB
5.4kB
11
9
142.250.178.1:443

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

tls, http2

firefox.exe

2.4kB
18.6kB
21
28

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.180.4:443

https://www.google.com/recaptcha/api2/aframe

tls, http2

firefox.exe

2.0kB
7.0kB
15
17

HTTP Request

GET https://www.google.com/recaptcha/api2/aframe
142.250.178.1:443

tpc.googlesyndication.com

tls, http2

firefox.exe

1.5kB
5.3kB
12
14
162.159.130.233:443

https://cdn.discordapp.com/attachments/1261685759107403860/1261691864415998087/Roblox_Gen_V1.2.7z?ex=6693e19d&is=6692901d&hm=b30d39266087d766fdfdb497233be20b62fc9bdbca4d76eaef075b3841ecc611&

tls, http2

firefox.exe

2.1kB
25.4kB
16
29

HTTP Request

GET https://cdn.discordapp.com/attachments/1261685759107403860/1261691864415998087/Roblox_Gen_V1.2.7z?ex=6693e19d&is=6692901d&hm=b30d39266087d766fdfdb497233be20b62fc9bdbca4d76eaef075b3841ecc611&

HTTP Response

200
162.159.130.233:443

cdn.discordapp.com

tls, http2

firefox.exe

1.3kB
3.8kB
8
7
127.0.0.1:6606

regergerg.exe
127.0.0.1:6606

regergerg.exe

8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

spocs.getpocket.com

dns

firefox.exe

65 B
131 B
1
1

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
34.117.188.166:443

contile.services.mozilla.com

https

firefox.exe

2.3kB
8.9kB
7
11
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Response

34.117.188.166
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

82 B
175 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
157 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

44.238.192.228

52.33.222.107

44.242.121.21
8.8.8.8:53

firefox-api-proxy.cdn.mozilla.net

dns

firefox.exe

79 B
160 B
1
1

DNS Request

firefox-api-proxy.cdn.mozilla.net

DNS Response

34.149.97.1
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
161 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
34.149.97.1:443

firefox-api-proxy.cdn.mozilla.net

https

firefox.exe

2.3kB
14.1kB
10
15
8.8.8.8:53

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

100 B
116 B
1
1

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.149.97.1
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
110 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
116 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

52.33.222.107

44.242.121.21

44.238.192.228
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

100 B
128 B
1
1

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:74e4::
8.8.8.8:53

228.192.238.44.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

228.192.238.44.in-addr.arpa
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.180.4
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.180.4
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
88 B
1
1

DNS Request

www.google.com

DNS Response

2a00:1450:4009:81e::2004
8.8.8.8:53

4.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.180.250.142.in-addr.arpa
142.250.180.4:443

www.google.com

https

firefox.exe

76.3kB
252.0kB
163
301
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

192.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

192.142.123.92.in-addr.arpa
8.8.8.8:53

aus5.mozilla.org

dns

firefox.exe

62 B
180 B
1
1

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201
8.8.8.8:53

location.services.mozilla.com

dns

firefox.exe

75 B
153 B
1
1

DNS Request

location.services.mozilla.com

DNS Response

35.190.72.216
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201
8.8.8.8:53

prod.classify-client.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
110 B
1
1

DNS Request

prod.classify-client.prod.webservices.mozgcp.net

DNS Response

35.190.72.216
35.190.72.216:443

prod.classify-client.prod.webservices.mozgcp.net

https

firefox.exe

2.1kB
4.6kB
8
9
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
175 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net
8.8.8.8:53

prod.classify-client.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.classify-client.prod.webservices.mozgcp.net
8.8.8.8:53

ciscobinary.openh264.org

dns

firefox.exe

140 B
572 B
2
2

DNS Request

ciscobinary.openh264.org

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.209

88.221.134.155

DNS Response

88.221.134.209

88.221.134.155
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

172.217.169.46
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
99 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.155

88.221.134.209
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

172.217.169.46
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
123 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:869b

2a02:26f0:a1::58dd:86d1
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

130 B
186 B
2
2

DNS Request

redirector.gvt1.com

DNS Request

redirector.gvt1.com

DNS Response

2a00:1450:4009:818::200e

DNS Response

2a00:1450:4009:818::200e
172.217.169.46:443

redirector.gvt1.com

https

firefox.exe

1.9kB
9.3kB
7
11
8.8.8.8:53

r1---sn-aigzrnsr.gvt1.com

dns

firefox.exe

71 B
116 B
1
1

DNS Request

r1---sn-aigzrnsr.gvt1.com

DNS Response

74.125.175.38
8.8.8.8:53

r1.sn-aigzrnsr.gvt1.com

dns

firefox.exe

69 B
85 B
1
1

DNS Request

r1.sn-aigzrnsr.gvt1.com

DNS Response

74.125.175.38
8.8.8.8:53

r1.sn-aigzrnsr.gvt1.com

dns

firefox.exe

69 B
97 B
1
1

DNS Request

r1.sn-aigzrnsr.gvt1.com

DNS Response

2a00:1450:4009:17::6
74.125.175.38:443

r1.sn-aigzrnsr.gvt1.com

https

firefox.exe

1.7kB
5.9kB
5
7
8.8.8.8:53

216.72.190.35.in-addr.arpa

dns

144 B
248 B
2
2

DNS Request

216.72.190.35.in-addr.arpa

DNS Request

216.72.190.35.in-addr.arpa
8.8.8.8:53

209.134.221.88.in-addr.arpa

dns

146 B
278 B
2
2

DNS Request

209.134.221.88.in-addr.arpa

DNS Request

209.134.221.88.in-addr.arpa
8.8.8.8:53

201.181.244.35.in-addr.arpa

dns

146 B
252 B
2
2

DNS Request

201.181.244.35.in-addr.arpa

DNS Request

201.181.244.35.in-addr.arpa
8.8.8.8:53

38.175.125.74.in-addr.arpa

dns

144 B
220 B
2
2

DNS Request

38.175.125.74.in-addr.arpa

DNS Request

38.175.125.74.in-addr.arpa
8.8.8.8:53

46.169.217.172.in-addr.arpa

dns

146 B
224 B
2
2

DNS Request

46.169.217.172.in-addr.arpa

DNS Request

46.169.217.172.in-addr.arpa
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

7-zip.org

dns

firefox.exe

55 B
71 B
1
1

DNS Request

7-zip.org

DNS Response

49.12.202.237
8.8.8.8:53

7-zip.org

dns

firefox.exe

55 B
71 B
1
1

DNS Request

7-zip.org

DNS Response

49.12.202.237
8.8.8.8:53

7-zip.org

dns

firefox.exe

55 B
115 B
1
1

DNS Request

7-zip.org
8.8.8.8:53

237.202.12.49.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

237.202.12.49.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

aus5.mozilla.org

dns

firefox.exe

62 B
180 B
1
1

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

164 B
196 B
2
2

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201

DNS Response

35.244.181.201
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

164 B
350 B
2
2

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

prod.balrog.prod.cloudops.mozgcp.net
8.8.8.8:53

github.com

dns

firefox.exe

112 B
144 B
2
2

DNS Request

github.com

DNS Request

github.com

DNS Response

20.26.156.215

DNS Response

20.26.156.215
8.8.8.8:53

github.com

dns

firefox.exe

112 B
144 B
2
2

DNS Request

github.com

DNS Request

github.com

DNS Response

20.26.156.215

DNS Response

20.26.156.215
8.8.8.8:53

github.com

dns

firefox.exe

56 B
121 B
1
1

DNS Request

github.com
8.8.8.8:53

objects.githubusercontent.com

dns

firefox.exe

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.109.133

185.199.108.133

185.199.111.133

185.199.110.133
8.8.8.8:53

objects.githubusercontent.com

dns

firefox.exe

150 B
278 B
2
2

DNS Request

objects.githubusercontent.com

DNS Request

objects.githubusercontent.com

DNS Response

185.199.111.133

185.199.108.133

185.199.110.133

185.199.109.133

DNS Response

185.199.109.133

185.199.111.133

185.199.110.133

185.199.108.133
8.8.8.8:53

objects.githubusercontent.com

dns

firefox.exe

75 B
140 B
1
1

DNS Request

objects.githubusercontent.com
8.8.8.8:53

133.109.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.109.199.185.in-addr.arpa
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

148 B
310 B
2
2

DNS Request

contile.services.mozilla.com

DNS Request

contile.services.mozilla.com
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

142 B
250 B
2
2

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
161 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

188 B
374 B
2
2

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

7-zip.org

dns

firefox.exe

55 B
115 B
1
1

DNS Request

7-zip.org
142.250.180.4:443

www.google.com

https

firefox.exe

8.7kB
87.3kB
33
89
8.8.8.8:53

support.mozilla.org

dns

firefox.exe

65 B
155 B
1
1

DNS Request

support.mozilla.org

DNS Response

34.149.128.2
8.8.8.8:53

us-west1.prod.sumo.prod.webservices.mozgcp.net

dns

firefox.exe

92 B
108 B
1
1

DNS Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

DNS Response

34.149.128.2
8.8.8.8:53

us-west1.prod.sumo.prod.webservices.mozgcp.net

dns

firefox.exe

92 B
185 B
1
1

DNS Request

us-west1.prod.sumo.prod.webservices.mozgcp.net
8.8.8.8:53

codedpad.com

dns

firefox.exe

58 B
90 B
1
1

DNS Request

codedpad.com

DNS Response

172.67.129.236

104.21.1.208
8.8.8.8:53

codedpad.com

dns

firefox.exe

58 B
90 B
1
1

DNS Request

codedpad.com

DNS Response

104.21.1.208

172.67.129.236
8.8.8.8:53

codedpad.com

dns

firefox.exe

58 B
114 B
1
1

DNS Request

codedpad.com

DNS Response

2606:4700:3032::ac43:81ec

2606:4700:3037::6815:1d0
172.67.129.236:443

codedpad.com

https

firefox.exe

10.1kB
124.9kB
43
129
8.8.8.8:53

www.codedpad.com

dns

firefox.exe

62 B
94 B
1
1

DNS Request

www.codedpad.com

DNS Response

104.21.1.208

172.67.129.236
8.8.8.8:53

www.codedpad.com

dns

firefox.exe

124 B
188 B
2
2

DNS Request

www.codedpad.com

DNS Request

www.codedpad.com

DNS Response

172.67.129.236

104.21.1.208

DNS Response

172.67.129.236

104.21.1.208
8.8.8.8:53

www.codedpad.com

dns

firefox.exe

62 B
118 B
1
1

DNS Request

www.codedpad.com

DNS Response

2606:4700:3037::6815:1d0

2606:4700:3032::ac43:81ec
8.8.8.8:53

236.129.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

236.129.67.172.in-addr.arpa
8.8.8.8:53

208.1.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

208.1.21.104.in-addr.arpa
104.21.1.208:443

www.codedpad.com

https

firefox.exe

2.5kB
11.2kB
11
25
8.8.8.8:53

ajax.googleapis.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.180.10
8.8.8.8:53

ajax.googleapis.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

216.58.201.106
8.8.8.8:53

ajax.googleapis.com

dns

firefox.exe

65 B
93 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

2a00:1450:4009:820::200a
142.250.180.10:443

ajax.googleapis.com

https

firefox.exe

2.0kB
7.1kB
8
8
8.8.8.8:53

region1.google-analytics.com

dns

firefox.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.32.36

216.239.34.36
8.8.8.8:53

region1.google-analytics.com

dns

firefox.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.32.36

216.239.34.36
8.8.8.8:53

region1.google-analytics.com

dns

firefox.exe

148 B
260 B
2
2

DNS Request

region1.google-analytics.com

DNS Request

region1.google-analytics.com

DNS Response

2001:4860:4802:32::36

2001:4860:4802:34::36

DNS Response

2001:4860:4802:34::36

2001:4860:4802:32::36
8.8.8.8:53

10.180.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.180.250.142.in-addr.arpa
8.8.8.8:53

72.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

72.169.217.172.in-addr.arpa
8.8.8.8:53

226.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.187.250.142.in-addr.arpa
8.8.8.8:53

36.32.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.32.239.216.in-addr.arpa
216.239.32.36:443

region1.google-analytics.com

https

firefox.exe

3.5kB
7.9kB
12
14
8.8.8.8:53

fundingchoicesmessages.google.com

dns

firefox.exe

158 B
232 B
2
2

DNS Request

fundingchoicesmessages.google.com

DNS Request

fundingchoicesmessages.google.com

DNS Response

172.217.169.78

DNS Response

172.217.169.78
8.8.8.8:53

www3.l.google.com

dns

firefox.exe

63 B
79 B
1
1

DNS Request

www3.l.google.com

DNS Response

172.217.169.78
8.8.8.8:53

www3.l.google.com

dns

firefox.exe

63 B
91 B
1
1

DNS Request

www3.l.google.com

DNS Response

2a00:1450:4009:819::200e
172.217.169.78:443

www3.l.google.com

https

firefox.exe

13.9kB
89.2kB
55
102
8.8.8.8:53

78.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

78.169.217.172.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

firefox.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.180.2
8.8.8.8:53

googleads.g.doubleclick.net

dns

firefox.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.180.2
8.8.8.8:53

googleads.g.doubleclick.net

dns

firefox.exe

73 B
101 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

2a00:1450:4009:817::2002
8.8.8.8:53

tpc.googlesyndication.com

dns

firefox.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

142.250.178.1
142.250.180.2:443

googleads.g.doubleclick.net

https

firefox.exe

13.8kB
88.9kB
37
87
8.8.8.8:53

tpc.googlesyndication.com

dns

firefox.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

142.250.178.1
8.8.8.8:53

tpc.googlesyndication.com

dns

firefox.exe

71 B
99 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

2a00:1450:4009:815::2001
142.250.178.1:443

tpc.googlesyndication.com

https

firefox.exe

5.2kB
62.2kB
25
61
142.250.180.4:443

www.google.com

https

firefox.exe

1.6kB
2.2kB
3
4
8.8.8.8:53

2.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

2.180.250.142.in-addr.arpa
8.8.8.8:53

1.178.250.142.in-addr.arpa

dns

144 B
220 B
2
2

DNS Request

1.178.250.142.in-addr.arpa

DNS Request

1.178.250.142.in-addr.arpa
8.8.8.8:53

cdn.discordapp.com

dns

firefox.exe

64 B
144 B
1
1

DNS Request

cdn.discordapp.com

DNS Response

162.159.130.233

162.159.134.233

162.159.133.233

162.159.129.233

162.159.135.233
8.8.8.8:53

cdn.discordapp.com

dns

firefox.exe

64 B
144 B
1
1

DNS Request

cdn.discordapp.com

DNS Response

162.159.135.233

162.159.130.233

162.159.129.233

162.159.134.233

162.159.133.233
8.8.8.8:53

cdn.discordapp.com

dns

firefox.exe

64 B
123 B
1
1

DNS Request

cdn.discordapp.com
162.159.130.233:443

cdn.discordapp.com

https

firefox.exe

1.8kB
6.4kB
6
10
8.8.8.8:53

233.130.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

233.130.159.162.in-addr.arpa
8.8.8.8:53

215.143.182.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

215.143.182.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
8af282b10fd825dc83d827c1d8d23b53

SHA1
17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355

SHA256
1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca

SHA512
cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
960KB

MD5
79e8ca28aef2f3b1f1484430702b24e1

SHA1
76087153a547ce3f03f5b9de217c9b4b11d12f22

SHA256
5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7

SHA512
b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
b5786ebbcb277f36aa5540a23eee5d44

SHA1
92e0d4f9f60a9a4fbc9cf37fa9e7646b9d6d7d40

SHA256
2386b1ca97f4193b75668d6abb41cb09c844866d9fc9933110531ceef6fc2b76

SHA512
0dedbeb5ef30a891dcee655704349968dd22cf01961a404b78d776e6a084bc3479d46b7d055896201e22218f6e6685c638a748d5b01ce652f91bf49377dfd3cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
a55e770d0ef25db3d356b42a81156c93

SHA1
31842a57bdddeae7d559d4ac27b59b70d2c39404

SHA256
2907a897d1602957ec848b99b17c64ae3b808dc30e20723e57355e00fe2ea7e6

SHA512
69ee9f6b209e5f161ff78c1442c8120d6dbb6ed1b5e484b2ce3a11316ddf3184aece6e5a110cf23225ce863874b404161fefa285f75101cddb5504f13354a32c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
2ac64855d68c9f7af7ceca8e9e810451

SHA1
e645b0ab96f52ebc1f68634da3b4c1960c29488b

SHA256
a1f31060009f10088dcfcdc0c950a665a1307d5672f8d9e7438525fbd6c8de8f

SHA512
95173949804e40f494b5be6af857c102e8975b2034e0edb34424410f3be8b6dec6530860d8b8767e4351068a296efdf9858ac5f140b65da850f3dcae16310e7a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\355FBF8318C3C415900BB9569C4749428BB5E9F4

Filesize
37KB

MD5
1aedee948133af7f49ed4df66d1e2102

SHA1
83700efd018cd9c94e6da97fa45c8d5b01afcda4

SHA256
55fbed6d29423a6a6b391b6ee984ab9be7d1d180e8417f0b3bc07ccdf0348863

SHA512
aeddfa4b79e6c650c3c2074cdbd947f102d00a85bb89e2654261eca2ae14c329fb350bc7e07ff5cb44741c209516c4ca982f0df9c3a13459339ab344126efa67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618

Filesize
220KB

MD5
4a4c53819e49608f4669e1049d445c0b

SHA1
ed696eafa667bfd4509690159aff24824da7d2d6

SHA256
baa83f604c3abe13f7906536d573144dbf02ff29cf84029c4d9a0db441f1d90f

SHA512
46252b5f46fd08dddb0ec4b5f45c4b66b0c0aa39858b6a31795d97034ba590ae7f6466fa5709029927ae494ba13142fa49bd5c3ca71c119ad9f05140ae921588

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
33bba46fcf80bd0389927d727dc9becc

SHA1
e822018039abbf8f702e6630ad59381c4de6d6d4

SHA256
b16714e87f2ad1b9480a0f8782df096ca9e8421365a7bd20cad129b40ef82899

SHA512
a3457cbe99bec57bad04cfdd6a0174f527238edc2bed91fe566dbe56c9b134cf5516547d1c383c7d51d1cda1de8ac0aa35a188894d329c2a44eb9503e2adc66c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
9dec9997a7d6ccc4de03a0df16b9a7cc

SHA1
db412020603cf84b6ab027aa4a19c569a66421ba

SHA256
fef829a39bf8f93e4f4280493f9ee061cb9c0cc6c2110cc6dc9edca709343cdd

SHA512
f8579040b24949fa2f0d05d5a50084e0720acf0739c7b394dd4d25ae275b4f34301465c92ba409f274ee630cde76cb4678b676209f384fb4f293f4c992dd7ef0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\73DBD83ACAFBE07A338D6E38916BEBFA0EEFD8F5

Filesize
60KB

MD5
193e74d976efe2920b3fd30ed74058fe

SHA1
afeab0ed8cd5b7b75597754042c42e96c050f457

SHA256
f3fdcb730ca4436cae52bc8739464812bb6786094db16da60ded5e29a31f7975

SHA512
c868af9607fed56794ef5703ab71938d4805ef790d189cc6aff7fded2f02f0ec31826cd4590c24850550830320258ab94b7ccc4fa4f10b3ca31c07a43e79e48d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
c7d5977b3ee0694aab12433de44e0412

SHA1
ff1af69c211670a6794e03b204dba5f24b3208a1

SHA256
f4f86d618ed5ca064476fb55d95584d62797c30423c52790ccc31287d48643c9

SHA512
ca56ba45924b5a39a2327f6d0b6b6d2c87d885f25cbaafe72f64469f703369e2214bf6ffab0720aff0b2fc378cc2698ab2c6762593cf0965b23858dc389fd6f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
133KB

MD5
a4d3940fda8ea7e866b904bdc99fef1f

SHA1
d1e55ba3480bf5054765e96ed52a8e0a066f6ba7

SHA256
fc5b2161488b34e8ac50a1b9259c27d68171f722b7740fafcb79ed78edc9299b

SHA512
9f6306053daa07a91f677a9c4a3424aeff4752e557bc2a5d10b88786c04636357381f876bc519adbe477378cc478e175f636c763a6d1fb2157649e030a88f3dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
66KB

MD5
c66a069ab5697fc0d4e0f501f0a3d32f

SHA1
febb101a89ea5aeff4b163b552ab782ebbe89b65

SHA256
15e84f01283f2f683b17b0f35217d67b28da623d1f5f843d12f9cd131b7352f8

SHA512
d0331af6e648cb0530854f01c83b027b602fc55d1fe71764a24b2034d032a106c17c9dca52f514e5bf0cb859b0c6df8ab2a80681f4fb65fbeb5a5e114cbd3d37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\E9141CB66117E62DBF4B5BE4614A52B7FF453F14

Filesize
138KB

MD5
2e0eb9b6a98c232e0b14f35deab5ff0e

SHA1
51035160ac2c8e449d919c60f201933694221a28

SHA256
5230c518dfca76a751d7473ca15802f4710c15be0bda5eea4afe9a6038ebd456

SHA512
692b9a4ce606a814016785124d4eee44fe901e57a78feefc38981f9e9a1dc067f6ad4ad4b83f6ec4cfdee843e54ce9865156ae43fbb08eea9cab1bcb1ea43313

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\startupCache\scriptCache-child.bin

Filesize
705KB

MD5
e82f84771b1a201913d4f0eded98b8e3

SHA1
aad0ec2dc07a5a12f2731e7979e886178606517e

SHA256
50c82d22abf0759b509cefec20ce622820362d5791151b3aeb2b774d5038ce41

SHA512
f81b801de0e3d357adb25e340452971440f3bdfe9e3b095c609bcfa4ba526b03792463eee40b659211e258ff4522cf61ba205ed0d2061284f39e502a3760e8e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\startupCache\scriptCache-child.bin

Filesize
479KB

MD5
0855c7d08fec744aecdba12f3d841475

SHA1
ccbb699f95e0facee98ba71f59b8a654111df21a

SHA256
2a7474f3e141c135ae792c015f8a9fbd8313ab53ac8c69f3bac65ab8f945adf5

SHA512
c6ac5080a555adfcab4f09b0a011095d190ffe27af60c22520b075a8cc8d20ba26df76927aae1ad1e2159f4cdcdf05df4514aa8dfc49223970084141a3f81091

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\startupCache\scriptCache.bin

Filesize
8.6MB

MD5
3ee03505b2534c4dab4796dae1b99f2d

SHA1
09728011bec4ebbeac78095094c018d5b302174c

SHA256
ec3b120cc4a972357dbf672107982e4de41cb6bbabc961efddfd0e9615b3b03c

SHA512
7ee814c77ca0bcb9f176e9c88ec79d4f8e52fe1a7dbe03cf0444a2051216fa4c119a29393d265ba6283cca35f7f5eaca80ddf82a278ed729d2249848ae0dbb14

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
94b0b4eb58f94b1ebcdb7e0a87a0b953

SHA1
f38c0f2f55ff26e5bf22e9d83d19d53075201f45

SHA256
8339fe9b17fd2877ad14e9c2789a8c5a7c4854fd982cae24cc0f05ed956e45b5

SHA512
d904e0094e000d032cfa417b5cdd1acf6ab9e8864f569903ccc2b3594c1263899d8d94d0fa85312e2bf02ec92f32bf9eaf3593f273c7931e299ed8174d88772b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
03b06925d9363bbc0ef560109ed7d4ad

SHA1
1d255c91b23912c851262d83c8ea0b5d6d0646d0

SHA256
03fcbd91ef6d0f064f5ab593940184b5ef9fb0557bf880932b1d53aa28f9e868

SHA512
f02aa6a1d6b0f4ad3d0b2553fd4113f6bf498d51b1cd77ffb8fcb89fed7d7b526effab907886bf75d74c35541a5ecb1ad1a6ad64ee38ab8556988e7e1c5f18d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
58430d87c607592f44fc02e1aa634576

SHA1
ab81a9cce11576bd0052a24fcbb4d738f79587b7

SHA256
2388b78af93bf80470e2d1a03fbc31d8cfe7eac77157942b375a1a1b32158eb9

SHA512
b866961aec3685160b483c64a12e7d2042d8561c40d2edb154fb49eba7f1cb8acfd2fea011db001ef93a959c9b4fe8adb417ce9d175dfd71a9b6804d72894ecc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
da45eb5fca3f26563a108a4d04d5e9c1

SHA1
d773e28eb3f34174a6736d6d695bdf54d0d405d2

SHA256
17d3608072cb332e9ac1ca18faf2b686d73c0bbbe7907d339028d44d8dd0bde5

SHA512
8ab0903ff1de50dd320597b4fa872227876a3926f7daa4de6a58df430ef813f558d5a7add56cb3d95290e02849fbfc5dcf9b88e975ca9288411ef6f572e9f562

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\thumbnails\683ca52163a6809f7ca5becbfda0f9f1.png

Filesize
15KB

MD5
03334cbae958046a83c8faf258652fb2

SHA1
d5c1f32ef101c2813290ede51cc225d2d437f2c7

SHA256
687c22903e4b136721202092b39bcba22abb61bc69f885cb2af97847f7511c95

SHA512
b6092d2bc59914241c5773201026498f65181ae9c0d326189715125a4d923fefa807b54ddd7a879fd256d1c4c967b69dd467a0c19f30d17c7d5ca5c3e4b47612

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
12KB

MD5
0254a874f0e83ed7ed75a0b912e5a712

SHA1
ff92561de69bebc6f89089ee2a3b396720a68ead

SHA256
9e912233837fe043914ffbbc8b59e0dc84cdfee81d901e6e1e4b137d17204434

SHA512
2f8f531ea2df02c751d42d320be9cb2b26d785de0e2598d8feb899b7487217c26a943dc187b3264d734bcc4bfc88e6e50c4c916ed3c24db5cae555a69240a641

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
12KB

MD5
35597d84947d3536bfeee6cfec65ca37

SHA1
f587e206b988536fc8b832cf1dc49573353fa662

SHA256
7035e955856dc403dad880e3eaa0dbedc47364ad4859161c0cb2b2090f7812ab

SHA512
4f206c318990b1f1ddd156047a53e0a138d05f569f8d6349fd4149bfd71d73d0a3cc464134cdcab3c1df6dc9e8048a73d7aba211cb641a0c0613ec2622773f1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
7KB

MD5
a544daa14c5e7d41a8c4692db7634f01

SHA1
cbb015f2590b5023ae2046284ced75ce6218f4e9

SHA256
d1978ca61589169de18a1ee99aecf62ba8dc29f9cee17467e9087b076874678f

SHA512
5a7070ae28f6e09fc8b90b5dc91d73bbcfcc4ca2dc73840a1764bf811b5537b67a058f4c9f70cfb96f8579fa44618e96f6c6eb4080fd0f6ad26afa3cd94054f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
12KB

MD5
e14e018801dc84e5d2c2c1dbfc738603

SHA1
f0fe55014d0354e4ff011180a4e0c658d1d6ff81

SHA256
6e6ad6bd18e00cba324a5e08dd2908192d5e72c5e8d3a87d2ce3226b61e77830

SHA512
dc02edf8ae58dc947c2bdcb65a77ae36d894ec8f07c4b54595088b98999ab5d171ab7124498a68f03d22a38b187b55259982c6397b80ee07eff2bcd5ae0fc490

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
007ba2022d6fe76af9663c9d76c7e44f

SHA1
654cea9fa6e898ae153f40846e5a771ac8eb91e9

SHA256
334b0e3bfd12d5febf769dd2ca1c35265e1f3fd95e111a766252c3f218da4470

SHA512
ac25635534a04bed1f7f3ab153d730e718be571abc07efbc720f4834c79f233d7757ef504e00b540854496e6421edba8f49b4b2cd5c7dd64ee7e5ffb5fd1d3a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
dce4b959029ba75ed0856fc166df452f

SHA1
3b9a367fa0c3640110c4137f8da6c60537bd1fda

SHA256
23c02eed7d17710f429bf74a077fd3745ebe554a54f3c09717e080c5ebf239a3

SHA512
fa50f706b50afd9f05d6056c8c6c69c02640955c6111979a295c98713dba3969f8f5f99237abaf0a13a383611b5d60e84cf2eba09ad13d7fdbb3b1ee29927130

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\addonStartup.json.lz4

Filesize
6KB

MD5
7c11af01ea5b447f31bcd4fe2ed3d004

SHA1
2ac15a0fa860dbc383f4e74a94c1f86bacb6b49b

SHA256
496cda7d365f1ed58006ce54c3b50950d54116174e86d2b50ef7c2cb1c70ae2f

SHA512
cddc9c7796612479e87e1a64927b816c5ca0581333569fd4c5e9fa285d3112041cdd7839397a19320b305981c46c2419bc99619c20f1a699817e50867adfec73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\broadcast-listeners.json

Filesize
209B

MD5
97c3738563a9448365a735f5f29ed3d5

SHA1
15a81433236ca6e6ecc4e1c8d0fdb8523b265c57

SHA256
63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24

SHA512
ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\cert9.db

Filesize
224KB

MD5
dbb328dba07c87edcc814b372d040ccb

SHA1
1de7c7c22d08f8facf0e1a0bc488d4de8b94802d

SHA256
66ab60694db80217dce968152091e58134de1891c9136af755fee7368c5cf057

SHA512
a2dcde74e7f224861346d0d5832621c00e656860cb54fa5d9400c826b1cbdf12c2c88423dd058dcc59f460fb4964f488ea2add0cf173859527c9a95b3de171ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\content-prefs.sqlite

Filesize
256KB

MD5
d5f26a416afa22901b6cc4dc07553e8b

SHA1
3c926a12f40b1d721aef19379ce7707abf7adbbc

SHA256
b6b90ef7265e82be4fc2a106fb7f91008014153f04913be4dc2339d1db988346

SHA512
80a5ff2bd6ca39cca527ade8c5b8070815c9b785c41249d0fd054cd0d1b8108f925b2bd104dc37f1e920038416ab260a43e4737ccc8b7f4bc43ae3e9852fd4e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\cookies.sqlite

Filesize
512KB

MD5
3fe1ce91117f52d49b50755bcfc7a05b

SHA1
1df91dbf90f1b71fb58d725204566cf6a9afb5cd

SHA256
797b4b350e19a8ed3b0bfc4841bdf0dde7ed8f96b4700a9ce87f34769a05ac24

SHA512
f4f6cd9c191424de27ac6f944481078e5ee574c96033a2437e9f418f3939ced3c53cb6b1adb3b2e0b7cda9622c64d46803137c2ae208d16c3c1ddc4c171ff54a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.bin

Filesize
39KB

MD5
35444cf4d9df7888d7963d9da7c9e84c

SHA1
d4d63e761f45c183e374fe9e1ad4df3da084a432

SHA256
1a23302cf03d5adeb2a187bce7ba46a3346a48cce7ecffbf090d96cf462ed80d

SHA512
4cd0cd6f3e11bd00b1ac4d296ebdc0a0dfa7770039616644502e30bf2dfb0ac7d27a38cc4c2f7f1230231d0f262bc7f7501b259e59de4a196127ef98f1935266

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
eef8b4f9fda9fe9603d2d8efd56c8d8a

SHA1
9d94b5b80483811944afce26ada23f05ab2e4f07

SHA256
39c25f355b621f4eb8c47ecee8be2276b1be0970f7b1040b1470ce117b6bf5c5

SHA512
9407f255328c8f37ef84060da382dda3e21ae19fc56f2503a4bd16110c32c3662c97d13f84e796d2b2867d14a4a576cd0faa06c60cbc8b32e3ce22a2f08f9cd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
39KB

MD5
4019c117bfc0ae19aacd233130cfa83f

SHA1
cbed627e10aacab4cee4ba44a6ce5cd8b03f83ec

SHA256
746207ace451d7b9b7e60d2cc26009c6b59200605446e9fd94c28b740140e29e

SHA512
2754e6742684894134aa99f5a82554988c7aef38e805293f0a3257b674444abbbbb00362fa1c80dac0aa6f8933850ba080474b696e71b3b0720867083caa70d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
38KB

MD5
29bd6e89256e0e205c574df8597ed28c

SHA1
07d7b35e7ffd6f744d841269bbf8489e9a0d266d

SHA256
078941c26bd18435094d30f6e3ba513ab2058d6bac85dfc37ea926eba5df9ac0

SHA512
ffc300e853c2897dc7827d3f42bcbba83dc1b2cd36598cb0a36bb438372b6985583f55f23b2b2bf8547b1fc068b46f9246b751469e7faa92f3e6c9fca1814ccf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
38KB

MD5
01dc68b8756f4de617d4f12dfc6a3204

SHA1
23a1a54e942df08764d3084ef8c6a56dad639bc7

SHA256
43d2dbb987d859919e0afc52e310ba7302de99105f04921c5b7aadd000032915

SHA512
fd2cb548659dee51a3da78f9de885f3d1a983f4683b20a153dbd9760bb8bb709e01d9d70f1ecd563739c31832ee0f9ad4561f30ccb82034b7bcdda3a990a1d11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
787a4fe8341df5fbbecff54edb496d0c

SHA1
cd282b36b3500b8f4057847e535511e4da29ff77

SHA256
f3cf8de18f7b70599c17094a474517872ddee03bdf0e3a4c633206e89ed72ba9

SHA512
1f2b94d1341216f1f50466f173c354d3db32fa3a53edb3c7030a43f4037eafbec45da96f338c45793c7d44cbf3ffc9ea2e6e0c5cff1fa07650ff32f64a282406

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
3e157c56ccae9cbcffb77b85a945847c

SHA1
141f1b6d4cdec36175e6dd30f7f4971f7b3a09bc

SHA256
d1ab527653108e9e3070b6cd9995b3c6351d695a574b3f0af0d6a55975dccbce

SHA512
e7344e112f80385cfe377bcfe847403a69974b06b8e74c8367b268ffcc1939892c5828621ada8ea104c9c48fff5a6ecd4e59149eb32a483af6d60def7e6ef651

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
39KB

MD5
d913abeb75959117ea8ef47a5f6408e6

SHA1
3b62bfbb72228cfb6ec6f6ce967551ab2551355d

SHA256
d87f227aed3f5b547799e2fddaa0ef2afe4e9da61c0fe611ae9cda4d0f0d59a8

SHA512
b8a5e8438b1db4c14245dd233b01a1e5f54ba90019494d5af3d8a90048a855e8a0fa86014e0d4135ebe2ec74f8344714b3bc7f839a660566a84a2ed061a9d498

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
e9fd7e14efdd94ea58b5277c3da0ac13

SHA1
1e270ab4b1e0eee869f4a4ad88d9c4196627860e

SHA256
8e488e6132ccf6214c0e0f25d117457522153d9dbc9f8ad564099fb280c6074c

SHA512
e090005fbf3c1b70df2797fec39ea65457f0431656fff0cd8ec96ed982803568ed0a3e5a2e349767499216d12f968e2b5c6edc77e4d3b6974940336ab663f120

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
38f20860a47d62097f03f1da4e937e9c

SHA1
25f56e4316b3e36748dff122408790029b99b34b

SHA256
775f1e1bcdb3989c58a4c16798266db7876826082ea3761ba533dbeb99f74c33

SHA512
b62d0f3fa570799b98580e3941f127ccb86bdad679ebb0b1341544cb1152a07c2924884efa48abdaf8d02560c188cf51488f46272732b9ac2fcd31ab9da81312

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3e520ef7f7f0a342911d55acdaf95374

SHA1
3ac1b7d8de12734c619ca4d427cbcb715f7588d6

SHA256
12b7b1fff44d5fbc80defe6c6de283f4720035d7ac6daddca1eb7e8bb9a39ad6

SHA512
1a026c96e82d0e9282956c2f3211ebe4f0429d6cb74e38a563d8f2c1a471ff98dc16dc134d3e105c70727055d47a1a3dec581fe7fbadbdc23bdb71e4b51ffb12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\events\events

Filesize
2KB

MD5
687ba09dfa2cd8c9718b59f4f1c0dba3

SHA1
a3309f3d3c55fae094c23dc282f649b4de91c44e

SHA256
fbbc708af91d3007e02c595f822c24b51b555354b1ac2818f9ac15d7473ba533

SHA512
a8eac1f30aa375ef523e900e921e9862e71b21804c6227f898572f3ab3eeaf9e89d5426f24379423006a27dcf044fc82a39ccc74b7fd18faea3f3e580419985b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\events\pageload

Filesize
839B

MD5
61c5e0a0165f84746141b21d1184a814

SHA1
c0ab6f754f4eca7aa3e39766cd435c1c4917b21f

SHA256
b59a7b0fefe23625bc177db8bbda07887e714e4b319ee01bca30ea29f1e07967

SHA512
9e0226c81d6664e821c502c1563f6d296cdbcc34d926fe84aac3dc1fb9736564261a0af2ecfd9560ecb5a68622b29fc231436b47e1245062eb0002c0deef6cbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\06679ef3-650d-47e6-898e-3df18cdd0763

Filesize
26KB

MD5
be253e8ace889cfda78b37553412ebe6

SHA1
1de3323da5972b327a44b8441f41f34b5e3e61f9

SHA256
b8410d2fc4280857c65e0e41d616539833a524e451a0c48b5dc905843d792f09

SHA512
fb40aa636766a8f0fc448fb2f6a2e26f46d2a174d754829b214dfbb197f4db42264b18d9500926e4218892c3e0fa40bbbc1d4694712ee3cfaa0c69c06ea3c4b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\0e11b6f7-da12-4b16-b73c-f29facd23b1b

Filesize
3KB

MD5
5449cb3574cbb0e634856e1d4d61b71d

SHA1
efc8ff52e9460d08838b66196892c9aaeda747b1

SHA256
44d4ba549ff0892b94d4de43faa2058440b8363115d52189cd9d143dafd51974

SHA512
b0aa3e1a3411584ccca0267bfbaa2c420abf3e1d36057d1bf92ee93695b17899c4a24019975ea75cb6232452369f5f9a584c0cec8f078e2f162c0f0e23613e7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\1b933092-603d-4e08-bc96-6e28ecdc8f59

Filesize
797B

MD5
03c56e5dd8705b00859fde52f9a836fe

SHA1
ae0aac3c8abcb0a72cb1ca1d864791123a44c85b

SHA256
57cdbe99604dd46c69a422c71d5608eba459e5bc051737350a4f5f272e42cbf7

SHA512
b20182fce33ba897053d6629a9a9a30add731f02939e1f44a19a1bb829ffe9dc4c7012686b7ace3c6688e93409ef8bcb26a79827b5a7265a37bcc188addd0e10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\2bcd526c-abce-4103-a108-6680f7232dcd

Filesize
734B

MD5
5e7fe1f31629db0b715ca6bf3ca4085f

SHA1
775249e4663d96d48fa161a567f1abcdc82ea4b1

SHA256
c1cb986ecb2985d464426212a6e4168b17af58ee73b3e0550927b01049680364

SHA512
63ab54a52245a2273fb1c2615c318e175471b98f1db01bceea7d3120900d00aa475138e189dde3d16aee7b8960a7641a71fcdee8d2b32163db5b0be4778ae190

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\2c54b569-6e66-441b-84cc-2df00775f1e3

Filesize
8KB

MD5
f30dd6a58fda8ba8464dbb552dbe7835

SHA1
9c16a9b19c171f702feee3d066ddcebe749f105c

SHA256
04c648cb27d4da019dabfc37771c129969edb058eac687c440f0a21304acda54

SHA512
f8c3afaf0f37a0dc9b7dd77c858519bc705b6a5128a993b65d62a13648eb3dc72d09b4011837963f705ebafa85a2ff21e8473acfc363f2f48508497b05a9664c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\3a5e24e0-b938-4308-80f7-3994fbc29d1b

Filesize
671B

MD5
388ffaf8d2af65597fa8ea150b6b3994

SHA1
74a8aea85e4b3901ba43503818bbc58a244a9cec

SHA256
af8434a8c4628d3ae694417575b4295b29f8ab364e210a4136929f2e23045129

SHA512
331883f143f60ab456dfec75e2251b8576ad97aecd6fa38f8c98104cbbad3b427795a94b84c285cbef817953b1a320e0f64fc916b3d63ae08e216af3be93835e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\61d01954-1d60-4ea8-9f2d-92d87a55127e

Filesize
676B

MD5
0cbb0b72b61c96b9c2820f15d2534ce0

SHA1
3e1208c04570fe0c7faad578cdc2a34bea1114f1

SHA256
5be7c92074ce18ac657044334c9a53ee880a23d41b3f6e80a788de132f62b060

SHA512
3f10814d888b03b4bfcfa8d49811961a7e7256ad3548a9f594a5000aef21cd0b87a35943009e78571233e3320a022790ef2c839aefd0d3f8fa2f3c89ecac5c2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\7d000ee3-aa85-4fe5-8a71-b30ea299ac31

Filesize
982B

MD5
9d8196700003ece028dad003c41b7222

SHA1
09f54c89728cee134a66502591a1e5084867f8c4

SHA256
236465ffc2f4a663a46970637400926c03a1da8566eab75ab79ea29e749802af

SHA512
767ea8633ff017aea4f63f7a3e9e998c2a6792e0de9076b1adf9b1116f0686d28e5a12f925e5fcd473fbbc8e55bc4ffaf54e4328f7aed6ffa8f95933b289361c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\d1939a4c-e5a2-4f59-a900-9dea13c32198

Filesize
1KB

MD5
16644a548e756f35d34d73609733a3c1

SHA1
0342f912044321e5fe724387d25d1fc2fe116f38

SHA256
a794a8fb32c9cf7d1b27b874cd448ec871a933d6e2c71da9bf4b297c1df7ca1e

SHA512
198e7e35ae38ece67cbe7910f1bb5a26c1b05e252512ef141d2b37aad72f01bbe58b2f8d13ef23fcdab7e0ec71d83724557f8bdf8263d51d94f92bc574f69f4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\df2c78b5-6d69-48eb-b115-135999d8b0d3

Filesize
982B

MD5
a65a90ec568121fcffaa972c57b48ec5

SHA1
39977921598de75d3d1dd17ac5e9454cdad1232c

SHA256
a56488d6b771ec37529a4d3d3447c7c2f26547715c6252bc9bfffd74d0646ccb

SHA512
4045e3d3589f38095115a6d5964045b8232eb90fc627402e566a584280c184ad05bef0ee76c3e4c5d2f54563489e100f586cf2b91c418bfde9dd06bf9147b4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\extensions.json

Filesize
37KB

MD5
811e90ad4873410ac5979335e536189c

SHA1
314b7694530a2b002b2d95adc51d218cf4032328

SHA256
3f889665e4e030c55636f25eeeb722c8f80056d8de0a762114b083d997049a0a

SHA512
7b3d5793ff1bc91faabf4a02cdc677c6f9d42667c59d41864b27c5f86f91458b1fea3a61ca0dad5e58e2f1fc35196e871b117a575b7f041d4f713497cdbc288d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\favicons.sqlite

Filesize
5.0MB

MD5
f18e1c5b2e31dd8043ef7d022f48050c

SHA1
d2ef8bc7e4eb429a4ab09c91bdccccab470221d8

SHA256
98b8e11d0b0aa486f82ae4b44b4d4fcce25a7c96c4704c9b0e63ffc5eea3b6e6

SHA512
e8fa8d5394c22d1c83722c90feceb2baa8287a41cf3e0da661c135e6a73455ff613a28823dbb555fdd00fc9e5af05b46c839dee2623a10ccab05c067218e3085

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\permissions.sqlite

Filesize
96KB

MD5
15cfee97c63f513fa2864e87fc71323d

SHA1
bc721dcfe0f2eecf26ca0ab8e659de432cbe0c97

SHA256
b40c85ccae8eca369304871244638541d10e2778a255a0312ae3d2c4b37f01b6

SHA512
f7e7c95806f98ba9b37f83d17766c6e8bddb560be00b7a8b69e5f13e0765712644b5e292c42b8273fa96d94be482b56770ab334d366bf5e589e9d33b98ecf868

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\places.sqlite

Filesize
5.0MB

MD5
f5def6d3e69ab98c158b7a98e69fc573

SHA1
ce25604254ee2b21e72a8296e93ceaa5781ba8f1

SHA256
6ac192f927c32c909b19ba3cbe622ff9665c04178801ca32600a9bdb43a26561

SHA512
72e32a92255d5a5a9c64c62d42cc82fb060a4555f034ca975f7d51800bc983412cd495b61945b75f156a8ef052705612031c4520ed774369460eba528d3e95fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\places.sqlite

Filesize
5.0MB

MD5
ac710b2a80c3cb1418a3aa8f8a96dff6

SHA1
17f5fe531780c250debb42b017c17d865b55f92e

SHA256
9781d2847316425d8a1dca22c044042f9d2dc3a9e75a1bd7538f22321bb4027a

SHA512
402068fd0244f2d6c6734e21f4cdf106ee937b3f41f56d0c2b5bd1ac46f48c898174e702116069f723c8a2a26a41f4e87840ed9f60229e31982607b87155e0c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
13KB

MD5
37c206e42e27ec8e8d9a6d3abe16c7ab

SHA1
1dc520bdd96804be839a1cb035b10aea5ba54147

SHA256
e4067e29b1bd06187345f6ccea796092ca7721ea7b00f238966859aef621f0d8

SHA512
aa55d8884c0565ed74ced0d656f447bdc98bebd854da0fcc5987f8b2505c0b990b7fbf6604a22ac499c9e94dcbb454ece54558b0a085324255da9b604f17bd6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
12KB

MD5
ab2bb33e40a372250a4b3ad8e207f138

SHA1
2076f64550920cee649e2eab259ed303dde125e2

SHA256
7ac991d002dcaa69e64921590a3896018fb82fd1aa0ee75ee2d079d63b173bcf

SHA512
824d0c37e7d995657957c3879b151c3140390a089b1c5efe59d53376ed383556efc14459ad720763082028623e51019c1a452852488ec1fe44bc12bf1e43e367

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
11KB

MD5
bbdfa215f26bc0019971103c1191e037

SHA1
533093cc1d84331f7095d09917dd3790c445d7be

SHA256
9374e14abf91745a86f6bba02bd08f43364592d6432e82c5673554a23fca116c

SHA512
01a03307a6ca666120d34d5d32b762a0562023f5924351f65c644fd770d4c77884a5aa75d233d8f3f6d793b6a6033de087509986b142594dad83cf0fb649db07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
13KB

MD5
6516e90d3af6862a07fd3cb93c84fa48

SHA1
667a71d316f0c6098b69ba7167ffb5deb4fd0b4d

SHA256
44e91bde19b7b3e2b624716e708115c6686bf3ac80467018940ccb87de7b3930

SHA512
88593cf8f197807e17878c852e53b601c56bee6a5e70e5d45dfdbf83285d336db44efb11f8fe7e4b82e5b89a7ca6c97954794d63dd51ee58eb2e967bef1ea351

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
13KB

MD5
fa4ff47a2352a8c7eae1e27b32a42133

SHA1
584915547ffa22ecc9693cbf31da9395d07a9939

SHA256
d9ed46137ebf242a9a376e75dfa93b114e43504b34d5d72d960f6fd9c730418b

SHA512
beb5e5fdfabce4fe0ebb411a68471114dc25719156fce1e0655428dfa396686eff54eb891371a577c9647c590a8145e74463f77e5ef3be42ecca9b65dca6c39d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs.js

Filesize
8KB

MD5
6ad2ddc76cc6b153bc072845f303b8d3

SHA1
16d528bdc56360336c57244269e628d56e014995

SHA256
c401c7c8b2c21600024d832bcae28a3f86bf4090443adf085e29db6f38db02c6

SHA512
19d8ab08c1f0e9db88e8b5f8998c8ba2e144660f44ecb2af0a54b0da119ead9a76e262d2e9c24b04483942567aaf58fd736bac1ddce153c51ebd0e03cd2a4f33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs.js

Filesize
13KB

MD5
e96f8da9f8d6212ba65c51ffa5792e75

SHA1
e7ad89c43adbb8f05683c1babe4d456cd53c1f75

SHA256
ac824849dad0a870ce48ac71530bc988412ca5dd95fe7f26f3209cc83fa364f6

SHA512
9e6380508f1c4054e7b339c8cbc5622f94ec159118c8e69054432a2d12a8c5404d3eba1be05957a66cc2113f9e143118e519af8145f7c220d2cdccf86fc8df19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionCheckpoints.json

Filesize
228B

MD5
66bdbb6de2094027600e5df8fbbf28f4

SHA1
ce033f719ebce89ac8e5c6f0c9fed58c52eca985

SHA256
df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc

SHA512
18782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
6b77a9f779399e95d1cee931a2c8f8ff

SHA1
826efd4feb0d50fcce5696111af7c811b81adcd9

SHA256
3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

SHA512
ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
8d11cedd9adaf115a21161e256b7f6d4

SHA1
703072978dd07e3cf6df613280cb4e03772f256c

SHA256
4fbe4544325d203752b01adf26c8bd7db621af64794a9ac2ea2491af5c65df4e

SHA512
27fd47017bf5a754b97cdad80bd9da04931548c030b6f48cab8ba4b5f9b95c49a2c5e22293ff96aea6559677bea7a90950f9706980a717a0d72d066f9dba6a42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
7e9c5173915c98a71337aae1844376cf

SHA1
00611a64254ada95d0de28fdc71546d3f13366e4

SHA256
a5ca21930b74149aab832e950db31f61d5cd6546ab1fcecf4a262fafa599cd62

SHA512
2203d649967da9d12b8fd47be53615e9a5894be2ed68cc67c16d350741b34f4db215503842d993aa49533c59b9fce30bcbb474e5ab791941c37f95c84e53d2bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
c4f1481dfe61152f64fd6ecbb9d340c9

SHA1
73cd8e06a13ed9e25b7bb9fa1c2e61a6e17208d6

SHA256
bd72200320552db7a5b11fc7fd96b4dd8d9461cd2e4c24795b135fbac4f12531

SHA512
b1d1e346f02374bd261c1358b8af4bfc337e1f27ae0f2de1d7496948e7c66899ee6b557c4c79bc567865d687e25b905d203a3560eec3ea8f684287a2a8859774

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
4196805ad3144376a263ec27bc134f49

SHA1
c03e8de17aeef022fa65008386bdfaf204466f90

SHA256
0d77e93f31d2bd6d48bc2356d845a2d3e0fb31a815555ceda22b6ce23bf78ec4

SHA512
e4b2f758f2aee732aa8a531e61c9f585dd5f2215c9d8cf10cd753af0b3c7a6c8aca9b6635d5f9a9c4ed0e3be5ed3df4463af37c320580e9c6a21cac1326b072c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
d0b2fb6560dda26080c579e2c73ac34b

SHA1
0f07b695d0b390236b614780c6c9dc177b556b15

SHA256
1483249c0627012009725874a8840a7ebee609ce59b6bb82e035992c4d3e15de

SHA512
8fe8f6d40ac6bd6892bc1205ada36b3f0fc4506b38217c231b86027e349da506d0e8f36c7cb5edbd42353a4cd8c58dba16707d85ce442b8e53486828898a47f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
e2e6f45ec84ec9ded15be4d1f02dce36

SHA1
a73c86d3ed23a09e638806fe68aed79a864a6554

SHA256
c2fccb07d73a1ca96b41d3a1bebb890e6b4112f221234c0a8e4348495f461cbe

SHA512
64038f87858ec69bccda5cd64eddade3c062368f2462caf34e5316980f894f474a8f4200b4ea4317c4d9bc32845403dbb1cc3f5ce9ecd95cc4d80af656a74150

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
efc7cb2f5860b92eeb68ef602a5512ae

SHA1
36ac12796481ea5bcb1589bf2e5b23f086fb1632

SHA256
7a96adc378719736f860df87078cb30942973a669a1db3bb20ccbf1ea12092e1

SHA512
da23b627f1737451e2a87196b8d12d90b3fc0841bbb05a67930ba1f4b4bbab84236938de4ade5dd956af766464ffdd29f84531549fd1fa2dca057cf8386a6c1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
bf8079c7bb340a2467fa9869e7e000a1

SHA1
167fe272c333ace6639a6eb561d07fb7051b3036

SHA256
57911c9e0e9f303da0cfa8fd23ad0bf95d5e3f49993ca4c5e0c1492c72844472

SHA512
e04e03dde8cb8a160c87d8886f33f5ff9794f3033faee824fd5bbb531432d1f756925c6181e0b12b4bd1dd073b692c73a96fab33712d4e81d7e7001994894366

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
e1cac93b3432b40051255258bfd87f70

SHA1
f7493404c141bb9c51d6479693ab5f2f74989075

SHA256
eff12f1ea75c1b169995626da586d629770b42622f44f5ad0aefa44a8ea7831b

SHA512
d90f29223d357d506a411c89621b3e1606ffc3bd2c133b4c6e1639b32c7c8e1537f7d5fd179636b08dd644635c13be0252401b658f958089e1fe3c7f22f81fae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
633ed1d3f0d8ef95d42da51db2d6681c

SHA1
d3f0d90b12765d8be3eef6c58a443eb746e37df0

SHA256
327c249836498427eb217ec387f6b38a233c31a0218adfac0c946c05dffdae7b

SHA512
f6b3d88680fd4f5807a00b106aac9e2b6bea304273ce3931f700ab9108628d9be5cefad57f0c85c305cb5a16aa49846913f9354b4fef885a696e73630ba06741

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
5efb01ff88cc235e2895c9a206555a66

SHA1
46adcfcb761f3136f64c966fdacb3aa660229b74

SHA256
956e96989726682ac46f3b0cfde795b698025c5cca0396224e8342a06ddf7c04

SHA512
5d0e42e3aea5a6cc90e1e1a9633e0d580a4582aa4330f7f1c1f64f87dbc07fb38d9cd7060f33bf87e5fa4975153543df0ccd8436d3e3937dd5f6c764aea44ea5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\storage.sqlite

Filesize
4KB

MD5
8f1a7eb7163d79a91615ef4f58ce99d5

SHA1
8e1bab699d9063b7f6f4caf8336b438e02052bfc

SHA256
3941d734d6bd21903897f77ed17376bf5d12e7df8fa048c894cc5d946b8dda4a

SHA512
ac04ad0125aacb818c539a8073b166e0bc0504f498cd4310c844f89bbba3a3c617617cbc23867df1a7b847f25c345df1054dbd646754e8a82423d88a7558540b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
ae769333e56270e4561e6fcb95d30d28

SHA1
20d7973328f89180bc7d024db25e2c38a811088d

SHA256
71c2442f430e35f883648cfe2a27293e9f4a99c2699fa6805b41cc1ad89d01ad

SHA512
5151a240103b7b04faf3a792c5be1061b58c895f7073fe6e367a29385414305d05343cfdc7607c5aa5d91cf8f0ca108a8202257848506b413416474d8064b065

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
1959a9b3827b7dc41947e80483b51ca7

SHA1
ef11374a7d6ccf3855fc7eca558e7c3671961acf

SHA256
885a2957334d532a6838476f380992ee7108560e22b87d8ea6bf39489f74cdd7

SHA512
cd2b73196f7b63a0a8993281a354e4c504f452b9e540de0d23a9a9a724c7d2640a3e2e89e00c7e4f3e371edb64860cb307def7d1baca1a48103c4c8734946e30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
c06f416cc49341e627847703a4946dcf

SHA1
bbd4441a0bf2d63655fb37ab2a0d1b16f84c494a

SHA256
11542ac4beacb2a89280a94bad1a58289a3684d6342e8fc3855e51159b69b838

SHA512
d5deb3754d95aaf3ee986f2747c331b1ffc05abdee46e9b571642426c28d03f8ee9ae77e89acc1f8bf8194db6f83a2f80a2bcca06ad9cab0c88977e84bf1813c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\xulstore.json

Filesize
499B

MD5
de9826d2ae8880d007569c854ae83f57

SHA1
0173e40850073852cfc83510489864f917ffb726

SHA256
da247985d4bd632f56a53a8ed62683c13f1f0ea12d572c4aae1cd7b42c2e446c

SHA512
2e5bfbd4fdbb35de9ff83bd5edc3197a40787ae9d6499791ffc42a7c1324afb68924440110bf1efbbd50e7aefd3a2c540488434ef4f2daaf05e2c10688950b68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\xulstore.json

Filesize
342B

MD5
73c59ebb38a009652fcd2e1582bd82c2

SHA1
7c34093eab0c4dc05c75a23db8dd5a5b7ac08d08

SHA256
fce696c64b569fecfa52ecf758b6419db3944cc7ad8c98e0f5996d785689df07

SHA512
2ca6c971e6ecb12c0a413010526b6fe96a8003bf84cb3d43e0a2651f0b924fcb3dbddea3e12636bca454ee10582f7d8e1f6360270a2f295a845492d464c2f291

Download Submit
C:\Users\Admin\Downloads\7z2407-x64.Q-N8WezT.exe.part

Filesize
1.5MB

MD5
f1320bd826092e99fcec85cc96a29791

SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

Download Submit
C:\Users\Admin\Downloads\p-5vn_V_.7z.part

Filesize
18KB

MD5
d2cb69e5d03e5870167a06d93329abd7

SHA1
2a424c8a83089cba8df5122656756409463b0a1b

SHA256
0ccce65290f211bd6c32d4b62267149387be9061a66aaf895e605f44c11501d3

SHA512
089e92ec5d9249fd856f1380c0578cebed9a7d1b78bc371674ad101ff7e8844322a6453b495fd4a7d403451ede7da65bbd734484c4dfcdeb9c01fd5103889e56

Download Submit
memory/2740-2060-0x0000000000730000-0x0000000000742000-memory.dmp

Filesize
72KB

Download
memory/2740-2061-0x00000000050C0000-0x0000000005126000-memory.dmp

Filesize
408KB

Download
memory/2740-2062-0x00000000055A0000-0x000000000563C000-memory.dmp

Filesize
624KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response